History.md 53.7 KB
Newer Older
1 2 3
2.x
===

4 5 6 7
  * deps: body-parser@~1.9.0
    - include the charset in "unsupported charset" error message
    - include the encoding in "unsupported content encoding" error message
    - deps: depd@~1.0.0
8 9
  * deps: compression@~1.2.0
    - deps: debug@~2.1.0
10 11 12
  * deps: connect-timeout@~1.4.0
    - Create errors with `http-errors`
    - deps: debug@~2.1.0
13 14
  * deps: debug@~2.1.0
    - Implement `DEBUG_FD` env variable support
15
  * deps: depd@~1.0.0
16
  * deps: finalhandler@0.3.1
17 18
    - Terminate in progress response only on error
    - Use `on-finished` to determine request status
19
    - deps: debug@~2.1.0
20 21
  * deps: method-override@~2.3.0
    - deps: debug@~2.1.0
22 23 24
  * deps: morgan@~1.4.0
    - Add `debug` messages
    - deps: depd@~1.0.0
25 26 27 28 29
  * deps: response-time@~2.2.0
    - Add `header` option for custom header name
    - Add `suffix` option
    - Change `digits` argument to an `options` argument
    - deps: depd@~1.0.0
30 31
  * deps: serve-favicon@~2.1.6
    - deps: etag@~1.5.0
32
  * deps: serve-index@~1.4.1
33 34 35 36 37
    - Add `dir` argument to `filter` function
    - Add icon for mkv files
    - Fix incorrect 403 on Windows and Node.js 0.11
    - Lookup icon by mime type for greater icon support
    - Support using tokens multiple times
38
    - deps: accepts@~1.1.2
39 40
  * deps: serve-static@~1.7.0
    - deps: send@0.10.0
41

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
42 43
2.26.6 / 2014-10-15
===================
44

45 46 47
  * deps: compression@~1.1.2
    - deps: accepts@~1.1.2
    - deps: compressible@~2.0.1
48 49 50
  * deps: csurf@~1.6.2
    - bump http-errors
    - fix cookie name when using `cookie: true`
51 52 53
  * deps: errorhandler@~1.2.2
    - deps: accepts@~1.1.2

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
54 55
2.26.5 / 2014-10-08
===================
56

57
  * Fix accepting non-object arguments to `logger`
58 59 60
  * deps: serve-static@~1.6.4
    - Fix redirect loop when index file serving disabled

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
61 62
2.26.4 / 2014-10-02
===================
63 64 65

  * deps: morgan@~1.3.2
    - Fix `req.ip` integration when `immediate: false`
66 67
  * deps: type-is@~1.5.2
    - deps: mime-types@~2.0.2
68

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
69 70
2.26.3 / 2014-09-24
===================
71

72 73
  * deps: body-parser@~1.8.4
    - fix content encoding to be case-insensitive
74 75
  * deps: serve-favicon@~2.1.5
    - deps: etag@~1.4.0
76 77
  * deps: serve-static@~1.6.3
    - deps: send@0.9.3
78

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
79 80
2.26.2 / 2014-09-19
===================
81 82 83

  * deps: body-parser@~1.8.3
    - deps: qs@2.2.4
84 85
  * deps: qs@2.2.4
    - Fix issue with object keys starting with numbers truncated
86

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
87 88
2.26.1 / 2014-09-15
===================
89

90 91
  * deps: body-parser@~1.8.2
    - deps: depd@0.4.5
92
  * deps: depd@0.4.5
93 94 95
  * deps: express-session@~1.8.2
    - Use `crc` instead of `buffer-crc32` for speed
    - deps: depd@0.4.5
96 97 98
  * deps: morgan@~1.3.1
    - Remove un-used `bytes` dependency
    - deps: depd@0.4.5
99
  * deps: serve-favicon@~2.1.4
100 101
    - Fix content headers being sent in 304 response
    - deps: etag@~1.3.1
102 103
  * deps: serve-static@~1.6.2
    - deps: send@0.9.2
104

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
105 106
2.26.0 / 2014-09-08
===================
107

108
  * deps: body-parser@~1.8.1
109 110 111 112
    - add `parameterLimit` option to `urlencoded` parser
    - change `urlencoded` extended array limit to 100
    - make empty-body-handling consistent between chunked requests
    - respond with 415 when over `parameterLimit` in `urlencoded`
113
    - deps: media-typer@0.3.0
114
    - deps: qs@2.2.3
115
    - deps: type-is@~1.5.1
116 117 118 119
  * deps: compression@~1.1.0
    - deps: accepts@~1.1.0
    - deps: compressible@~2.0.0
    - deps: debug@~2.0.0
120 121
  * deps: connect-timeout@~1.3.0
    - deps: debug@~2.0.0
122 123
  * deps: cookie-parser@~1.3.3
    - deps: cookie-signature@1.0.5
124
  * deps: cookie-signature@1.0.5
125 126 127 128 129
  * deps: csurf@~1.6.1
    - add `ignoreMethods` option
    - bump cookie-signature
    - csrf-tokens -> csrf
    - set `code` property on CSRF token errors
130
  * deps: debug@~2.0.0
131 132 133
  * deps: errorhandler@~1.2.0
    - Display error using `util.inspect` if no other representation
    - deps: accepts@~1.1.0
134
  * deps: express-session@~1.8.1
135
    - Do not resave already-saved session at end of request
136
    - Prevent session prototype methods from being overwritten
137 138
    - deps: cookie-signature@1.0.5
    - deps: debug@~2.0.0
139 140 141
  * deps: finalhandler@0.2.0
    - Set `X-Content-Type-Options: nosniff` header
    - deps: debug@~2.0.0
142
  * deps: fresh@0.2.4
143 144
  * deps: media-typer@0.3.0
    - Throw error when parameter format invalid on parse
145 146
  * deps: method-override@~2.2.0
    - deps: debug@~2.0.0
147 148
  * deps: morgan@~1.3.0
    - Assert if `format` is not a function or string
149 150
  * deps: qs@2.2.3
    - Fix issue where first empty value in array is discarded
151
  * deps: serve-favicon@~2.1.3
152 153
    - Accept string for `maxAge` (converted by `ms`)
    - Use `etag` to generate `ETag` header
154
    - deps: fresh@0.2.4
155 156 157 158
  * deps: serve-index@~1.2.1
    - Add `debug` messages
    - Resolve relative paths at middleware setup
    - deps: accepts@~1.1.0
159
  * deps: serve-static@~1.6.1
160
    - Add `lastModified` option
161
    - deps: send@0.9.1
162
  * deps: type-is@~1.5.1
163
    - fix `hasbody` to be true for `content-length: 0`
164 165
    - deps: media-typer@0.3.0
    - deps: mime-types@~2.0.1
166
  * deps: vhost@~3.0.0
167

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
168 169
2.25.10 / 2014-09-04
====================
170 171 172 173

  * deps: serve-static@~1.5.4
    - deps: send@0.8.5

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
174 175
2.25.9 / 2014-08-29
===================
176

177 178
  * deps: body-parser@~1.6.7
    - deps: qs@2.2.2
179 180
  * deps: qs@2.2.2

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
181 182
2.25.8 / 2014-08-27
===================
183

184 185
  * deps: body-parser@~1.6.6
    - deps: qs@2.2.0
186
  * deps: csurf@~1.4.1
187 188 189
  * deps: qs@2.2.0
    - Array parsing fix
    - Performance improvements
190

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
191 192
2.25.7 / 2014-08-18
===================
193 194 195

  * deps: body-parser@~1.6.5
    - deps: on-finished@2.1.0
196 197
  * deps: express-session@~1.7.6
    - Fix exception on `res.end(null)` calls
198 199
  * deps: morgan@~1.2.3
    - deps: on-finished@2.1.0
200 201
  * deps: serve-static@~1.5.3
    - deps: send@0.8.3
202

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
203 204
2.25.6 / 2014-08-14
===================
205

206 207
  * deps: body-parser@~1.6.4
    - deps: qs@1.2.2
208
  * deps: qs@1.2.2
209 210 211
  * deps: serve-static@~1.5.2
    - deps: send@0.8.2

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
212 213
2.25.5 / 2014-08-11
===================
214 215 216

  * Fix backwards compatibility in `logger`

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
217 218
2.25.4 / 2014-08-10
===================
219 220 221

  * Fix `query` middleware breaking with argument
    - It never really took one in the first place
222 223
  * deps: body-parser@~1.6.3
    - deps: qs@1.2.1
224 225 226
  * deps: compression@~1.0.11
    - deps: on-headers@~1.0.0
    - deps: parseurl@~1.3.0
227 228
  * deps: connect-timeout@~1.2.2
    - deps: on-headers@~1.0.0
229 230 231 232
  * deps: express-session@~1.7.5
    - Fix parsing original URL
    - deps: on-headers@~1.0.0
    - deps: parseurl@~1.3.0
233
  * deps: method-override@~2.1.3
234
  * deps: on-headers@~1.0.0
235
  * deps: parseurl@~1.3.0
236
  * deps: qs@1.2.1
237 238
  * deps: response-time@~2.0.1
    - deps: on-headers@~1.0.0
239 240
  * deps: serve-index@~1.1.6
    - Fix URL parsing
241 242 243 244
  * deps: serve-static@~1.5.1
    - Fix parsing of weird `req.originalUrl` values
    - deps: parseurl@~1.3.0
    = deps: utils-merge@1.0.0
245

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
246 247
2.25.3 / 2014-08-07
===================
248 249 250 251

  * deps: multiparty@3.3.2
    - Fix potential double-callback

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
252 253
2.25.2 / 2014-08-07
===================
254

255 256
  * deps: body-parser@~1.6.2
    - deps: qs@1.2.0
257 258 259
  * deps: qs@1.2.0
    - Fix parsing array of objects

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
260 261
2.25.1 / 2014-08-06
===================
262 263 264

  * deps: body-parser@~1.6.1
    - deps: qs@1.1.0
265 266 267
  * deps: qs@1.1.0
    - Accept urlencoded square brackets
    - Accept empty values in implicit array notation
268

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
269 270
2.25.0 / 2014-08-05
===================
271

272 273
  * deps: body-parser@~1.6.0
    - deps: qs@1.0.2
274 275 276
  * deps: compression@~1.0.10
    - Fix upper-case Content-Type characters prevent compression
    - deps: compressible@~1.1.1
277 278 279
  * deps: csurf@~1.4.0
    - Support changing `req.session` after `csurf` middleware
    - Calling `res.csrfToken()` after `req.session.destroy()` will now work
280 281 282
  * deps: express-session@~1.7.4
    - Fix `res.end` patch to call correct upstream `res.write`
    - Fix response end delay for non-chunked responses
283 284 285 286 287
  * deps: qs@1.0.2
    - Complete rewrite
    - Limits array length to 20
    - Limits object depth to 5
    - Limits parameters to 1,000
288 289 290
  * deps: serve-static@~1.5.0
    - Add `extensions` option
    - deps: send@0.8.1
291

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
292 293
2.24.3 / 2014-08-04
===================
294

295 296 297
  * deps: serve-index@~1.1.5
    - Fix Content-Length calculation for multi-byte file names
    - deps: accepts@~1.0.7
298 299 300 301
  * deps: serve-static@~1.4.4
    - Fix incorrect 403 on Windows and Node.js 0.11
    - deps: send@0.7.4

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
302 303
2.24.2 / 2014-07-27
===================
304

305
  * deps: body-parser@~1.5.2
306 307
  * deps: depd@0.4.4
    - Work-around v8 generating empty stack traces
308
  * deps: express-session@~1.7.2
309
  * deps: morgan@~1.2.2
310
  * deps: serve-static@~1.4.2
311

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
312 313
2.24.1 / 2014-07-26
===================
314

315
  * deps: body-parser@~1.5.1
316 317
  * deps: depd@0.4.3
    - Fix exception when global `Error.stackTraceLimit` is too low
318
  * deps: express-session@~1.7.1
319
  * deps: morgan@~1.2.1
320
  * deps: serve-index@~1.1.4
321
  * deps: serve-static@~1.4.1
322

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
323 324
2.24.0 / 2014-07-22
===================
325

326 327 328 329
  * deps: body-parser@~1.5.0
    - deps: depd@0.4.2
    - deps: iconv-lite@0.4.4
    - deps: raw-body@1.3.0
330
    - deps: type-is@~1.3.2
331 332 333
  * deps: compression@~1.0.9
    - Add `debug` messages
    - deps: accepts@~1.0.7
334
  * deps: connect-timeout@~1.2.1
335
    - Accept string for `time` (converted by `ms`)
336
    - deps: debug@1.0.4
337
  * deps: debug@1.0.4
338 339 340 341 342
  * deps: depd@0.4.2
    - Add `TRACE_DEPRECATION` environment variable
    - Remove non-standard grey color from color output
    - Support `--no-deprecation` argument
    - Support `--trace-deprecation` argument
343 344 345 346
  * deps: express-session@~1.7.0
    - Improve session-ending error handling
    - deps: debug@1.0.4
    - deps: depd@0.4.2
347 348 349
  * deps: finalhandler@0.1.0
    - Respond after request fully read
    - deps: debug@1.0.4
350 351 352
  * deps: method-override@~2.1.2
    - deps: debug@1.0.4
    - deps: parseurl@~1.2.0
353 354 355 356 357
  * deps: morgan@~1.2.0
    - Add `:remote-user` token
    - Add `combined` log format
    - Add `common` log format
    - Remove non-standard grey color from `dev` format
358
  * deps: multiparty@3.3.1
359 360 361 362
  * deps: parseurl@~1.2.0
    - Cache URLs based on original value
    - Remove no-longer-needed URL mis-parse work-around
    - Simplify the "fast-path" `RegExp`
363 364 365 366
  * deps: serve-static@~1.4.0
    - Add `dotfiles` option
    - deps: parseurl@~1.2.0
    - deps: send@0.7.0
367

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
368 369
2.23.0 / 2014-07-10
===================
370

371 372
  * deps: debug@1.0.3
    - Add support for multiple wildcards in namespaces
373
  * deps: express-session@~1.6.4
374 375 376 377
  * deps: method-override@~2.1.0
    - add simple debug output
    - deps: methods@1.1.0
    - deps: parseurl@~1.1.3
378 379
  * deps: parseurl@~1.1.3
    - faster parsing of href-only URLs
380 381
  * deps: serve-static@~1.3.1
    - deps: parseurl@~1.1.3
382

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
383 384
2.22.0 / 2014-07-03
===================
385

386 387
  * deps: csurf@~1.3.0
    - Fix `cookie.signed` option to actually sign cookie
388 389 390 391
  * deps: express-session@~1.6.1
    - Fix `res.end` patch to return correct value
    - Fix `res.end` patch to handle multiple `res.end` calls
    - Reject cookies with missing signatures
392 393 394
  * deps: multiparty@3.3.0
    - Always emit close after all parts ended
    - Fix callback hang in node.js 0.8 on errors
395 396 397 398 399
  * deps: serve-static@~1.3.0
    - Accept string for `maxAge` (converted by `ms`)
    - Add `setHeaders` option
    - Include HTML link in redirect response
    - deps: send@0.5.0
400

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
401 402
2.21.1 / 2014-06-26
===================
403

404 405
  * deps: cookie-parser@1.3.2
    - deps: cookie-signature@1.0.4
406 407
  * deps: cookie-signature@1.0.4
    - fix for timing attacks
408 409
  * deps: express-session@~1.5.2
    - deps: cookie-signature@1.0.4
410 411
  * deps: type-is@~1.3.2
    - more mime types
412

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
413 414
2.21.0 / 2014-06-20
===================
415

416
  * deprecate `connect(middleware)` -- use `app.use(middleware)` instead
417
  * deprecate `connect.createServer()` -- use `connect()` instead
418
  * fix `res.setHeader()` patch to work with get -> append -> set pattern
419
  * deps: compression@~1.0.8
420
  * deps: errorhandler@~1.1.1
421 422 423 424 425 426
  * deps: express-session@~1.5.0
    - Deprecate integration with `cookie-parser` middleware
    - Deprecate looking for secret in `req.secret`
    - Directly read cookies; `cookie-parser` no longer required
    - Directly set cookies; `res.cookie` no longer required
    - Generate session IDs with `uid-safe`, faster and even less collisions
427
  * deps: serve-index@~1.1.3
428

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
429 430
2.20.2 / 2014-06-19
===================
431 432 433 434

  * deps: body-parser@1.4.3
    - deps: type-is@1.3.1

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
435 436
2.20.1 / 2014-06-19
===================
437 438 439 440

  * deps: type-is@1.3.1
    - fix global variable leak

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
441 442
2.20.0 / 2014-06-19
===================
443

444 445
  * deprecate `verify` option to `json` -- use `body-parser` npm module instead
  * deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
446
  * deprecate things with `depd` module
447
  * use `finalhandler` for final response handling
448
  * use `media-typer` to parse `content-type` for charset
449
  * deps: body-parser@1.4.2
450 451 452 453 454 455 456
    - check accepted charset in content-type (accepts utf-8)
    - check accepted encoding in content-encoding (accepts identity)
    - deprecate `urlencoded()` without provided `extended` option
    - lazy-load urlencoded parsers
    - support gzip and deflate bodies
    - set `inflate: false` to turn off
    - deps: raw-body@1.2.2
457
    - deps: type-is@1.3.0
458
    - Support all encodings from `iconv-lite`
459 460
  * deps: connect-timeout@1.1.1
    - deps: debug@1.0.2
461 462 463 464
  * deps: cookie-parser@1.3.1
    - export parsing functions
    - `req.cookies` and `req.signedCookies` are now plain objects
    - slightly faster parsing of many cookies
465
  * deps: csurf@1.2.2
466 467 468 469 470 471 472
  * deps: errorhandler@1.1.0
    - Display error on console formatted like `throw`
    - Escape HTML in stack trace
    - Escape HTML in title
    - Fix up edge cases with error sent in response
    - Set `X-Content-Type-Options: nosniff` header
    - Use accepts for negotiation
473 474 475 476 477
  * deps: express-session@1.4.0
    - Add `genid` option to generate custom session IDs
    - Add `saveUninitialized` option to control saving uninitialized sessions
    - Add `unset` option to control unsetting `req.session`
    - Generate session IDs with `rand-token` by default; reduce collisions
478
    - Integrate with express "trust proxy" by default
479
    - deps: buffer-crc32@0.2.3
480
    - deps: debug@1.0.2
481
  * deps: multiparty@3.2.9
482 483
  * deps: serve-index@1.1.2
    - deps: batch@0.5.1
484 485
  * deps: type-is@1.3.0
    - improve type parsing
486 487 488 489
  * deps: vhost@2.0.0
    - Accept `RegExp` object for `hostname`
    - Provide `req.vhost` object
    - Support IPv6 literal in `Host` header
490

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
491 492
2.19.6 / 2014-06-11
===================
493

494 495
  * deps: body-parser@1.3.1
    - deps: type-is@1.2.1
496 497 498 499
  * deps: compression@1.0.7
    - use vary module for better `Vary` behavior
    - deps: accepts@1.0.3
    - deps: compressible@1.1.0
500
  * deps: debug@1.0.2
501 502
  * deps: serve-index@1.1.1
    - deps: accepts@1.0.3
503 504 505
  * deps: serve-static@1.2.3
    - Do not throw un-catchable error on file open race condition
    - deps: send@0.4.3
506

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
507 508
2.19.5 / 2014-06-09
===================
509 510 511

  * deps: csurf@1.2.1
    - refactor to use csrf-tokens@~1.0.2
512
  * deps: debug@1.0.1
513 514 515
  * deps: serve-static@1.2.2
    - fix "event emitter leak" warnings
    - deps: send@0.4.2
516 517
  * deps: type-is@1.2.1
    - Switch dependency from `mime` to `mime-types@1.0.0`
518

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
519 520
2.19.4 / 2014-06-05
===================
521

522
  * deps: errorhandler@1.0.2
523
    - Pass on errors from reading error files
524 525
  * deps: method-override@2.0.2
    - use vary module for better `Vary` behavior
526 527 528
  * deps: serve-favicon@2.0.1
    - Reduce byte size of `ETag` header

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
529 530
2.19.3 / 2014-06-03
===================
531 532 533 534 535 536

  * deps: compression@1.0.6
    - fix listeners for delayed stream creation
    - fix regression for certain `stream.pipe(res)` situations
    - fix regression when negotiation fails

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
537 538
2.19.2 / 2014-06-03
===================
539 540 541 542 543 544

  * deps: compression@1.0.4
    - fix adding `Vary` when value stored as array
    - fix back-pressure behavior
    - fix length check for `res.end`

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
545 546
2.19.1 / 2014-06-02
===================
547 548 549

  * fix deprecated `utils.escape`

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
550 551
2.19.0 / 2014-06-02
===================
552

553
  * deprecate `methodOverride()` -- use `method-override` npm module instead
554 555
  * deps: body-parser@1.3.0
    - add `extended` option to urlencoded parser
556
  * deps: method-override@2.0.1
557
    - set `Vary` header
558
    - deps: methods@1.0.1
559
  * deps: multiparty@3.2.8
560 561 562 563 564
  * deps: response-time@2.0.0
    - add `digits` argument
    - do not override existing `X-Response-Time` header
    - timer not subject to clock drift
    - timer resolution down to nanoseconds
565 566 567 568
  * deps: serve-static@1.2.1
    - send max-age in Cache-Control in correct format
    - use `escape-html` for escaping
    - deps: send@0.4.1
569

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
570 571
2.18.0 / 2014-05-29
===================
572

573
  * deps: compression@1.0.3
574
  * deps: serve-index@1.1.0
575 576 577 578 579
    - Fix content negotiation when no `Accept` header
    - Properly support all HTTP methods
    - Support vanilla node.js http servers
    - Treat `ENAMETOOLONG` as code 414
    - Use accepts for negotiation
580 581 582 583 584 585 586
  * deps: serve-static@1.2.0
    - Calculate ETag with md5 for reduced collisions
    - Fix wrong behavior when index file matches directory
    - Ignore stream errors after request ends
    - Skip directories in index file search
    - deps: send@0.4.0

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
587 588
2.17.3 / 2014-05-27
===================
589 590 591 592

  * deps: express-session@1.2.1
    - Fix `resave` such that `resave: true` works

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
593 594
2.17.2 / 2014-05-27
===================
595

596
  * deps: body-parser@1.2.2
597
    - invoke `next(err)` after request fully read
598
    - deps: raw-body@1.1.6
599 600 601 602
  * deps: method-override@1.0.2
    - Handle `req.body` key referencing array or object
    - Handle multiple HTTP headers

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
603 604
2.17.1 / 2014-05-21
===================
605 606 607

  * fix `res.charset` appending charset when `content-type` has one

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
608 609
2.17.0 / 2014-05-20
===================
610

611 612
  * deps: express-session@1.2.0
    - Add `resave` option to control saving unmodified sessions
613
  * deps: morgan@1.1.1
614 615 616 617 618 619
    - "dev" format will use same tokens as other formats
    - `:response-time` token is now empty when immediate used
    - `:response-time` token is now monotonic
    - `:response-time` token has precision to 1 μs
    - fix `:status` + immediate output in node.js 0.8
    - improve `buffer` option to prevent indefinite event loop holding
620
    - simplify method to get remote address
621
    - deps: bytes@1.0.0
622 623
  * deps: serve-index@1.0.3
    - Fix error from non-statable files in HTML view
624

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
625 626
2.16.2 / 2014-05-18
===================
627

628
  * fix edge-case in `res.appendHeader` that would append in wrong order
629 630
  * deps: method-override@1.0.1

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
631 632
2.16.1 / 2014-05-17
===================
633 634 635

  * remove usages of `res.headerSent` from core

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
636 637
2.16.0 / 2014-05-17
===================
638

639
  * deprecate `res.headerSent` -- use `res.headersSent`
640
  * deprecate `res.on("header")` -- use on-headers module instead
641
  * fix `connect.version` to reflect the actual version
642
  * json: use body-parser
643 644 645
    - add `type` option
    - fix repeated limit parsing with every request
    - improve parser speed
646
  * urlencoded: use body-parser
647 648
    - add `type` option
    - fix repeated limit parsing with every request
649 650
  * dep: bytes@1.0.0
    * add negative support
651 652
  * dep: cookie-parser@1.1.0
    - deps: cookie@0.1.2
653 654
  * dep: csurf@1.2.0
    - add support for double-submit cookie
655 656 657
  * dep: express-session@1.1.0
    - Add `name` option; replacement for `key` option
    - Use `setImmediate` in MemoryStore for node.js >= 0.10
658

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
659 660
2.15.0 / 2014-05-04
===================
661

662
  * Add simple `res.cookie` support
663
  * Add `res.appendHeader`
664
  * Call error stack even when response has been sent
665
  * Patch `res.headerSent` to return Boolean
666
  * Patch `res.headersSent` for node.js 0.8
667
  * Prevent default 404 handler after response sent
668
  * dep: compression@1.0.2
669 670 671
    * support headers given to `res.writeHead`
    * deps: bytes@0.3.0
    * deps: negotiator@0.4.3
672
  * dep: connect-timeout@1.1.0
673 674 675 676
    * Add `req.timedout` property
    * Add `respond` option to constructor
    * Clear timer on socket destroy
    * deps: debug@0.8.1
677
  * dep: debug@^0.8.0
678 679
    * add `enable()` method
    * change from stderr to stdout
680
  * dep: errorhandler@1.0.1
681 682
    * Clean up error CSS
    * Do not respond after headers sent
683
  * dep: express-session@1.0.4
684 685 686 687
    * Remove import of `setImmediate`
    * Use `res.cookie()` instead of `res.setHeader()`
    * deps: cookie@0.1.2
    * deps: debug@0.8.1
688 689 690
  * dep: morgan@1.0.1
    * Make buffer unique per morgan instance
    * deps: bytes@0.3.0
691
  * dep: serve-favicon@2.0.0
692 693 694 695 696 697 698
    * Accept `Buffer` of icon as first argument
    * Non-GET and HEAD requests are denied
    * Send valid max-age value
    * Support conditional requests
    * Support max-age=0
    * Support OPTIONS method
    * Throw if `path` argument is directory
699
  * dep: serve-index@1.0.2
700 701
    * Add stylesheet option
    * deps: negotiator@0.4.3
702

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
703 704
2.14.5 / 2014-04-24
===================
705 706

  * dep: raw-body@1.1.4
707 708
    * allow true as an option
    * deps: bytes@0.3.0
709
  * dep: serve-static@1.1.0
710 711
    * Accept options directly to `send` module
    * deps: send@0.3.0
712

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
713 714
2.14.4 / 2014-04-07
===================
715

716
  * dep: bytes@0.3.0
717
    * added terabyte support
718
  * dep: csurf@1.1.0
719
    * add constant-time string compare
720
  * dep: serve-static@1.0.4
721 722
    * Resolve relative paths at middleware setup
    * Use parseurl to parse the URL from request
723 724
  * fix node.js 0.8 compatibility with memory session

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
725
2.14.3 / 2014-03-18
726 727 728
===================

  * dep: static-favicon@1.0.2
729
    * Fixed content of default icon
730

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
731
2.14.2 / 2014-03-11
732 733 734
===================

  * dep: static-favicon@1.0.1
735
    * Fixed path to default icon
736

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
737
2.14.1 / 2014-03-06
738 739 740
===================

  * dep: fresh@0.2.2
741
    * no real changes
742
  * dep: serve-index@1.0.1
743
    * deps: negotiator@0.4.2
744
  * dep: serve-static@1.0.2
745
    * deps: send@0.2.0
746

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
747
2.14.0 / 2014-03-05
748 749
===================

750
 * basicAuth: use basic-auth-connect
751
 * cookieParser: use cookie-parser
752
 * compress: use compression
753
 * csrf: use csurf
754
 * dep: cookie-signature@1.0.3
755
 * directory: use serve-index
756
 * errorHandler: use errorhandler
757
 * favicon: use static-favicon
758
 * logger: use morgan
759
 * methodOverride: use method-override
760
 * responseTime: use response-time
761
 * session: use express-session
762
 * static: use serve-static
763
 * timeout: use connect-timeout
764
 * vhost: use vhost
765

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
766
2.13.1 / 2014-03-05
767 768 769
===================

 * cookieSession: compare full value rather than crc32
Dav Glass's avatar
Dav Glass committed
770
 * deps: raw-body@1.1.3
771

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
772
2.13.0 / 2014-02-14
773 774
===================

Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
775
 * fix typo in memory store warning #974 @rvagg
776
 * compress: use compressible
Douglas Christopher Wilson's avatar
Douglas Christopher Wilson committed
777 778
 * directory: add template option #990 @gottaloveit @Earl-Brown
 * csrf: prevent deprecated warning with old sessions
779

Jonathan Ong's avatar
Jonathan Ong committed
780 781 782 783 784 785 786 787 788 789
2.12.0 / 2013-12-10
===================

 * bump qs
 * directory: sort folders before files
 * directory: add folder icons
 * directory: de-duplicate icons, details/mobile views #968 @simov
 * errorHandler: end default 404 handler with a newline #972 @rlidwka
 * session: remove long cookie expire check #870 @undoZen

Jonathan Ong's avatar
Jonathan Ong committed
790 791 792 793 794
2.11.2 / 2013-12-01
===================

 * bump raw-body

Jonathan Ong's avatar
Jonathan Ong committed
795
2.11.1 / 2013-11-27
Jonathan Ong's avatar
Jonathan Ong committed
796 797 798 799 800
===================

 * bump raw-body
 * errorHandler: use `res.setHeader()` instead of `res.writeHead()` #949 @lo1tuma

Jonathan Ong's avatar
Jonathan Ong committed
801
2.11.0 / 2013-10-29
Jonathan Ong's avatar
Jonathan Ong committed
802
===================
Jonathan Ong's avatar
Jonathan Ong committed
803 804 805 806 807 808 809 810

 * update bytes
 * update uid2
 * update negotiator
 * sessions: add rolling session option #944 @ilmeo
 * sessions: property set cookies when given FQDN
 * cookieSessions: properly set cookies when given FQDN #948 @bmancini55
 * proto: fix FQDN mounting when multiple handlers #945 @bmancini55
Jonathan Ong's avatar
Jonathan Ong committed
811

Jonathan Ong's avatar
Jonathan Ong committed
812 813
2.10.1 / 2013-10-23
===================
Jonathan Ong's avatar
Jonathan Ong committed
814

Jonathan Ong's avatar
Jonathan Ong committed
815 816
 * fixed; fixed a bug with static middleware at root and trailing slashes #942 (@dougwilson)

Jonathan Ong's avatar
Jonathan Ong committed
817 818
2.10.0 / 2013-10-22
===================
Jonathan Ong's avatar
Jonathan Ong committed
819

Jonathan Ong's avatar
Jonathan Ong committed
820
 * fixed: set headers written by writeHead before emitting 'header'
821 822 823 824
 * fixed: mounted path should ignore querystrings on FQDNs #940 (@dougwilson)
 * fixed: parsing protocol-relative URLs with @ as pathnames #938 (@dougwilson)
 * fixed: fix static directory redirect for mount's root #937 (@dougwilson)
 * fixed: setting set-cookie header when mixing arrays and strings #893 (@anuj123)
Jonathan Ong's avatar
Jonathan Ong committed
825 826 827 828 829
 * bodyParser: optional verify function for urlencoded and json parsers for signing request bodies
 * compress: compress checks content-length to check threshold
 * compress: expose `res.flush()` for flushing responses
 * cookieParser: pass options into node-cookie #803 (@cauldrath)
 * errorHandler: replace `\n`s with `<br/>`s in error handler
830

Jonathan Ong's avatar
Jonathan Ong committed
831 832
2.9.2 / 2013-10-18
==================
Jonathan Ong's avatar
Jonathan Ong committed
833

Jonathan Ong's avatar
Jonathan Ong committed
834 835 836 837 838
 * warn about multiparty and limit middleware deprecation for v3
 * fix fully qualified domain name mounting. #920 (@dougwilson)
 * directory: Fix potential security issue with serving files outside the root. #929 (@dougwilson)
 * logger: store IP at beginning in case socket prematurely closes #930 (@dougwilson)

Jonathan Ong's avatar
Jonathan Ong committed
839 840
2.9.1 / 2013-10-15
==================
Jonathan Ong's avatar
Jonathan Ong committed
841

Jonathan Ong's avatar
Jonathan Ong committed
842 843 844 845 846 847 848 849 850 851 852 853 854 855
 * update multiparty
 * compress: Set vary header only if Content-Type passes filter #904
 * directory: Fix directory middleware URI escaping #917 (@dougwilson)
 * directory: Fix directory seperators for Windows #914 (@dougwilson)
 * directory: Keep query string intact during directory redirect #913 (@dougwilson)
 * directory: Fix paths in links #730 (@JacksonTian)
 * errorHandler: Don't escape text/plain as HTML #875 (@johan)
 * logger: Write '0' instead of '-' when response time is zero #910 (@dougwilson)
 * logger: Log even when connections are aborted #760 (@dylanahsmith)
 * methodOverride: Check req.body is an object #907 (@kbjr)
 * multipart: Add .type back to file parts for backwards compatibility #912 (@dougwilson)
 * multipart: Allow passing options to the Multiparty constructor #902 (@niftylettuce)

2.9.0 / 2013-09-07
TJ Holowaychuk's avatar
TJ Holowaychuk committed
856 857 858 859 860 861
==================

 * multipart: add docs regarding tmpfiles
 * multipart: add .name back to file parts
 * multipart: use multiparty instead of formidable

Jonathan Ong's avatar
Jonathan Ong committed
862
2.8.8 / 2013-09-02
TJ Holowaychuk's avatar
TJ Holowaychuk committed
863 864
==================

Jonathan Ong's avatar
Jonathan Ong committed
865
 * csrf: change to math.random() salt and remove csrfToken() callback
TJ Holowaychuk's avatar
TJ Holowaychuk committed
866

Jonathan Ong's avatar
Jonathan Ong committed
867
2.8.7 / 2013-08-28
TJ Holowaychuk's avatar
TJ Holowaychuk committed
868 869 870 871
==================

 * csrf: prevent salt generation on every request, and add async req.csrfToken(fn)

Jonathan Ong's avatar
Jonathan Ong committed
872
2.8.6 / 2013-08-28
TJ Holowaychuk's avatar
TJ Holowaychuk committed
873 874 875 876 877
==================

 * csrf: refactor to use HMAC tokens (BREACH attack)
 * compress: add compression of SVG and common font files by default.

Jonathan Ong's avatar
Jonathan Ong committed
878
2.8.5 / 2013-08-11
TJ Holowaychuk's avatar
TJ Holowaychuk committed
879 880 881 882 883
==================

 * add: compress Dart source files by default
 * update fresh

Jonathan Ong's avatar
Jonathan Ong committed
884
2.8.4 / 2013-07-08
TJ Holowaychuk's avatar
TJ Holowaychuk committed
885 886 887 888
==================

 * update send

Jonathan Ong's avatar
Jonathan Ong committed
889
2.8.3 / 2013-07-04
TJ Holowaychuk's avatar
TJ Holowaychuk committed
890 891 892 893 894
==================

 * add a name back to static middleware ("staticMiddleware")
 * fix .hasBody() utility to require transfer-encoding or content-length

Jonathan Ong's avatar
Jonathan Ong committed
895
2.8.2 / 2013-07-03
TJ Holowaychuk's avatar
TJ Holowaychuk committed
896 897 898 899 900 901 902
==================

 * update send
 * update cookie dep.
 * add better debug() for middleware
 * add whitelisting of supported methods to methodOverride()

Jonathan Ong's avatar
Jonathan Ong committed
903
2.8.1 / 2013-06-27
TJ Holowaychuk's avatar
TJ Holowaychuk committed
904 905 906 907
==================

 * fix: escape req.method in 404 response

Jonathan Ong's avatar
Jonathan Ong committed
908
2.8.0 / 2013-06-26
TJ Holowaychuk's avatar
TJ Holowaychuk committed
909 910 911 912
==================

 * add `threshold` option to `compress()` to prevent compression of small responses
 * add support for vendor JSON mime types in json()
TJ Holowaychuk's avatar
TJ Holowaychuk committed
913
 * add X-Forwarded-Proto initial https proxy support
TJ Holowaychuk's avatar
TJ Holowaychuk committed
914 915 916 917 918 919
 * change static redirect to 303
 * change octal escape sequences for strict mode
 * change: replace utils.uid() with uid2 lib
 * remove other "static" function name. Fixes #794
 * fix: hasBody() should return false if Content-Length: 0

Jonathan Ong's avatar
Jonathan Ong committed
920
2.7.11 / 2013-06-02
TJ Holowaychuk's avatar
TJ Holowaychuk committed
921 922 923 924
==================

 * update send

TJ Holowaychuk's avatar
TJ Holowaychuk committed
925 926 927 928 929 930 931 932
2.7.10 / 2013-05-21
==================

 * update qs
 * update formidable
 * fix: write/end to noop() when request aborted

2.7.9 / 2013-05-07
TJ Holowaychuk's avatar
TJ Holowaychuk committed
933 934 935 936 937
==================

  * update qs
  * drop support for node < v0.8

TJ Holowaychuk's avatar
TJ Holowaychuk committed
938
2.7.8 / 2013-05-03
TJ Holowaychuk's avatar
TJ Holowaychuk committed
939 940 941 942
==================

  * update qs

TJ Holowaychuk's avatar
TJ Holowaychuk committed
943
2.7.7 / 2013-04-29
TJ Holowaychuk's avatar
TJ Holowaychuk committed
944 945 946 947 948 949 950
==================

  * update qs dependency
  * remove "static" function name. Closes #794
  * update node-formidable
  * update buffer-crc32

TJ Holowaychuk's avatar
TJ Holowaychuk committed
951
2.7.6 / 2013-04-15
TJ Holowaychuk's avatar
TJ Holowaychuk committed
952 953 954 955
==================

  * revert cookie signature which was creating session race conditions

TJ Holowaychuk's avatar
TJ Holowaychuk committed
956
2.7.5 / 2013-04-12
TJ Holowaychuk's avatar
TJ Holowaychuk committed
957 958 959 960 961
==================

  * update cookie-signature
  * limit: do not consume request in node 0.10.x

TJ Holowaychuk's avatar
TJ Holowaychuk committed
962
2.7.4 / 2013-04-01
TJ Holowaychuk's avatar
TJ Holowaychuk committed
963 964 965 966
==================

  * session: add long expires check and prevent excess set-cookie
  * session: add console.error() of session#save() errors
TJ Holowaychuk's avatar
TJ Holowaychuk committed
967

TJ Holowaychuk's avatar
TJ Holowaychuk committed
968 969 970 971 972 973 974 975 976 977 978 979 980
2.7.3 / 2013-02-19
==================

  * add name to compress middleware
  * add appending Accept-Encoding to Vary when set but missing
  * add tests for csrf middleware
  * add 'next' support for connect() server handler
  * change utils.uid() to return url-safe chars. Closes #753
  * fix treating '.' as a regexp in vhost()
  * fix duplicate bytes dep in package.json. Closes #743
  * fix #733 - parse x-forwarded-proto in a more generally compatibly way
  * revert "add support for `next(status[, msg])`"; makes composition hard

TJ Holowaychuk's avatar
TJ Holowaychuk committed
981 982 983 984 985 986 987 988 989 990
2.7.2 / 2013-01-04
==================

  * add support for `next(status[, msg])` back
  * add utf-8 meta tag to support foreign characters in filenames/directories
  * change `timeout()` 408 to 503
  * replace 'node-crc' with 'buffer-crc32', fixes licensing
  * fix directory.html IE support

2.7.1 / 2012-12-05
TJ Holowaychuk's avatar
TJ Holowaychuk committed
991 992 993
==================

  * add directory() tests
TJ Holowaychuk's avatar
TJ Holowaychuk committed
994
  * add support for bodyParser to ignore Content-Type if no body is present (jquery primarily does this poorely)
TJ Holowaychuk's avatar
TJ Holowaychuk committed
995 996
  * fix errorHandler signature

TJ Holowaychuk's avatar
TJ Holowaychuk committed
997
2.7.0 / 2012-11-13
TJ Holowaychuk's avatar
TJ Holowaychuk committed
998 999 1000 1001 1002 1003 1004
==================

  * add support for leading JSON whitespace
  * add logging of `req.ip` when present
  * add basicAuth support for `:`-delimited string
  * update cookie module. Closes #688

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1005
2.6.2 / 2012-11-01
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1006 1007 1008 1009 1010
==================

  * add `debug()` for disconnected session store
  * fix session regeneration bug. Closes #681

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1011
2.6.1 / 2012-10-25
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1012 1013 1014 1015 1016
==================

  * add passing of `connect.timeout()` errors to `next()`
  * replace signature utils with cookie-signature module

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1017
2.6.0 / 2012-10-09
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1018 1019 1020 1021 1022 1023
==================

  * add `defer` option to `multipart()` [Blake Miner]
  * fix mount path case sensitivity. Closes #663
  * fix default of ascii encoding from `logger()`, now utf8. Closes #293

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1024
2.5.0 / 2012-09-27
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1025 1026 1027 1028 1029 1030 1031
==================

  * add `err.status = 400` to multipart() errors
  * add double-encoding protection to `compress()`. Closes #659
  * add graceful handling cookie parsing errors [shtylman]
  * fix typo X-Response-time to X-Response-Time

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1032
2.4.6 / 2012-09-18
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1033 1034 1035 1036
==================

  * update qs

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1037
2.4.5 / 2012-09-03
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1038 1039 1040 1041 1042
==================

  * add session store "connect" / "disconnect" support [louischatriot]
  * fix `:url` log token

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1043
2.4.4 / 2012-08-21
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1044 1045 1046 1047
==================

  * fix `static()` pause regression from "send" integration

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1048
2.4.3 / 2012-08-07
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1049 1050 1051 1052
==================

  * fix `.write()` encoding for zlib inconstancy. Closes #561

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1053
2.4.2 / 2012-07-25
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1054 1055
==================

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1056 1057 1058 1059 1060
  * remove limit default from `urlencoded()`
  * remove limit default from `json()`
  * remove limit default from `multipart()`
  * fix `cookieSession()` clear cookie path / domain bug. Closes #636

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1061
2.4.1 / 2012-07-24
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1062 1063 1064
==================

  * fix `options` mutation in `static()`
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1065

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1066
2.4.0 / 2012-07-23
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1067 1068 1069 1070 1071 1072 1073
==================

  * add `connect.timeout()`
  * add __GET__ / __HEAD__ check to `directory()`. Closes #634
  * add "pause" util dep
  * update send dep for normalization bug

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1074
2.3.9 / 2012-07-16
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1075 1076 1077
==================

  * add more descriptive invalid json error message
1078
  * update send dep for root normalization regression
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1079 1080
  * fix staticCache fresh dep

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1081
2.3.8 / 2012-07-12
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1082 1083 1084 1085
==================

  * fix `connect.static()` 404 regression, pass `next()`. Closes #629

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1086
2.3.7 / 2012-07-05
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1087 1088 1089 1090 1091 1092 1093 1094 1095
==================

  * add `json()` utf-8 illustration test. Closes #621
  * add "send" dependency
  * change `connect.static()` internals to use "send"
  * fix `session()` req.session generation with pathname mismatch
  * fix `cookieSession()` req.session generation with pathname mismatch
  * fix mime export. Closes #618

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1096
2.3.6 / 2012-07-03
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1097 1098 1099 1100 1101
==================

  * Fixed cookieSession() with cookieParser() secret regression. Closes #602
  * Fixed set-cookie header fields on cookie.path mismatch. Closes #615

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1102
2.3.5 / 2012-06-28
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1103 1104 1105 1106 1107 1108
==================

  * Remove `logger()` mount check
  * Fixed `staticCache()` dont cache responses with set-cookie. Closes #607
  * Fixed `staticCache()` when Cookie is present

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1109
2.3.4 / 2012-06-22
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1110 1111 1112 1113 1114 1115
==================

  * Added `err.buf` to urlencoded() and json()
  * Update cookie to 0.0.4. Closes #604
  * Fixed: only send 304 if original response in 2xx or 304 [timkuijsten]

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1116
2.3.3 / 2012-06-11
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1117 1118 1119 1120 1121 1122 1123 1124
==================

  * Added ETags back to `static()` [timkuijsten]
  * Replaced `utils.parseRange()` with `range-parser` module
  * Replaced `utils.parseBytes()` with `bytes` module
  * Replaced `utils.modified()` with `fresh` module
  * Fixed `cookieSession()` regression with invalid cookie signing [shtylman]

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1125
2.3.2 / 2012-06-08
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1126 1127 1128 1129 1130
==================

  * expose mime module
  * Update crc dep (which bundled nodeunit)

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1131
2.3.1 / 2012-06-06
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1132 1133 1134 1135 1136 1137 1138 1139
==================

  * Added `secret` option to `cookieSession` middleware [shtylman]
  * Added `secret` option to `session` middleware [shtylman]
  * Added `req.remoteUser` back to `basicAuth()` as alias of `req.user`
  * Performance: improve signed cookie parsing
  * Update `cookie` dependency [shtylman]

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1140
2.3.0 / 2012-05-20
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1141 1142 1143 1144 1145 1146 1147 1148
==================

  * Added limit option to `json()`
  * Added limit option to `urlencoded()`
  * Added limit option to `multipart()`
  * Fixed: remove socket error event listener on callback
  * Fixed __ENOTDIR__ error on `static` middleware

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1149
2.2.2 / 2012-05-07
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1150 1151 1152 1153 1154 1155
==================

  * Added support to csrf middle for pre-flight CORS requests
  * Updated `engines` to allow newer version of node
  * Removed duplicate repo prop. Closes #560

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1156
2.2.1 / 2012-04-28
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1157 1158 1159 1160
==================

  * Fixed `static()` redirect when mounted. Closes #554

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1161
2.2.0 / 2012-04-25
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1162 1163 1164 1165 1166 1167
==================

  * Added `make benchmark`
  * Perf: memoize url parsing (~20% increase)
  * Fixed `connect(fn, fn2, ...)`. Closes #549

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1168
2.1.3 / 2012-04-20
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1169 1170 1171 1172 1173
==================

  * Added optional json() `reviver` function to be passed to JSON.parse [jed]
  * Fixed: emit drain in compress middleware [nsabovic]

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1174
2.1.2 / 2012-04-11
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1175 1176 1177 1178
==================

  * Fixed cookieParser() `req.cookies` regression

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1179
2.1.1 / 2012-04-11
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1180 1181 1182 1183 1184
==================

  * Fixed `session()` browser-session length cookies & examples
  * Fixed: make `query()` "self-aware" [jed]

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1185
2.1.0 / 2012-04-05
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1186 1187 1188 1189 1190 1191 1192 1193 1194
==================

  * Added `debug()` calls to `.use()` (`DEBUG=connect:displatcher`)
  * Added `urlencoded()` support for GET
  * Added `json()` support for GET. Closes #497
  * Added `strict` option to `json()`
  * Changed: `session()` only set-cookie when modified
  * Removed `Session#lastAccess` property. Closes #399

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1195
2.0.3 / 2012-03-20
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1196 1197 1198 1199 1200
==================

  * Added: `cookieSession()` only sets cookie on change. Closes #442
  * Added `connect:dispatcher` debug() probes

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1201
2.0.2 / 2012-03-04
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1202 1203 1204 1205 1206 1207
==================

  * Added test for __ENAMETOOLONG__ now that node is fixed
  * Fixed static() index "/" check on windows. Closes #498
  * Fixed Content-Range behaviour to match RFC2616 [matthiasdg / visionmedia]

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1208
2.0.1 / 2012-02-29
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1209 1210 1211 1212 1213 1214 1215
==================

  * Added test coverage for `vhost()` middleware
  * Changed `cookieParser()` signed cookie support to use SHA-2 [senotrusov]
  * Fixed `static()` Range: respond with 416 when unsatisfiable
  * Fixed `vhost()` middleware. Closes #494

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1216
2.0.0 / 2011-10-05
Tj Holowaychuk's avatar
Tj Holowaychuk committed
1217 1218
==================

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1219 1220
  * Added `cookieSession()` middleware for cookie-only sessions
  * Added `compress()` middleware for gzip / deflate support
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1221
  * Added `session()` "proxy" setting to trust `X-Forwarded-Proto`
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1222 1223 1224 1225
  * Added `json()` middleware to parse "application/json"
  * Added `urlencoded()` middleware to parse "application/x-www-form-urlencoded"
  * Added `multipart()` middleware to parse "multipart/form-data"
  * Added `cookieParser(secret)` support so anything using this middleware may access signed cookies
Tj Holowaychuk's avatar
Tj Holowaychuk committed
1226
  * Added signed cookie support to `cookieParser()`
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1227 1228
  * Added support for JSON-serialized cookies to `cookieParser()`
  * Added `err.status` support in Connect's default end-point
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1229
  * Added X-Cache MISS / HIT to `staticCache()`
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1230
  * Added public `res.headerSent` checking nodes `res._headerSent` until node does
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1231
  * Changed `basicAuth()` req.remoteUser to req.user
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1232
  * Changed: default `session()` to a browser-session cookie. Closes #475
Tj Holowaychuk's avatar
Tj Holowaychuk committed
1233
  * Changed: no longer lowercase cookie names
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1234
  * Changed `bodyParser()` to use `json()`, `urlencoded()`, and `multipart()`
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1235 1236 1237
  * Changed: `errorHandler()` is now a development-only middleware
  * Changed middleware to `next()` errors when possible so applications can unify logging / handling
  * Removed `http[s].Server` inheritance, now just a function, making it easy to have an app providing both http and https
Tj Holowaychuk's avatar
Tj Holowaychuk committed
1238
  * Removed `.createServer()` (use `connect()`)
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1239
  * Removed `secret` option from `session()`, use `cookieParser(secret)`
Tj Holowaychuk's avatar
Tj Holowaychuk committed
1240 1241
  * Removed `connect.session.ignore` array support
  * Removed `router()` middleware. Closes #262
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1242
  * Fixed: set-cookie only once for browser-session cookies
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1243 1244 1245
  * Fixed FQDN support. dont add leading "/"
  * Fixed 404 XSS attack vector. Closes #473
  * Fixed __HEAD__ support for 404s and 500s generated by Connect's end-point
Tj Holowaychuk's avatar
Tj Holowaychuk committed
1246

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1247
1.8.5 / 2011-12-22
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1248 1249
==================

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1250
  * Fixed: actually allow empty body for json
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1251

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1252
1.8.4 / 2011-12-22
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1253 1254 1255 1256
==================

  * Changed: allow empty body for json/urlencoded requests. Backport for #443

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1257
1.8.3 / 2011-12-16
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1258 1259 1260 1261
==================

  * Fixed `static()` _index.html_ support on windows

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1262
1.8.2 / 2011-12-03
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1263 1264 1265 1266
==================

  * Fixed potential security issue, store files in req.files. Closes #431 [reported by dobesv]

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1267
1.8.1 / 2011-11-21
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1268 1269 1270 1271
==================

  * Added nesting support for _multipart/form-data_ [jackyz]

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1272
1.8.0 / 2011-11-17
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1273 1274 1275 1276
==================

  * Added _multipart/form-data_ support to `bodyParser()` using formidable

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1277
1.7.3 / 2011-11-11
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1278 1279 1280 1281 1282
==================

  * Fixed `req.body`, always default to {}
  * Fixed HEAD support for 404s and 500s

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1283
1.7.2 / 2011-10-24
TJ Holowaychuk's avatar
TJ Holowaychuk committed
1284 1285 1286 1287 1288 1289 1290 1291 1292
==================

  * "node": ">= 0.4.1 < 0.7.0"
  * Added `static()` redirect option. Closes #398
  * Changed `limit()`: respond with 413 when content-length exceeds the limit
  * Removed socket error listener in static(). Closes #389
  * Fixed `staticCache()` Age header field
  * Fixed race condition causing errors reported in #329.

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1293
1.7.1 / 2011-09-12
Tj Holowaychuk's avatar
Tj Holowaychuk committed
1294 1295 1296 1297 1298 1299 1300
==================

  * Added: make `Store` inherit from `EventEmitter`
  * Added session `Store#load(sess, fn)` to fetch a `Session` instance
  * Added backpressure support to `staticCache()`
  * Changed `res.socket.destroy()` to `req.socket.destroy()`

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1301
1.7.0 / 2011-08-31
Tj Holowaychuk's avatar
Tj Holowaychuk committed
1302 1303 1304 1305 1306 1307 1308
==================

  * Added `staticCache()` middleware, a memory cache for `static()`
  * Added public `res.headerSent` checking nodes `res._headerSent` (remove when node adds this)
  * Changed: ignore error handling middleware when header is sent
  * Changed: dispatcher errors after header is sent destroy the sock

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1309
1.6.4 / 2011-08-26
Tj Holowaychuk's avatar
Tj Holowaychuk committed
1310 1311 1312 1313
==================

  * Revert "Added double-next reporting"

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1314
1.6.3 / 2011-08-26
Tj Holowaychuk's avatar
Tj Holowaychuk committed
1315 1316 1317 1318 1319 1320
==================

  * Added double-`next()` reporting
  * Added `immediate` option to `logger()`. Closes #321
  * Dependency `qs >= 0.3.1`

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1321
1.6.2 / 2011-08-11
Tj Holowaychuk's avatar
Tj Holowaychuk committed
1322 1323 1324 1325 1326 1327
==================

  * Fixed `connect.static()` null byte vulnerability
  * Fixed `connect.directory()` null byte vulnerability
  * Changed: 301 redirect in `static()` to postfix "/" on directory. Closes #289

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1328
1.6.1 / 2011-08-03
Tj Holowaychuk's avatar
Tj Holowaychuk committed
1329 1330 1331 1332 1333 1334 1335 1336 1337 1338
==================

  * Added: allow retval `== null` from logger callback to ignore line
  * Added `getOnly` option to `connect.static.send()`
  * Added response "header" event allowing augmentation
  * Added `X-CSRF-Token` header field check
  * Changed dep `qs >= 0.3.0`
  * Changed: persist csrf token. Closes #322
  * Changed: sort directory middleware files alphabetically

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1339
1.6.0 / 2011-07-10
Tj Holowaychuk's avatar
Tj Holowaychuk committed
1340 1341 1342 1343 1344 1345 1346
==================

  * Added :response-time to "dev" logger format
  * Added simple `csrf()` middleware. Closes #315
  * Fixed `res._headers` logger regression. Closes #318
  * Removed support for multiple middleware being passed to `.use()`

TJ Holowaychuk's avatar
TJ Holowaychuk committed
1347
1.5.2 / 2011-07-06
Tj Holowaychuk's avatar
Tj Holowaychuk committed
1348