4 * Add "root" option to `res.download`
5 * Allow `options` without `filename` in `res.download`
6 * Deprecate string and non-integer arguments to `res.status`
7 * Fix behavior of `null`/`undefined` as `maxAge` in `res.cookie`
8 * Ignore `Object.prototype` values in settings through `app.set`/`app.get`
9 * Invoke `default` with same arguments as types in `res.format`
10 * Support proper 205 responses using `res.send`
11 * Use `http-errors` for `res.format` error
12 * deps: body-parser@1.20.0
13 - Fix error message for json parse whitespace in `strict`
14 - Fix internal error when inflated body exceeds limit
15 - Prevent loss of async hooks context
16 - Prevent hanging when request already read
18 - deps: http-errors@2.0.0
19 - deps: on-finished@2.4.1
21 - deps: raw-body@2.5.1
23 - Add `priority` option
24 - Fix `expires` option to reject invalid dates
26 - Replace internal `eval` usage with `Function` constructor
27 - Use instance methods on `process` to check for listeners
28 * deps: finalhandler@1.2.0
29 - Remove set content headers that break response
30 - deps: on-finished@2.4.1
31 - deps: statuses@2.0.1
32 * deps: on-finished@2.4.1
33 - Prevent loss of async hooks context
36 - Fix emitted 416 error missing headers property
37 - Limit the headers removed for 304 response
40 - deps: http-errors@2.0.0
41 - deps: on-finished@2.4.1
42 - deps: statuses@2.0.1
43 * deps: serve-static@1.15.0
45 * deps: statuses@2.0.1
47 - Rename `425 Unordered Collection` to standard `425 Too Early`
52 * deps: accepts@~1.3.8
53 - deps: mime-types@~2.1.34
54 - deps: negotiator@0.6.3
55 * deps: body-parser@1.19.2
58 - deps: raw-body@2.4.3
61 * Fix handling of `__proto__` keys
62 * pref: remove unnecessary regexp for trust proxy
67 * Fix handling of `undefined` in `res.jsonp`
68 * Fix handling of `undefined` when `"json escape"` is enabled
69 * Fix incorrect middleware execution with unanchored `RegExp`s
70 * Fix `res.jsonp(obj, status)` deprecation message
71 * Fix typo in `res.is` JSDoc
72 * deps: body-parser@1.19.1
74 - deps: http-errors@1.8.1
76 - deps: raw-body@2.4.2
77 - deps: safe-buffer@5.2.1
78 - deps: type-is@~1.6.18
79 * deps: content-disposition@0.5.4
80 - deps: safe-buffer@5.2.1
82 - Fix `maxAge` option to reject invalid values
83 * deps: proxy-addr@~2.0.7
84 - Use `req.socket` over deprecated `req.connection`
85 - deps: forwarded@0.2.0
86 - deps: ipaddr.js@1.9.1
88 * deps: safe-buffer@5.2.1
90 - deps: http-errors@1.8.1
92 - pref: ignore empty http tokens
93 * deps: serve-static@1.14.2
95 * deps: setprototypeof@1.2.0
100 * Revert "Improve error message for `null`/`undefined` to `res.status`"
105 * Add `express.raw` to parse bodies into `Buffer`
106 * Add `express.text` to parse bodies into string
107 * Improve error message for non-strings to `res.sendFile`
108 * Improve error message for `null`/`undefined` to `res.status`
109 * Support multiple hosts in `X-Forwarded-Host`
110 * deps: accepts@~1.3.7
111 * deps: body-parser@1.19.0
113 - Add petabyte (`pb`) support
114 - Fix parsing array brackets after index
116 - deps: http-errors@1.7.2
117 - deps: iconv-lite@0.4.24
119 - deps: raw-body@2.4.0
120 - deps: type-is@~1.6.17
121 * deps: content-disposition@0.5.3
123 - Add `SameSite=None` support
124 * deps: finalhandler@~1.1.2
125 - Set stricter `Content-Security-Policy` header
126 - deps: parseurl@~1.3.3
127 - deps: statuses@~1.5.0
128 * deps: parseurl@~1.3.3
129 * deps: proxy-addr@~2.0.5
130 - deps: ipaddr.js@1.9.0
132 - Fix parsing array brackets after index
133 * deps: range-parser@~1.2.1
135 - Set stricter CSP header in redirect & error responses
136 - deps: http-errors@~1.7.2
139 - deps: range-parser@~1.2.1
140 - deps: statuses@~1.5.0
141 - perf: remove redundant `path.normalize` call
142 * deps: serve-static@1.14.1
143 - Set stricter CSP header in redirect response
144 - deps: parseurl@~1.3.3
146 * deps: setprototypeof@1.1.1
147 * deps: statuses@~1.5.0
148 - Add `103 Early Hints`
149 * deps: type-is@~1.6.18
150 - deps: mime-types@~2.1.24
151 - perf: prevent internal `throw` on invalid type
156 * Fix issue where `"Request aborted"` may be logged in `res.sendfile`
157 * Fix JSDoc for `Router` constructor
158 * deps: body-parser@1.18.3
159 - Fix deprecation warnings on Node.js 10+
160 - Fix stack trace for strict json parse error
162 - deps: http-errors@~1.6.3
163 - deps: iconv-lite@0.4.23
165 - deps: raw-body@2.3.3
166 - deps: type-is@~1.6.16
167 * deps: proxy-addr@~2.0.4
168 - deps: ipaddr.js@1.8.0
170 * deps: safe-buffer@5.1.2
175 * deps: accepts@~1.3.5
176 - deps: mime-types@~2.1.18
178 - perf: remove argument reassignment
179 * deps: encodeurl@~1.0.2
180 - Fix encoding `%` as last character
181 * deps: finalhandler@1.1.1
182 - Fix 404 output for bad / missing pathnames
183 - deps: encodeurl@~1.0.2
184 - deps: statuses@~1.4.0
185 * deps: proxy-addr@~2.0.3
186 - deps: ipaddr.js@1.6.0
188 - Fix incorrect end tag in default error & redirects
190 - deps: encodeurl@~1.0.2
191 - deps: statuses@~1.4.0
192 * deps: serve-static@1.13.2
193 - Fix incorrect end tag in redirects
194 - deps: encodeurl@~1.0.2
196 * deps: statuses@~1.4.0
197 * deps: type-is@~1.6.16
198 - deps: mime-types@~2.1.18
203 * Fix `TypeError` in `res.send` when given `Buffer` and `ETag` header set
204 * perf: skip parsing of entire `X-Forwarded-Proto` header
210 * deps: serve-static@1.13.1
211 - Fix regression when `root` is incorrectly set to a file
217 * Add `"json escape"` setting for `res.json` and `res.jsonp`
218 * Add `express.json` and `express.urlencoded` to parse bodies
219 * Add `options` argument to `res.download`
220 * Improve error message when autoloading invalid view engine
221 * Improve error messages when non-function provided as middleware
222 * Skip `Buffer` encoding when not generating ETag for small response
223 * Use `safe-buffer` for improved Buffer API
224 * deps: accepts@~1.3.4
225 - deps: mime-types@~2.1.16
226 * deps: content-type@~1.0.4
227 - perf: remove argument reassignment
228 - perf: skip parameter parsing when no parameters
230 - perf: replace regular expression with substring
231 * deps: finalhandler@1.1.0
232 - Use `res.headersSent` when available
233 * deps: parseurl@~1.3.2
234 - perf: reduce overhead for full URLs
235 - perf: unroll the "fast-path" `RegExp`
236 * deps: proxy-addr@~2.0.2
237 - Fix trimming leading / trailing OWS in `X-Forwarded-For`
238 - deps: forwarded@~0.1.2
239 - deps: ipaddr.js@1.5.2
240 - perf: reduce overhead when no `X-Forwarded-For` header
242 - Fix parsing & compacting very deep objects
244 - Add 70 new types for file extensions
245 - Add `immutable` option
246 - Fix missing `</html>` in default error & redirects
247 - Set charset as "UTF-8" for .js and .json
248 - Use instance methods on steam to check for listeners
250 - perf: improve path validation speed
251 * deps: serve-static@1.13.0
252 - Add 70 new types for file extensions
253 - Add `immutable` option
254 - Set charset as "UTF-8" for .js and .json
256 * deps: setprototypeof@1.1.0
257 * deps: utils-merge@1.0.1
259 - perf: improve header token parsing speed
260 * perf: re-use options object when generating ETags
261 * perf: remove dead `.charset` set in `res.jsonp`
267 * deps: finalhandler@~1.0.6
269 - deps: parseurl@~1.3.2
271 - Fix handling of modified headers with invalid dates
272 - perf: improve ETag match loop
273 - perf: improve `If-None-Match` token parsing
275 - Fix handling of modified headers with invalid dates
279 - perf: improve `If-Match` token parsing
280 * deps: serve-static@1.12.6
281 - deps: parseurl@~1.3.2
283 - perf: improve slash collapsing
290 - Remove unnecessary `Buffer` loading
291 * deps: finalhandler@~1.0.4
293 * deps: proxy-addr@~1.1.5
294 - Fix array argument being altered
295 - deps: ipaddr.js@1.4.0
300 - deps: http-errors@~1.6.2
301 * deps: serve-static@1.12.4
307 * Fix error when `res.set` cannot add charset to `Content-Type`
309 - Fix `DEBUG_MAX_ARRAY_LENGTH`
311 * deps: finalhandler@~1.0.3
312 - Fix missing `</html>` in HTML document
314 * deps: proxy-addr@~1.1.4
315 - deps: ipaddr.js@1.3.0
319 * deps: serve-static@1.12.3
321 * deps: type-is@~1.6.15
322 - deps: mime-types@~2.1.15
324 - perf: hoist regular expression
330 - Fix regression parsing keys starting with `[`
336 - Fix issue when `Date.parse` does not return `NaN` on invalid date
337 - Fix strict violation in broken environments
338 * deps: serve-static@1.12.1
339 - Fix issue when `Date.parse` does not return `NaN` on invalid date
345 * Add debug message when loading view engine
346 * Add `next("router")` to exit from router
347 * Fix case where `router.use` skipped requests routes did not
348 * Remove usage of `res._headers` private field
349 - Improves compatibility with Node.js 8 nightly
350 * Skip routing when `req.url` is not set
351 * Use `%o` in path debug to tell types apart
352 * Use `Object.create` to setup request & response prototypes
353 * Use `setprototypeof` module to replace `__proto__` setting
354 * Use `statuses` instead of `http` module for status messages
356 - Allow colors in workers
357 - Deprecated `DEBUG_FD` environment variable set to `3` or higher
358 - Fix error when running under React Native
359 - Use same color for same namespace
362 - Use SHA1 instead of MD5 for ETag hashing
363 - Works with FIPS 140-2 OpenSSL configuration
364 * deps: finalhandler@~1.0.0
365 - Fix exception when `err` cannot be converted to a string
366 - Fully URL-encode the pathname in the 404
367 - Only include the pathname in the 404 message
368 - Send complete HTML document
369 - Set `Content-Security-Policy: default-src 'self'` header
372 - Fix false detection of `no-cache` request directive
373 - Fix incorrect result when `If-None-Match` has both `*` and ETags
374 - Fix weak `ETag` matching to match spec
375 - perf: delay reading header values until needed
376 - perf: enable strict mode
377 - perf: hoist regular expressions
378 - perf: remove duplicate conditional
379 - perf: remove unnecessary boolean coercions
380 - perf: skip checking modified time if ETag check failed
381 - perf: skip parsing `If-None-Match` when no `ETag` header
382 - perf: use `Date.parse` instead of `new Date`
384 - Fix array parsing from skipping empty values
385 - Fix compacting nested arrays
387 - Fix false detection of `no-cache` request directive
388 - Fix incorrect result when `If-None-Match` has both `*` and ETags
389 - Fix weak `ETag` matching to match spec
390 - Remove usage of `res._headers` private field
391 - Support `If-Match` and `If-Unmodified-Since` headers
392 - Use `res.getHeaderNames()` when available
393 - Use `res.headersSent` when available
397 - deps: http-errors@~1.6.1
398 * deps: serve-static@1.12.0
399 - Fix false detection of `no-cache` request directive
400 - Fix incorrect result when `If-None-Match` has both `*` and ETags
401 - Fix weak `ETag` matching to match spec
402 - Remove usage of `res._headers` private field
403 - Send complete HTML document in redirect response
404 - Set default CSP header in redirect response
405 - Support `If-Match` and `If-Unmodified-Since` headers
406 - Use `res.getHeaderNames()` when available
407 - Use `res.headersSent` when available
409 * perf: add fast match path for `*` route
410 * perf: improve `req.ips` performance
415 * deps: content-disposition@0.5.2
416 * deps: finalhandler@0.5.1
417 - Fix exception when `err.headers` is not an object
418 - deps: statuses@~1.3.1
419 - perf: hoist regular expressions
420 - perf: remove duplicate validation path
421 * deps: proxy-addr@~1.1.3
422 - deps: ipaddr.js@1.2.0
424 - deps: http-errors@~1.5.1
426 - deps: statuses@~1.3.1
427 * deps: serve-static@~1.11.2
429 * deps: type-is@~1.6.14
430 - deps: mime-types@~2.1.13
435 * Add `acceptRanges` option to `res.sendFile`/`res.sendfile`
436 * Add `cacheControl` option to `res.sendFile`/`res.sendfile`
437 * Add `options` argument to `req.range`
438 - Includes the `combine` option
439 * Encode URL in `res.location`/`res.redirect` if not already encoded
440 * Fix some redirect handling in `res.sendFile`/`res.sendfile`
441 * Fix Windows absolute path check using forward slashes
442 * Improve error with invalid arguments to `req.get()`
443 * Improve performance for `res.json`/`res.jsonp` in most cases
444 * Improve `Range` header handling in `res.sendFile`/`res.sendfile`
445 * deps: accepts@~1.3.3
446 - Fix including type extensions in parameters in `Accept` parsing
447 - Fix parsing `Accept` parameters with quoted equals
448 - Fix parsing `Accept` parameters with quoted semicolons
449 - Many performance improvements
450 - deps: mime-types@~2.1.11
451 - deps: negotiator@0.6.1
452 * deps: content-type@~1.0.2
453 - perf: enable strict mode
455 - Add `sameSite` option
456 - Fix cookie `Max-Age` to never be a floating point number
457 - Improve error message when `encode` is not a function
458 - Improve error message when `expires` is not a `Date`
459 - Throw better error for invalid argument to parse
460 - Throw on invalid values provided to `serialize`
461 - perf: enable strict mode
462 - perf: hoist regular expression
463 - perf: use for loop in parse
464 - perf: use string concatenation for serialization
465 * deps: finalhandler@0.5.0
466 - Change invalid or non-numeric status code to 500
467 - Overwrite status message to match set status code
468 - Prefer `err.statusCode` if `err.status` is invalid
469 - Set response headers from `err.headers` object
470 - Use `statuses` instead of `http` module for status messages
471 * deps: proxy-addr@~1.1.2
472 - Fix accepting various invalid netmasks
473 - Fix IPv6-mapped IPv4 validation edge cases
474 - IPv4 netmasks must be contiguous
475 - IPv6 addresses cannot be used as a netmask
476 - deps: ipaddr.js@1.1.1
478 - Add `decoder` option in `parse` function
479 * deps: range-parser@~1.2.0
480 - Add `combine` option to combine overlapping ranges
481 - Fix incorrectly returning -1 when there is at least one valid range
482 - perf: remove internal function
484 - Add `acceptRanges` option
485 - Add `cacheControl` option
486 - Attempt to combine multiple ranges into single range
487 - Correctly inherit from `Stream` class
488 - Fix `Content-Range` header in 416 responses when using `start`/`end` options
489 - Fix `Content-Range` header missing from default 416 responses
490 - Fix redirect error when `path` contains raw non-URL characters
491 - Fix redirect when `path` starts with multiple forward slashes
492 - Ignore non-byte `Range` headers
493 - deps: http-errors@~1.5.0
494 - deps: range-parser@~1.2.0
495 - deps: statuses@~1.3.0
496 - perf: remove argument reassignment
497 * deps: serve-static@~1.11.1
498 - Add `acceptRanges` option
499 - Add `cacheControl` option
500 - Attempt to combine multiple ranges into single range
501 - Fix redirect error when `req.url` contains raw non-URL characters
502 - Ignore non-byte `Range` headers
503 - Use status code 301 for redirects
505 * deps: type-is@~1.6.13
506 - Fix type error when given invalid type to match against
507 - deps: mime-types@~2.1.11
509 - Only accept valid field names in the `field` argument
510 * perf: use strict equality when possible
515 * deps: content-disposition@0.5.1
516 - perf: enable strict mode
518 - Throw on invalid values provided to `serialize`
520 - Support web browser loading
521 - perf: enable strict mode
522 * deps: escape-html@~1.0.3
523 - perf: enable strict mode
524 - perf: optimize string replacement
525 - perf: use faster string coercion
526 * deps: finalhandler@0.4.1
527 - deps: escape-html@~1.0.3
528 * deps: merge-descriptors@1.0.1
529 - perf: enable strict mode
530 * deps: methods@~1.1.2
531 - perf: enable strict mode
532 * deps: parseurl@~1.3.1
533 - perf: enable strict mode
534 * deps: proxy-addr@~1.0.10
535 - deps: ipaddr.js@1.0.5
536 - perf: enable strict mode
537 * deps: range-parser@~1.0.3
538 - perf: enable strict mode
541 - deps: destroy@~1.0.4
542 - deps: escape-html@~1.0.3
543 - deps: range-parser@~1.0.3
544 * deps: serve-static@~1.10.2
545 - deps: escape-html@~1.0.3
546 - deps: parseurl@~1.3.0
552 * Fix infinite loop condition using `mergeParams: true`
553 * Fix inner numeric indices incorrectly altering parent `req.params`
558 * deps: accepts@~1.2.12
559 - deps: mime-types@~2.1.4
560 * deps: array-flatten@1.1.1
561 - perf: enable strict mode
562 * deps: path-to-regexp@0.1.7
563 - Fix regression with escaped round brackets and matching groups
564 * deps: type-is@~1.6.6
565 - deps: mime-types@~2.1.4
570 * deps: accepts@~1.2.10
571 - deps: mime-types@~2.1.2
573 - Fix dropping parameters like `hasOwnProperty`
574 - Fix various parsing edge cases
575 * deps: type-is@~1.6.4
576 - deps: mime-types@~2.1.2
577 - perf: enable strict mode
578 - perf: remove argument reassignment
583 * Add settings to debug output
584 * Fix `res.format` error when only `default` provided
585 * Fix issue where `next('route')` in `app.param` would incorrectly skip values
586 * Fix hiding platform issues with `decodeURIComponent`
587 - Only `URIError`s are a 400
588 * Fix using `*` before params in routes
589 * Fix using capture groups before params in routes
590 * Simplify `res.cookie` to call `res.append`
591 * Use `array-flatten` module for flattening arrays
592 * deps: accepts@~1.2.9
593 - deps: mime-types@~2.1.1
594 - perf: avoid argument reassignment & argument slice
595 - perf: avoid negotiator recursive construction
596 - perf: enable strict mode
597 - perf: remove unnecessary bitwise operator
599 - perf: deduce the scope of try-catch deopt
600 - perf: remove argument reassignments
601 * deps: escape-html@1.0.2
603 - Always include entity length in ETags for hash length extensions
604 - Generate non-Stats ETags using MD5 only (no longer CRC32)
605 - Improve stat performance by removing hashing
606 - Improve support for JXcore
607 - Remove base64 padding in ETags to shorten
608 - Support "fake" stats objects in environments without fs
609 - Use MD5 instead of MD4 in weak ETags over 1KB
610 * deps: finalhandler@0.4.0
611 - Fix a false-positive when unpiping in Node.js 0.8
612 - Support `statusCode` property on `Error` objects
613 - Use `unpipe` module for unpiping requests
614 - deps: escape-html@1.0.2
615 - deps: on-finished@~2.3.0
616 - perf: enable strict mode
617 - perf: remove argument reassignment
619 - Add weak `ETag` matching support
620 * deps: on-finished@~2.3.0
621 - Add defined behavior for HTTP `CONNECT` requests
622 - Add defined behavior for HTTP `Upgrade` requests
623 - deps: ee-first@1.1.1
624 * deps: path-to-regexp@0.1.6
626 - Allow Node.js HTTP server to set `Date` response header
627 - Fix incorrectly removing `Content-Location` on 304 response
628 - Improve the default redirect response headers
629 - Send appropriate headers on default error response
630 - Use `http-errors` for standard emitted errors
631 - Use `statuses` instead of `http` module for status messages
632 - deps: escape-html@1.0.2
635 - deps: on-finished@~2.3.0
636 - perf: enable strict mode
637 - perf: remove unnecessary array allocations
638 * deps: serve-static@~1.10.0
639 - Add `fallthrough` option
640 - Fix reading options from options prototype
641 - Improve the default redirect response headers
642 - Malformed URLs now `next()` instead of 400
643 - deps: escape-html@1.0.2
645 - perf: enable strict mode
646 - perf: remove argument reassignment
647 * deps: type-is@~1.6.3
648 - deps: mime-types@~2.1.1
649 - perf: reduce try block size
650 - perf: remove bitwise operations
651 * perf: enable strict mode
652 * perf: isolate `app.render` try block
653 * perf: remove argument reassignments in application
654 * perf: remove argument reassignments in request prototype
655 * perf: remove argument reassignments in response prototype
656 * perf: remove argument reassignments in routing
657 * perf: remove argument reassignments in `View`
658 * perf: skip attempting to decode zero length string
659 * perf: use saved reference to `http.STATUS_CODES`
664 * deps: accepts@~1.2.7
665 - deps: mime-types@~2.0.11
666 - deps: negotiator@0.5.3
671 - Improve support for JXcore
672 - Support "fake" stats objects in environments without `fs`
673 * deps: finalhandler@0.3.6
675 - deps: on-finished@~2.2.1
676 * deps: on-finished@~2.2.1
677 - Fix `isFinished(req)` when data buffered
678 * deps: proxy-addr@~1.0.8
679 - deps: ipaddr.js@1.0.1
681 - Fix allowing parameters like `constructor`
687 - deps: on-finished@~2.2.1
688 * deps: serve-static@~1.9.3
690 * deps: type-is@~1.6.2
691 - deps: mime-types@~2.0.11
696 * deps: accepts@~1.2.5
697 - deps: mime-types@~2.0.10
699 - Fix high intensity foreground color for bold
701 * deps: finalhandler@0.3.4
703 * deps: proxy-addr@~1.0.7
704 - deps: ipaddr.js@0.1.9
706 - Fix error when parameter `hasOwnProperty` is present
708 - Throw errors early for invalid `extensions` or `index` options
710 * deps: serve-static@~1.9.2
712 * deps: type-is@~1.6.1
713 - deps: mime-types@~2.0.10
718 * Fix regression where `"Request aborted"` is logged using `res.sendFile`
723 * Fix constructing application with non-configurable prototype properties
724 * Fix `ECONNRESET` errors from `res.sendFile` usage
725 * Fix `req.host` when using "trust proxy" hops count
726 * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
727 * Fix wrong `code` on aborted connections from `res.sendFile`
728 * deps: merge-descriptors@1.0.0
733 * Fix `"trust proxy"` setting to inherit when app is mounted
734 * Generate `ETag`s for all request responses
735 - No longer restricted to only responses for `GET` and `HEAD` requests
736 * Use `content-type` to parse `Content-Type` headers
737 * deps: accepts@~1.2.4
738 - Fix preference sorting to be stable for long acceptable lists
739 - deps: mime-types@~2.0.9
740 - deps: negotiator@0.5.1
741 * deps: cookie-signature@1.0.6
743 - Always read the stat size from the file
744 - Fix mutating passed-in `options`
746 * deps: serve-static@~1.9.1
748 * deps: type-is@~1.6.0
749 - fix argument reassignment
750 - fix false-positives in `hasBody` `Transfer-Encoding` check
751 - support wildcard for both type and subtype (`*/*`)
752 - deps: mime-types@~2.0.9
757 * Fix `res.redirect` double-calling `res.end` for `HEAD` requests
758 * deps: accepts@~1.2.3
759 - deps: mime-types@~2.0.8
760 * deps: proxy-addr@~1.0.6
761 - deps: ipaddr.js@0.1.8
762 * deps: type-is@~1.5.6
763 - deps: mime-types@~2.0.8
769 - Fix root path disclosure
770 * deps: serve-static@~1.8.1
771 - Fix redirect loop in Node.js 0.11.14
772 - Fix root path disclosure
778 * Add `res.append(field, val)` to append headers
779 * Deprecate leading `:` in `name` for `app.param(name, fn)`
780 * Deprecate `req.param()` -- use `req.params`, `req.body`, or `req.query` instead
781 * Deprecate `app.param(fn)`
782 * Fix `OPTIONS` responses to include the `HEAD` method properly
783 * Fix `res.sendFile` not always detecting aborted connection
784 * Match routes iteratively to prevent stack overflows
785 * deps: accepts@~1.2.2
786 - deps: mime-types@~2.0.7
787 - deps: negotiator@0.5.0
792 - deps: on-finished@~2.2.0
793 * deps: serve-static@~1.8.0
799 * Fix crash from error within `OPTIONS` response handler
800 * deps: proxy-addr@~1.0.5
801 - deps: ipaddr.js@0.1.6
806 * Fix `Allow` header for `OPTIONS` to not contain duplicate methods
807 * Fix incorrect "Request aborted" for `res.sendFile` when `HEAD` or 304
809 * deps: finalhandler@0.3.3
811 - deps: on-finished@~2.2.0
812 * deps: methods@~1.1.1
813 * deps: on-finished@~2.2.0
814 * deps: serve-static@~1.7.2
815 - Fix potential open redirect when mounted at root
816 * deps: type-is@~1.5.5
817 - deps: mime-types@~2.0.7
822 * Fix exception in `req.fresh`/`req.stale` without response headers
827 * Fix `res.send` double-calling `res.end` for `HEAD` requests
828 * deps: accepts@~1.1.4
829 - deps: mime-types@~2.0.4
830 * deps: type-is@~1.5.4
831 - deps: mime-types@~2.0.4
836 * Fix `res.sendfile` logging standard write errors
841 * Fix `res.sendFile` logging standard write errors
843 * deps: proxy-addr@~1.0.4
844 - deps: ipaddr.js@0.1.5
846 - Fix `arrayLimit` behavior
851 * Correctly invoke async router callback asynchronously
852 * deps: accepts@~1.1.3
853 - deps: mime-types@~2.0.3
854 * deps: type-is@~1.5.3
855 - deps: mime-types@~2.0.3
860 * Fix handling of URLs containing `://` in the path
862 - Fix parsing of mixed objects and values
867 * Add support for `app.set('views', array)`
868 - Views are looked up in sequence in array of directories
869 * Fix `res.send(status)` to mention `res.sendStatus(status)`
870 * Fix handling of invalid empty URLs
871 * Use `content-disposition` module for `res.attachment`/`res.download`
872 - Sends standards-compliant `Content-Disposition` header
873 - Full Unicode support
874 * Use `path.resolve` in view lookup
876 - Implement `DEBUG_FD` env variable support
879 - Improve string performance
880 - Slightly improve speed for weak ETags over 1KB
881 * deps: finalhandler@0.3.2
882 - Terminate in progress response only on error
883 - Use `on-finished` to determine request status
885 - deps: on-finished@~2.1.1
886 * deps: on-finished@~2.1.1
887 - Fix handling of pipelined requests
889 - Fix parsing of mixed implicit and explicit arrays
894 - deps: on-finished@~2.1.1
895 * deps: serve-static@~1.7.1
901 * Fix `res.redirect` body when redirect status specified
902 * deps: accepts@~1.1.2
903 - Fix error when media type has invalid parameter
904 - deps: negotiator@0.4.9
909 * Fix using same param name in array of paths
914 * deps: accepts@~1.1.1
915 - deps: mime-types@~2.0.2
916 - deps: negotiator@0.4.8
917 * deps: serve-static@~1.6.4
918 - Fix redirect loop when index file serving disabled
919 * deps: type-is@~1.5.2
920 - deps: mime-types@~2.0.2
926 * deps: proxy-addr@~1.0.3
927 - Use `forwarded` npm module
930 * deps: serve-static@~1.6.3
937 - Fix issue with object keys starting with numbers truncated
942 * deps: proxy-addr@~1.0.2
943 - Fix a global leak when multiple subnets are trusted
944 - deps: ipaddr.js@0.1.3
949 * Fix regression for empty string `path` in `app.use`
950 * Fix `router.use` to accept array of middleware without path
951 * Improve error message for bad `app.use` arguments
956 * Fix `app.use` to accept array of middleware without path
962 - deps: range-parser@~1.0.2
963 * deps: serve-static@~1.6.2
969 * Add `res.sendStatus`
970 * Invoke callback for sendfile when client aborts
971 - Applies to `res.sendFile`, `res.sendfile`, and `res.download`
972 - `err` will be populated with request aborted error
973 * Support IP address host in `req.subdomains`
974 * Use `etag` to generate `ETag` headers
975 * deps: accepts@~1.1.0
976 - update `mime-types`
977 * deps: cookie-signature@1.0.5
979 * deps: finalhandler@0.2.0
980 - Set `X-Content-Type-Options: nosniff` header
983 * deps: media-typer@0.3.0
984 - Throw error when parameter format invalid on parse
986 - Fix issue where first empty value in array is discarded
987 * deps: range-parser@~1.0.2
989 - Add `lastModified` option
990 - Use `etag` to generate `ETag` header
993 * deps: serve-static@~1.6.1
994 - Add `lastModified` option
996 * deps: type-is@~1.5.1
997 - fix `hasbody` to be true for `content-length: 0`
998 - deps: media-typer@0.3.0
999 - deps: mime-types@~2.0.1
1001 - Accept valid `Vary` header string as `field`
1007 - Fix a path traversal issue when using `root`
1008 - Fix malicious path detection for empty string path
1009 * deps: serve-static@~1.5.4
1016 - Remove unnecessary cloning
1023 - Performance improvements
1029 - deps: destroy@1.0.3
1030 - deps: on-finished@2.1.0
1031 * deps: serve-static@~1.5.3
1039 - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
1040 * deps: serve-static@~1.5.2
1046 * deps: parseurl@~1.3.0
1048 * deps: serve-static@~1.5.1
1049 - Fix parsing of weird `req.originalUrl` values
1050 - deps: parseurl@~1.3.0
1051 - deps: utils-merge@1.0.0
1057 - Fix parsing array of objects
1062 * fix incorrect deprecation warnings on `res.download`
1064 - Accept urlencoded square brackets
1065 - Accept empty values in implicit array notation
1070 * add `res.sendFile`
1071 - accepts a file system path instead of a URL
1072 - requires an absolute path or `root` option specified
1073 * deprecate `res.sendfile` -- use `res.sendFile` instead
1074 * support mounted app as any argument to `app.use()`
1077 - Limits array length to 20
1078 - Limits object depth to 5
1079 - Limits parameters to 1,000
1081 - Add `extensions` option
1082 * deps: serve-static@~1.5.0
1083 - Add `extensions` option
1089 * fix `res.sendfile` regression for serving directory index files
1091 - Fix incorrect 403 on Windows and Node.js 0.11
1092 - Fix serving index files without root dir
1093 * deps: serve-static@~1.4.4
1100 - Fix incorrect 403 on Windows and Node.js 0.11
1101 * deps: serve-static@~1.4.3
1102 - Fix incorrect 403 on Windows and Node.js 0.11
1109 - Work-around v8 generating empty stack traces
1112 * deps: serve-static@~1.4.2
1118 - Fix exception when global `Error.stackTraceLimit` is too low
1121 * deps: serve-static@~1.4.1
1126 * fix `req.protocol` for proxy-direct connections
1127 * configurable query parser with `app.set('query parser', parser)`
1128 - `app.set('query parser', 'extended')` parse with "qs" module
1129 - `app.set('query parser', 'simple')` parse with "querystring" core module
1130 - `app.set('query parser', false)` disable query string parsing
1131 - `app.set('query parser', true)` enable simple parsing
1132 * deprecate `res.json(status, obj)` -- use `res.status(status).json(obj)` instead
1133 * deprecate `res.jsonp(status, obj)` -- use `res.status(status).jsonp(obj)` instead
1134 * deprecate `res.send(status, body)` -- use `res.status(status).send(body)` instead
1137 - Add `TRACE_DEPRECATION` environment variable
1138 - Remove non-standard grey color from color output
1139 - Support `--no-deprecation` argument
1140 - Support `--trace-deprecation` argument
1141 * deps: finalhandler@0.1.0
1142 - Respond after request fully read
1144 * deps: parseurl@~1.2.0
1145 - Cache URLs based on original value
1146 - Remove no-longer-needed URL mis-parse work-around
1147 - Simplify the "fast-path" `RegExp`
1149 - Add `dotfiles` option
1150 - Cap `maxAge` value to 1 year
1153 * deps: serve-static@~1.4.0
1154 - deps: parseurl@~1.2.0
1156 * perf: prevent multiple `Buffer` creation in `res.send`
1161 * fix `subapp.mountpath` regression for `app.use(subapp)`
1166 * accept multiple callbacks to `app.use()`
1167 * add explicit "Rosetta Flash JSONP abuse" protection
1168 - previous versions are not vulnerable; this is just explicit protection
1169 * catch errors in multiple `req.param(name, fn)` handlers
1170 * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
1171 * fix `res.send(status, num)` to send `num` as json (not error)
1172 * remove unnecessary escaping when `res.jsonp` returns JSON response
1173 * support non-string `path` in `app.use(path, fn)`
1174 - supports array of paths
1176 * router: fix optimization on router exit
1177 * router: refactor location of `try` blocks
1178 * router: speed up standard `app.use(fn)`
1180 - Add support for multiple wildcards in namespaces
1181 * deps: finalhandler@0.0.3
1183 * deps: methods@1.1.0
1185 * deps: parseurl@~1.1.3
1186 - faster parsing of href-only URLs
1187 * deps: path-to-regexp@0.1.3
1190 * deps: serve-static@~1.3.2
1191 - deps: parseurl@~1.1.3
1193 * perf: fix arguments reassign deopt in some `res` methods
1198 * fix routing regression when altering `req.method`
1203 * add deprecation message to non-plural `req.accepts*`
1204 * add deprecation message to `res.send(body, status)`
1205 * add deprecation message to `res.vary()`
1206 * add `headers` option to `res.sendfile`
1207 - use to set headers on successful file transfer
1208 * add `mergeParams` option to `Router`
1209 - merges `req.params` from parent routes
1210 * add `req.hostname` -- correct name for what `req.host` returns
1211 * deprecate things with `depd` module
1212 * deprecate `req.host` -- use `req.hostname` instead
1213 * fix behavior when handling request without routes
1214 * fix handling when `route.all` is only route
1215 * invoke `router.param()` only when route matches
1216 * restore `req.params` after invoking router
1217 * use `finalhandler` for final response handling
1218 * use `media-typer` to alter content-type charset
1219 * deps: accepts@~1.0.7
1221 - Accept string for `maxage` (converted by `ms`)
1222 - Include link in default redirect response
1223 * deps: serve-static@~1.3.0
1224 - Accept string for `maxAge` (converted by `ms`)
1225 - Add `setHeaders` option
1226 - Include HTML link in redirect response
1228 * deps: type-is@~1.3.2
1233 * deps: cookie-signature@1.0.4
1234 - fix for timing attacks
1239 * fix `res.attachment` Unicode filenames in Safari
1240 * fix "trim prefix" debug message in `express:router`
1241 * deps: accepts@~1.0.5
1242 * deps: buffer-crc32@0.2.3
1247 * fix persistence of modified `req.params[name]` from `app.param()`
1248 * deps: accepts@1.0.3
1249 - deps: negotiator@0.4.6
1252 - Do not throw uncatchable error on file open race condition
1253 - Use `escape-html` for HTML escaping
1255 - deps: finished@1.2.2
1257 * deps: serve-static@1.2.3
1258 - Do not throw uncatchable error on file open race condition
1264 * fix catching errors from top-level handlers
1265 * use `vary` module for `res.vary`
1267 * deps: proxy-addr@1.0.1
1269 - fix "event emitter leak" warnings
1271 - deps: finished@1.2.1
1272 * deps: serve-static@1.2.2
1273 - fix "event emitter leak" warnings
1275 * deps: type-is@1.2.1
1280 * deps: methods@1.0.1
1282 - Send `max-age` in `Cache-Control` in correct format
1283 * deps: serve-static@1.2.1
1284 - use `escape-html` for escaping
1290 * custom etag control with `app.set('etag', val)`
1291 - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
1292 - `app.set('etag', 'weak')` weak tag
1293 - `app.set('etag', 'strong')` strong etag
1294 - `app.set('etag', false)` turn off
1295 - `app.set('etag', true)` standard etag
1296 * mark `res.send` ETag as weak and reduce collisions
1297 * update accepts to 1.0.2
1298 - Fix interpretation when header not in request
1299 * update send to 0.4.0
1300 - Calculate ETag with md5 for reduced collisions
1301 - Ignore stream errors after request ends
1303 * update serve-static to 1.2.0
1304 - Calculate ETag with md5 for reduced collisions
1305 - Ignore stream errors after request ends
1311 * fix handling of errors from `router.param()` callbacks
1316 * revert "fix behavior of multiple `app.VERB` for the same path"
1317 - this caused a regression in the order of route execution
1322 * add `req.baseUrl` to access the path stripped from `req.url` in routes
1323 * fix behavior of multiple `app.VERB` for the same path
1324 * fix issue routing requests among sub routers
1325 * invoke `router.param()` only when necessary instead of every match
1326 * proper proxy trust with `app.set('trust proxy', trust)`
1327 - `app.set('trust proxy', 1)` trust first hop
1328 - `app.set('trust proxy', 'loopback')` trust loopback addresses
1329 - `app.set('trust proxy', '10.0.0.1')` trust single IP
1330 - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
1331 - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
1332 - `app.set('trust proxy', false)` turn off
1333 - `app.set('trust proxy', true)` trust everything
1334 * set proper `charset` in `Content-Type` for `res.send`
1335 * update type-is to 1.2.0
1336 - support suffix matching
1341 * deprecate `app.del()` -- use `app.delete()` instead
1342 * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
1343 - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
1344 * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
1345 - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
1346 * fix `req.next` when inside router instance
1347 * include `ETag` header in `HEAD` requests
1348 * keep previous `Content-Type` for `res.jsonp`
1349 * support PURGE method
1351 - add `router.purge`
1352 - include PURGE in `app.all`
1353 * update debug to 0.8.0
1354 - add `enable()` method
1355 - change from stderr to stdout
1356 * update methods to 1.0.0
1362 * fix `req.host` for IPv6 literals
1363 * fix `res.jsonp` error if callback param is object
1368 * fix package.json to reflect supported node version
1373 * pass options from `res.sendfile` to `send`
1374 * preserve casing of headers in `res.header` and `res.set`
1375 * support unicode file names in `res.attachment` and `res.download`
1376 * update accepts to 1.0.1
1377 - deps: negotiator@0.4.0
1378 * update cookie to 0.1.2
1379 - Fix for maxAge == 0
1380 - made compat with expires field
1381 * update send to 0.3.0
1382 - Accept API options in options object
1383 - Coerce option types
1384 - Control whether to generate etags
1385 - Default directory access to 403 when index disabled
1386 - Fix sending files with dots without root set
1387 - Include file path in etag
1388 - Make "Can't set headers after they are sent." catchable
1389 - Send full entity-body for multi range requests
1390 - Set etags to "weak"
1391 - Support "If-Range" header
1392 - Support multiple index paths
1394 * update serve-static to 1.1.0
1395 - Accept options directly to `send` module
1396 - Resolve relative paths at middleware setup
1397 - Use parseurl to parse the URL from request
1399 * update type-is to 1.1.0
1400 - add non-array values support
1401 - add `multipart` as a shorthand
1408 - connect and connect's patches except for charset handling
1409 - express(1) - moved to [express-generator](https://github.com/expressjs/generator)
1410 - `express.createServer()` - it has been deprecated for a long time. Use `express()`
1411 - `app.configure` - use logic in your own app code
1412 - `app.router` - is removed
1413 - `req.auth` - use `basic-auth` instead
1414 - `req.accepted*` - use `req.accepts*()` instead
1415 - `res.location` - relative URL resolution is removed
1416 - `res.charset` - include the charset in the content type when using `res.set()`
1417 - all bundled middleware except `static`
1419 - `app.route` -> `app.mountpath` when mounting an express app in another express app
1420 - `json spaces` no longer enabled by default in development
1421 - `req.accepts*` -> `req.accepts*s` - i.e. `req.acceptsEncoding` -> `req.acceptsEncodings`
1422 - `req.params` is now an object instead of an array
1423 - `res.locals` is no longer a function. It is a plain js object. Treat it as such.
1424 - `res.headerSent` -> `res.headersSent` to match node.js ServerResponse object
1426 - `req.accepts*` with [accepts](https://github.com/expressjs/accepts)
1427 - `req.is` with [type-is](https://github.com/expressjs/type-is)
1428 - [path-to-regexp](https://github.com/component/path-to-regexp)
1430 - `app.router()` - returns the app Router instance
1431 - `app.route()` - Proxy to the app's `Router#route()` method to create a new route
1432 - Router & Route - public API
1437 * deps: connect@2.30.2
1438 - deps: body-parser@~1.13.3
1439 - deps: compression@~1.5.2
1440 - deps: errorhandler@~1.4.2
1441 - deps: method-override@~2.3.5
1442 - deps: serve-index@~1.7.2
1443 - deps: type-is@~1.6.6
1444 - deps: vhost@~3.0.1
1446 - Fix setting empty header from empty `field`
1447 - perf: enable strict mode
1448 - perf: remove argument reassignments
1453 * deps: basic-auth@~1.0.3
1454 * deps: connect@2.30.1
1455 - deps: body-parser@~1.13.2
1456 - deps: compression@~1.5.1
1457 - deps: errorhandler@~1.4.1
1458 - deps: morgan@~1.6.1
1461 - deps: serve-index@~1.7.1
1462 - deps: type-is@~1.6.4
1467 * deps: basic-auth@1.0.2
1468 - perf: enable strict mode
1469 - perf: hoist regular expression
1470 - perf: parse with regular expressions
1471 - perf: remove argument reassignment
1472 * deps: connect@2.30.0
1473 - deps: body-parser@~1.13.1
1475 - deps: compression@~1.5.0
1476 - deps: cookie@0.1.3
1477 - deps: cookie-parser@~1.3.5
1478 - deps: csurf@~1.8.3
1479 - deps: errorhandler@~1.4.0
1480 - deps: express-session@~1.11.3
1481 - deps: finalhandler@0.4.0
1483 - deps: morgan@~1.6.0
1484 - deps: serve-favicon@~2.3.0
1485 - deps: serve-index@~1.7.0
1486 - deps: serve-static@~1.10.0
1487 - deps: type-is@~1.6.3
1488 * deps: cookie@0.1.3
1489 - perf: deduce the scope of try-catch deopt
1490 - perf: remove argument reassignments
1491 * deps: escape-html@1.0.2
1493 - Always include entity length in ETags for hash length extensions
1494 - Generate non-Stats ETags using MD5 only (no longer CRC32)
1495 - Improve stat performance by removing hashing
1496 - Improve support for JXcore
1497 - Remove base64 padding in ETags to shorten
1498 - Support "fake" stats objects in environments without fs
1499 - Use MD5 instead of MD4 in weak ETags over 1KB
1501 - Add weak `ETag` matching support
1502 * deps: mkdirp@0.5.1
1503 - Work in global strict mode
1505 - Allow Node.js HTTP server to set `Date` response header
1506 - Fix incorrectly removing `Content-Location` on 304 response
1507 - Improve the default redirect response headers
1508 - Send appropriate headers on default error response
1509 - Use `http-errors` for standard emitted errors
1510 - Use `statuses` instead of `http` module for status messages
1511 - deps: escape-html@1.0.2
1514 - deps: on-finished@~2.3.0
1515 - perf: enable strict mode
1516 - perf: remove unnecessary array allocations
1521 * deps: connect@2.29.2
1522 - deps: body-parser@~1.12.4
1523 - deps: compression@~1.4.4
1524 - deps: connect-timeout@~1.6.2
1525 - deps: debug@~2.2.0
1527 - deps: errorhandler@~1.3.6
1528 - deps: finalhandler@0.3.6
1529 - deps: method-override@~2.3.3
1530 - deps: morgan@~1.5.3
1532 - deps: response-time@~2.3.1
1533 - deps: serve-favicon@~2.2.1
1534 - deps: serve-index@~1.6.4
1535 - deps: serve-static@~1.9.3
1536 - deps: type-is@~1.6.2
1537 * deps: debug@~2.2.0
1540 * deps: proxy-addr@~1.0.8
1541 - deps: ipaddr.js@1.0.1
1543 - deps: debug@~2.2.0
1547 - deps: on-finished@~2.2.1
1552 * deps: connect@2.29.1
1553 - deps: body-parser@~1.12.2
1554 - deps: compression@~1.4.3
1555 - deps: connect-timeout@~1.6.1
1556 - deps: debug@~2.1.3
1557 - deps: errorhandler@~1.3.5
1558 - deps: express-session@~1.10.4
1559 - deps: finalhandler@0.3.4
1560 - deps: method-override@~2.3.2
1561 - deps: morgan@~1.5.2
1563 - deps: serve-index@~1.6.3
1564 - deps: serve-static@~1.9.2
1565 - deps: type-is@~1.6.1
1566 * deps: debug@~2.1.3
1567 - Fix high intensity foreground color for bold
1569 * deps: merge-descriptors@1.0.0
1570 * deps: proxy-addr@~1.0.7
1571 - deps: ipaddr.js@0.1.9
1573 - Throw errors early for invalid `extensions` or `index` options
1574 - deps: debug@~2.1.3
1579 * Fix `req.host` when using "trust proxy" hops count
1580 * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
1585 * Fix `"trust proxy"` setting to inherit when app is mounted
1586 * Generate `ETag`s for all request responses
1587 - No longer restricted to only responses for `GET` and `HEAD` requests
1588 * Use `content-type` to parse `Content-Type` headers
1589 * deps: connect@2.29.0
1590 - Use `content-type` to parse `Content-Type` headers
1591 - deps: body-parser@~1.12.0
1592 - deps: compression@~1.4.1
1593 - deps: connect-timeout@~1.6.0
1594 - deps: cookie-parser@~1.3.4
1595 - deps: cookie-signature@1.0.6
1596 - deps: csurf@~1.7.0
1597 - deps: errorhandler@~1.3.4
1598 - deps: express-session@~1.10.3
1599 - deps: http-errors@~1.3.1
1600 - deps: response-time@~2.3.0
1601 - deps: serve-index@~1.6.2
1602 - deps: serve-static@~1.9.1
1603 - deps: type-is@~1.6.0
1604 * deps: cookie-signature@1.0.6
1606 - Always read the stat size from the file
1607 - Fix mutating passed-in `options`
1613 * deps: connect@2.28.3
1614 - deps: compression@~1.3.1
1615 - deps: csurf@~1.6.6
1616 - deps: errorhandler@~1.3.3
1617 - deps: express-session@~1.10.2
1618 - deps: serve-index@~1.6.1
1619 - deps: type-is@~1.5.6
1620 * deps: proxy-addr@~1.0.6
1621 - deps: ipaddr.js@0.1.8
1626 * deps: connect@2.28.2
1627 - deps: body-parser@~1.10.2
1628 - deps: serve-static@~1.8.1
1630 - Fix root path disclosure
1635 * Fix `OPTIONS` responses to include the `HEAD` method property
1636 * Use `readline` for prompt in `express(1)`
1637 * deps: commander@2.6.0
1638 * deps: connect@2.28.1
1639 - deps: body-parser@~1.10.1
1640 - deps: compression@~1.3.0
1641 - deps: connect-timeout@~1.5.0
1642 - deps: csurf@~1.6.4
1643 - deps: debug@~2.1.1
1644 - deps: errorhandler@~1.3.2
1645 - deps: express-session@~1.10.1
1646 - deps: finalhandler@0.3.3
1647 - deps: method-override@~2.3.1
1648 - deps: morgan@~1.5.1
1649 - deps: serve-favicon@~2.2.0
1650 - deps: serve-index@~1.6.0
1651 - deps: serve-static@~1.8.0
1652 - deps: type-is@~1.5.5
1653 * deps: debug@~2.1.1
1654 * deps: methods@~1.1.1
1655 * deps: proxy-addr@~1.0.5
1656 - deps: ipaddr.js@0.1.6
1658 - deps: debug@~2.1.1
1661 - deps: on-finished@~2.2.0
1666 * Fix exception in `req.fresh`/`req.stale` without response headers
1671 * deps: connect@2.27.6
1672 - deps: compression@~1.2.2
1673 - deps: express-session@~1.9.3
1674 - deps: http-errors@~1.2.8
1675 - deps: serve-index@~1.5.3
1676 - deps: type-is@~1.5.4
1681 * deps: connect@2.27.4
1682 - deps: body-parser@~1.9.3
1683 - deps: compression@~1.2.1
1684 - deps: errorhandler@~1.2.3
1685 - deps: express-session@~1.9.2
1687 - deps: serve-favicon@~2.1.7
1688 - deps: serve-static@~1.5.1
1689 - deps: type-is@~1.5.3
1691 * deps: proxy-addr@~1.0.4
1692 - deps: ipaddr.js@0.1.5
1697 * deps: connect@2.27.3
1698 - Correctly invoke async callback asynchronously
1699 - deps: csurf@~1.6.3
1704 * deps: connect@2.27.2
1705 - Fix handling of URLs containing `://` in the path
1706 - deps: body-parser@~1.9.2
1712 * Fix internal `utils.merge` deprecation warnings
1713 * deps: connect@2.27.1
1714 - deps: body-parser@~1.9.1
1715 - deps: express-session@~1.9.1
1716 - deps: finalhandler@0.3.2
1717 - deps: morgan@~1.4.1
1719 - deps: serve-static@~1.7.1
1721 - deps: on-finished@~2.1.1
1726 * Use `content-disposition` module for `res.attachment`/`res.download`
1727 - Sends standards-compliant `Content-Disposition` header
1728 - Full Unicode support
1729 * Use `etag` module to generate `ETag` headers
1730 * deps: connect@2.27.0
1731 - Use `http-errors` module for creating errors
1732 - Use `utils-merge` module for merging objects
1733 - deps: body-parser@~1.9.0
1734 - deps: compression@~1.2.0
1735 - deps: connect-timeout@~1.4.0
1736 - deps: debug@~2.1.0
1738 - deps: express-session@~1.9.0
1739 - deps: finalhandler@0.3.1
1740 - deps: method-override@~2.3.0
1741 - deps: morgan@~1.4.0
1742 - deps: response-time@~2.2.0
1743 - deps: serve-favicon@~2.1.6
1744 - deps: serve-index@~1.5.0
1745 - deps: serve-static@~1.7.0
1746 * deps: debug@~2.1.0
1747 - Implement `DEBUG_FD` env variable support
1750 - deps: debug@~2.1.0
1757 * deps: connect@2.26.6
1758 - deps: compression@~1.1.2
1759 - deps: csurf@~1.6.2
1760 - deps: errorhandler@~1.2.2
1765 * deps: connect@2.26.5
1766 - Fix accepting non-object arguments to `logger`
1767 - deps: serve-static@~1.6.4
1772 * deps: connect@2.26.4
1773 - deps: morgan@~1.3.2
1774 - deps: type-is@~1.5.2
1779 * deps: connect@2.26.3
1780 - deps: body-parser@~1.8.4
1781 - deps: serve-favicon@~2.1.5
1782 - deps: serve-static@~1.6.3
1783 * deps: proxy-addr@~1.0.3
1784 - Use `forwarded` npm module
1791 * deps: connect@2.26.2
1792 - deps: body-parser@~1.8.3
1798 * deps: proxy-addr@~1.0.2
1799 - Fix a global leak when multiple subnets are trusted
1800 - deps: ipaddr.js@0.1.3
1805 * Use `crc` instead of `buffer-crc32` for speed
1806 * deps: connect@2.26.1
1807 - deps: body-parser@~1.8.2
1809 - deps: express-session@~1.8.2
1810 - deps: morgan@~1.3.1
1811 - deps: serve-favicon@~2.1.3
1812 - deps: serve-static@~1.6.2
1817 - deps: range-parser@~1.0.2
1822 * Fix error in `req.subdomains` on empty host
1827 * Support `X-Forwarded-Host` in `req.subdomains`
1828 * Support IP address host in `req.subdomains`
1829 * deps: connect@2.26.0
1830 - deps: body-parser@~1.8.1
1831 - deps: compression@~1.1.0
1832 - deps: connect-timeout@~1.3.0
1833 - deps: cookie-parser@~1.3.3
1834 - deps: cookie-signature@1.0.5
1835 - deps: csurf@~1.6.1
1836 - deps: debug@~2.0.0
1837 - deps: errorhandler@~1.2.0
1838 - deps: express-session@~1.8.1
1839 - deps: finalhandler@0.2.0
1841 - deps: media-typer@0.3.0
1842 - deps: method-override@~2.2.0
1843 - deps: morgan@~1.3.0
1845 - deps: serve-favicon@~2.1.3
1846 - deps: serve-index@~1.2.1
1847 - deps: serve-static@~1.6.1
1848 - deps: type-is@~1.5.1
1849 - deps: vhost@~3.0.0
1850 * deps: cookie-signature@1.0.5
1851 * deps: debug@~2.0.0
1853 * deps: media-typer@0.3.0
1854 - Throw error when parameter format invalid on parse
1855 * deps: range-parser@~1.0.2
1857 - Add `lastModified` option
1858 - Use `etag` to generate `ETag` header
1859 - deps: debug@~2.0.0
1862 - Accept valid `Vary` header string as `field`
1864 3.16.10 / 2014-09-04
1865 ====================
1867 * deps: connect@2.25.10
1868 - deps: serve-static@~1.5.4
1870 - Fix a path traversal issue when using `root`
1871 - Fix malicious path detection for empty string path
1876 * deps: connect@2.25.9
1877 - deps: body-parser@~1.6.7
1883 * deps: connect@2.25.8
1884 - deps: body-parser@~1.6.6
1885 - deps: csurf@~1.4.1
1891 * deps: connect@2.25.7
1892 - deps: body-parser@~1.6.5
1893 - deps: express-session@~1.7.6
1894 - deps: morgan@~1.2.3
1895 - deps: serve-static@~1.5.3
1897 - deps: destroy@1.0.3
1898 - deps: on-finished@2.1.0
1903 * deps: connect@2.25.6
1904 - deps: body-parser@~1.6.4
1906 - deps: serve-static@~1.5.2
1908 - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
1913 * deps: connect@2.25.5
1914 - Fix backwards compatibility in `logger`
1919 * Fix original URL parsing in `res.location`
1920 * deps: connect@2.25.4
1921 - Fix `query` middleware breaking with argument
1922 - deps: body-parser@~1.6.3
1923 - deps: compression@~1.0.11
1924 - deps: connect-timeout@~1.2.2
1925 - deps: express-session@~1.7.5
1926 - deps: method-override@~2.1.3
1927 - deps: on-headers@~1.0.0
1928 - deps: parseurl@~1.3.0
1930 - deps: response-time@~2.0.1
1931 - deps: serve-index@~1.1.6
1932 - deps: serve-static@~1.5.1
1933 * deps: parseurl@~1.3.0
1938 * deps: connect@2.25.3
1939 - deps: multiparty@3.3.2
1944 * deps: connect@2.25.2
1945 - deps: body-parser@~1.6.2
1951 * deps: connect@2.25.1
1952 - deps: body-parser@~1.6.1
1958 * deps: connect@2.25.0
1959 - deps: body-parser@~1.6.0
1960 - deps: compression@~1.0.10
1961 - deps: csurf@~1.4.0
1962 - deps: express-session@~1.7.4
1964 - deps: serve-static@~1.5.0
1966 - Add `extensions` option
1971 * fix `res.sendfile` regression for serving directory index files
1972 * deps: connect@2.24.3
1973 - deps: serve-index@~1.1.5
1974 - deps: serve-static@~1.4.4
1976 - Fix incorrect 403 on Windows and Node.js 0.11
1977 - Fix serving index files without root dir
1982 * deps: connect@2.24.2
1983 - deps: body-parser@~1.5.2
1985 - deps: express-session@~1.7.2
1986 - deps: morgan@~1.2.2
1987 - deps: serve-static@~1.4.2
1989 - Work-around v8 generating empty stack traces
1996 * deps: connect@2.24.1
1997 - deps: body-parser@~1.5.1
1999 - deps: express-session@~1.7.1
2000 - deps: morgan@~1.2.1
2001 - deps: serve-index@~1.1.4
2002 - deps: serve-static@~1.4.1
2004 - Fix exception when global `Error.stackTraceLimit` is too low
2011 * Fix `req.protocol` for proxy-direct connections
2012 * Pass options from `res.sendfile` to `send`
2013 * deps: connect@2.24.0
2014 - deps: body-parser@~1.5.0
2015 - deps: compression@~1.0.9
2016 - deps: connect-timeout@~1.2.1
2019 - deps: express-session@~1.7.0
2020 - deps: finalhandler@0.1.0
2021 - deps: method-override@~2.1.2
2022 - deps: morgan@~1.2.0
2023 - deps: multiparty@3.3.1
2024 - deps: parseurl@~1.2.0
2025 - deps: serve-static@~1.4.0
2028 - Add `TRACE_DEPRECATION` environment variable
2029 - Remove non-standard grey color from color output
2030 - Support `--no-deprecation` argument
2031 - Support `--trace-deprecation` argument
2032 * deps: parseurl@~1.2.0
2033 - Cache URLs based on original value
2034 - Remove no-longer-needed URL mis-parse work-around
2035 - Simplify the "fast-path" `RegExp`
2037 - Add `dotfiles` option
2038 - Cap `maxAge` value to 1 year
2045 * add explicit "Rosetta Flash JSONP abuse" protection
2046 - previous versions are not vulnerable; this is just explicit protection
2047 * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
2048 * fix `res.send(status, num)` to send `num` as json (not error)
2049 * remove unnecessary escaping when `res.jsonp` returns JSON response
2050 * deps: basic-auth@1.0.0
2051 - support empty password
2052 - support empty username
2053 * deps: connect@2.23.0
2055 - deps: express-session@~1.6.4
2056 - deps: method-override@~2.1.0
2057 - deps: parseurl@~1.1.3
2058 - deps: serve-static@~1.3.1
2060 - Add support for multiple wildcards in namespaces
2061 * deps: methods@1.1.0
2063 * deps: parseurl@~1.1.3
2064 - faster parsing of href-only URLs
2069 * add deprecation message to `app.configure`
2070 * add deprecation message to `req.auth`
2071 * use `basic-auth` to parse `Authorization` header
2072 * deps: connect@2.22.0
2073 - deps: csurf@~1.3.0
2074 - deps: express-session@~1.6.1
2075 - deps: multiparty@3.3.0
2076 - deps: serve-static@~1.3.0
2078 - Accept string for `maxage` (converted by `ms`)
2079 - Include link in default redirect response
2084 * deps: connect@2.21.1
2085 - deps: cookie-parser@1.3.2
2086 - deps: cookie-signature@1.0.4
2087 - deps: express-session@~1.5.2
2088 - deps: type-is@~1.3.2
2089 * deps: cookie-signature@1.0.4
2090 - fix for timing attacks
2095 * use `media-typer` to alter content-type charset
2096 * deps: connect@2.21.0
2097 - deprecate `connect(middleware)` -- use `app.use(middleware)` instead
2098 - deprecate `connect.createServer()` -- use `connect()` instead
2099 - fix `res.setHeader()` patch to work with with get -> append -> set pattern
2100 - deps: compression@~1.0.8
2101 - deps: errorhandler@~1.1.1
2102 - deps: express-session@~1.5.0
2103 - deps: serve-index@~1.1.3
2108 * deprecate things with `depd` module
2109 * deps: buffer-crc32@0.2.3
2110 * deps: connect@2.20.2
2111 - deprecate `verify` option to `json` -- use `body-parser` npm module instead
2112 - deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
2113 - deprecate things with `depd` module
2114 - use `finalhandler` for final response handling
2115 - use `media-typer` to parse `content-type` for charset
2116 - deps: body-parser@1.4.3
2117 - deps: connect-timeout@1.1.1
2118 - deps: cookie-parser@1.3.1
2120 - deps: errorhandler@1.1.0
2121 - deps: express-session@1.4.0
2122 - deps: multiparty@3.2.9
2123 - deps: serve-index@1.1.2
2124 - deps: type-is@1.3.1
2130 * deps: connect@2.19.6
2131 - deps: body-parser@1.3.1
2132 - deps: compression@1.0.7
2134 - deps: serve-index@1.1.1
2135 - deps: serve-static@1.2.3
2138 - Do not throw uncatchable error on file open race condition
2139 - Use `escape-html` for HTML escaping
2141 - deps: finished@1.2.2
2147 * deps: connect@2.19.5
2148 - fix "event emitter leak" warnings
2151 - deps: serve-static@1.2.2
2152 - deps: type-is@1.2.1
2155 - fix "event emitter leak" warnings
2156 - deps: finished@1.2.1
2162 * use `vary` module for `res.vary`
2163 * deps: connect@2.19.4
2164 - deps: errorhandler@1.0.2
2165 - deps: method-override@2.0.2
2166 - deps: serve-favicon@2.0.1
2172 * deps: connect@2.19.3
2173 - deps: compression@1.0.6
2178 * deps: connect@2.19.2
2179 - deps: compression@1.0.4
2180 * deps: proxy-addr@1.0.1
2185 * deps: connect@2.19.1
2186 - deprecate `methodOverride()` -- use `method-override` npm module instead
2187 - deps: body-parser@1.3.0
2188 - deps: method-override@2.0.1
2189 - deps: multiparty@3.2.8
2190 - deps: response-time@2.0.0
2191 - deps: serve-static@1.2.1
2192 * deps: methods@1.0.1
2194 - Send `max-age` in `Cache-Control` in correct format
2199 * custom etag control with `app.set('etag', val)`
2200 - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
2201 - `app.set('etag', 'weak')` weak tag
2202 - `app.set('etag', 'strong')` strong etag
2203 - `app.set('etag', false)` turn off
2204 - `app.set('etag', true)` standard etag
2205 * Include ETag in HEAD requests
2206 * mark `res.send` ETag as weak and reduce collisions
2207 * update connect to 2.18.0
2208 - deps: compression@1.0.3
2209 - deps: serve-index@1.1.0
2210 - deps: serve-static@1.2.0
2211 * update send to 0.4.0
2212 - Calculate ETag with md5 for reduced collisions
2213 - Ignore stream errors after request ends
2219 * update connect to 2.17.3
2220 - deps: body-parser@1.2.2
2221 - deps: express-session@1.2.1
2222 - deps: method-override@1.0.2
2227 * keep previous `Content-Type` for `res.jsonp`
2228 * set proper `charset` in `Content-Type` for `res.send`
2229 * update connect to 2.17.1
2230 - fix `res.charset` appending charset when `content-type` has one
2231 - deps: express-session@1.2.0
2232 - deps: morgan@1.1.1
2233 - deps: serve-index@1.0.3
2238 * proper proxy trust with `app.set('trust proxy', trust)`
2239 - `app.set('trust proxy', 1)` trust first hop
2240 - `app.set('trust proxy', 'loopback')` trust loopback addresses
2241 - `app.set('trust proxy', '10.0.0.1')` trust single IP
2242 - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
2243 - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
2244 - `app.set('trust proxy', false)` turn off
2245 - `app.set('trust proxy', true)` trust everything
2246 * update connect to 2.16.2
2247 - deprecate `res.headerSent` -- use `res.headersSent`
2248 - deprecate `res.on("header")` -- use on-headers module instead
2249 - fix edge-case in `res.appendHeader` that would append in wrong order
2250 - json: use body-parser
2251 - urlencoded: use body-parser
2253 - dep: cookie-parser@1.1.0
2255 - dep: express-session@1.1.0
2256 - dep: method-override@1.0.1
2261 * deprecate `app.del()` -- use `app.delete()` instead
2262 * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
2263 - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
2264 * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
2265 - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
2266 * support PURGE method
2268 - add `router.purge`
2269 - include PURGE in `app.all`
2270 * update connect to 2.15.0
2271 * Add `res.appendHeader`
2272 * Call error stack even when response has been sent
2273 * Patch `res.headerSent` to return Boolean
2274 * Patch `res.headersSent` for node.js 0.8
2275 * Prevent default 404 handler after response sent
2276 * dep: compression@1.0.2
2277 * dep: connect-timeout@1.1.0
2279 * dep: errorhandler@1.0.1
2280 * dep: express-session@1.0.4
2282 * dep: serve-favicon@2.0.0
2283 * dep: serve-index@1.0.2
2284 * update debug to 0.8.0
2285 * add `enable()` method
2286 * change from stderr to stdout
2287 * update methods to 1.0.0
2289 * update mkdirp to 0.5.0
2294 * fix `req.host` for IPv6 literals
2295 * fix `res.jsonp` error if callback param is object
2300 * update connect to 2.14.5
2301 * update cookie to 0.1.2
2302 * update mkdirp to 0.4.0
2303 * update send to 0.3.0
2308 * pin less-middleware in generated app
2318 * prevent incorrect automatic OPTIONS responses #1868 @dpatti
2319 * update binary and examples for jade 1.0 #1876 @yossi, #1877 @reqshark, #1892 @matheusazzi
2320 * throw 400 in case of malformed paths @rlidwka
2330 * update connect (raw-body)
2336 * res.location: remove leading ./ #1802 @kapouer
2337 * res.redirect: fix `res.redirect('toString') #1829 @michaelficarra
2338 * res.send: always send ETag when content-length > 0
2339 * router: add Router.all() method
2347 * express(1): replace bodyParser() with urlencoded() and json() #1795 @chirag04
2358 * downgrade commander
2365 * jsonp: check if callback is a function
2366 * router: wrap encodeURIComponent in a try/catch #1735 (@lxe)
2367 * res.format: now includes charset @1747 (@sorribas)
2368 * res.links: allow multiple calls @1746 (@sorribas)
2373 * add res.vary(). Closes #1682
2389 * Revert "remove charset from json responses. Closes #1631" (causes issues in some clients)
2390 * add: req.accepts take an argument list
2395 * update send and connect
2407 * remove .version export
2418 * add support for multiple X-Forwarded-Proto values. Closes #1646
2419 * change: remove charset from json responses. Closes #1631
2420 * change: return actual booleans from req.accept* functions
2421 * fix jsonp callback array throw
2432 * update node-cookie
2433 * add: throw a meaningful error when there is no default engine
2434 * change generation of ETags with res.send() to GET requests only. Closes #1619
2439 * fix `req.subdomains` when no Host is present
2440 * fix `req.host` when no Host is present, return undefined
2445 * update connect / qs
2455 * add app.VERB() paths array deprecation warning
2457 * update qs and remove all ~ semver crap
2458 * fix: accept number as value of Signed Cookie
2463 * add "view" constructor setting to override view behaviour
2464 * add req.acceptsEncoding(name)
2465 * add req.acceptedEncodings
2466 * revert cookie signature change causing session race conditions
2467 * fix sorting of Accept values of the same quality
2472 * add support for custom Accept parameters
2473 * update cookie-signature
2478 * add X-Forwarded-Host support to `req.host`
2479 * fix relative redirects
2481 * update buffer-crc32
2482 * remove legacy app.configure() method from app template.
2487 * add support for leading "." in "view engine" setting
2488 * add array support to `res.set()`
2489 * add node 0.8.x to travis.yml
2490 * add "subdomain offset" setting for tweaking `req.subdomains`
2491 * add `res.location(url)` implementing `res.redirect()`-like setting of Location
2492 * use app.get() for x-powered-by setting for inheritance
2493 * fix colons in passwords for `req.auth`
2498 * add http verb methods to Router
2500 * fix mangling of the `res.cookie()` options object
2501 * fix jsonp whitespace escape. Closes #1132
2506 * add throwing when a non-function is passed to a route
2507 * fix: explicitly remove Transfer-Encoding header from 204 and 304 responses
2508 * revert "add 'etag' option"
2513 * add 'etag' option to disable `res.send()` Etags
2514 * add escaping of urls in text/plain in `res.redirect()`
2515 for old browsers interpreting as html
2516 * change crc32 module for a more liberal license
2523 * update cookie module
2524 * fix cookie max-age
2529 * add OPTIONS to cors example. Closes #1398
2530 * fix route chaining regression. Closes #1397
2541 * add "Basic" check to req.auth
2542 * add `req.auth` test coverage
2543 * add cb && cb(payload) to `res.jsonp()`. Closes #1374
2544 * add backwards compat for `res.redirect()` status. Closes #1336
2545 * add support for `res.json()` to retain previously defined Content-Types. Closes #1349
2547 * change `res.redirect()` to utilize a pathname-relative Location again. Closes #1382
2548 * remove non-primitive string support for `res.send()`
2549 * fix view-locals example. Closes #1370
2550 * fix route-separation example
2552 3.0.0rc5 / 2012-09-18
2556 * add redis search example
2557 * add static-files example
2558 * add "x-powered-by" setting (`app.disable('x-powered-by')`)
2559 * add "application/octet-stream" redirect Accept test case. Closes #1317
2561 3.0.0rc4 / 2012-08-30
2564 * add `res.jsonp()`. Closes #1307
2565 * add "verbose errors" option to error-pages example
2566 * add another route example to express(1) so people are not so confused
2567 * add redis online user activity tracking example
2568 * update connect dep
2569 * fix etag quoting. Closes #1310
2570 * fix error-pages 404 status
2571 * fix jsonp callback char restrictions
2572 * remove old OPTIONS default response
2574 3.0.0rc3 / 2012-08-13
2577 * update connect dep
2578 * fix signed cookies to work with `connect.cookieParser()` ("s:" prefix was missing) [tnydwrds]
2579 * fix `res.render()` clobbering of "locals"
2581 3.0.0rc2 / 2012-08-03
2585 * update connect dep
2586 * deprecate `.createServer()` & remove old stale examples
2587 * fix: escape `res.redirect()` link
2590 3.0.0rc1 / 2012-07-24
2593 * add more examples to view-locals
2594 * add scheme-relative redirects (`res.redirect("//foo.com")`) support
2596 * update connect dep
2598 * fix `express(1)` -h flag, use -H for hogan. Closes #1245
2599 * fix `res.sendfile()` socket error handling regression
2601 3.0.0beta7 / 2012-07-16
2604 * update connect dep for `send()` root normalization regression
2606 3.0.0beta6 / 2012-07-13
2609 * add `err.view` property for view errors. Closes #1226
2610 * add "jsonp callback name" setting
2611 * add support for "/foo/:bar*" non-greedy matches
2612 * change `res.sendfile()` to use `send()` module
2613 * change `res.send` to use "response-send" module
2614 * remove `app.locals.use` and `res.locals.use`, use regular middleware
2616 3.0.0beta5 / 2012-07-03
2619 * add "make check" support
2620 * add route-map example
2621 * add `res.json(obj, status)` support back for BC
2622 * add "methods" dep, remove internal methods module
2623 * update connect dep
2624 * update auth example to utilize cores pbkdf2
2625 * updated tests to use "supertest"
2627 3.0.0beta4 / 2012-06-25
2631 * Added `req.range(size)`
2632 * Added `res.links(obj)`
2633 * Added `res.send(body, status)` support back for backwards compat
2634 * Added `.default()` support to `res.format()`
2635 * Added 2xx / 304 check to `req.fresh`
2636 * Revert "Added + support to the router"
2637 * Fixed `res.send()` freshness check, respect res.statusCode
2639 3.0.0beta3 / 2012-06-15
2642 * Added hogan `--hjs` to express(1) [nullfirm]
2643 * Added another example to content-negotiation
2645 * Changed: `res.send()` always checks freshness
2646 * Fixed: expose connects mime module. Closes #1165
2648 3.0.0beta2 / 2012-06-06
2651 * Added `+` support to the router
2653 * Changed `req.param()` to check route first
2654 * Update connect dep
2656 3.0.0beta1 / 2012-06-01
2659 * Added `res.format()` callback to override default 406 behaviour
2660 * Fixed `res.redirect()` 406. Closes #1154
2662 3.0.0alpha5 / 2012-05-30
2666 * Added `{ signed: true }` option to `res.cookie()`
2667 * Removed `res.signedCookie()`
2668 * Changed: dont reverse `req.ips`
2669 * Fixed "trust proxy" setting check for `req.ips`
2671 3.0.0alpha4 / 2012-05-09
2674 * Added: allow `[]` in jsonp callback. Closes #1128
2675 * Added `PORT` env var support in generated template. Closes #1118 [benatkin]
2676 * Updated: connect 2.2.2
2678 3.0.0alpha3 / 2012-05-04
2681 * Added public `app.routes`. Closes #887
2682 * Added _view-locals_ example
2683 * Added _mvc_ example
2684 * Added `res.locals.use()`. Closes #1120
2685 * Added conditional-GET support to `res.send()`
2686 * Added: coerce `res.set()` values to strings
2687 * Changed: moved `static()` in generated apps below router
2688 * Changed: `res.send()` only set ETag when not previously set
2689 * Changed connect 2.2.1 dep
2690 * Changed: `make test` now runs unit / acceptance tests
2691 * Fixed req/res proto inheritance
2693 3.0.0alpha2 / 2012-04-26
2696 * Added `make benchmark` back
2697 * Added `res.send()` support for `String` objects
2698 * Added client-side data exposing example
2699 * Added `res.header()` and `req.header()` aliases for BC
2700 * Added `express.createServer()` for BC
2701 * Perf: memoize parsed urls
2702 * Perf: connect 2.2.0 dep
2703 * Changed: make `expressInit()` middleware self-aware
2704 * Fixed: use app.get() for all core settings
2705 * Fixed redis session example
2706 * Fixed session example. Closes #1105
2707 * Fixed generated express dep. Closes #1078
2709 3.0.0alpha1 / 2012-04-15
2712 * Added `app.locals.use(callback)`
2713 * Added `app.locals` object
2714 * Added `app.locals(obj)`
2715 * Added `res.locals` object
2716 * Added `res.locals(obj)`
2717 * Added `res.format()` for content-negotiation
2718 * Added `app.engine()`
2719 * Added `res.cookie()` JSON cookie support
2720 * Added "trust proxy" setting
2721 * Added `req.subdomains`
2722 * Added `req.protocol`
2723 * Added `req.secure`
2728 * Added comma-delimited / array support for `req.accepts()`
2729 * Added debug instrumentation
2730 * Added `res.set(obj)`
2731 * Added `res.set(field, value)`
2732 * Added `res.get(field)`
2733 * Added `app.get(setting)`. Closes #842
2734 * Added `req.acceptsLanguage()`
2735 * Added `req.acceptsCharset()`
2736 * Added `req.accepted`
2737 * Added `req.acceptedLanguages`
2738 * Added `req.acceptedCharsets`
2739 * Added "json replacer" setting
2740 * Added "json spaces" setting
2741 * Added X-Forwarded-Proto support to `res.redirect()`. Closes #92
2742 * Added `--less` support to express(1)
2743 * Added `express.response` prototype
2744 * Added `express.request` prototype
2745 * Added `express.application` prototype
2746 * Added `app.path()`
2747 * Added `app.render()`
2748 * Added `res.type()` to replace `res.contentType()`
2749 * Changed: `res.redirect()` to add relative support
2750 * Changed: enable "jsonp callback" by default
2751 * Changed: renamed "case sensitive routes" to "case sensitive routing"
2752 * Rewrite of all tests with mocha
2753 * Removed "root" setting
2754 * Removed `res.redirect('home')` support
2755 * Removed `req.notify()`
2756 * Removed `app.register()`
2757 * Removed `app.redirect()`
2758 * Removed `app.is()`
2759 * Removed `app.helpers()`
2760 * Removed `app.dynamicHelpers()`
2761 * Fixed `res.sendfile()` with non-GET. Closes #723
2762 * Fixed express(1) public dir for windows. Closes #866
2767 * Added support for PURGE request method [pbuyle]
2768 * Fixed `express(1)` generated app `app.address()` before `listening` [mmalecki]
2773 * Update mkdirp dep. Closes #991
2778 * Fixed `app.all` duplicate DELETE requests [mscdex]
2783 * Updated hamljs dev dep. Closes #953
2788 * Fixed: set `filename` on cached templates [matthewleon]
2793 * Fixed `express(1)` eol on 0.4.x. Closes #947
2798 * Fixed `req.is()` when a charset is present
2803 * Fixed: express(1) LF -> CRLF for windows
2808 * Changed: updated connect to 1.8.x
2809 * Removed sass.js support from express(1)
2814 * Added ./routes dir for generated app by default
2815 * Added npm install reminder to express(1) app gen
2816 * Added 0.5.x support
2817 * Removed `make test-cov` since it wont work with node 0.5.x
2818 * Fixed express(1) public dir for windows. Closes #866
2823 * Added mkdirp to express(1). Closes #795
2824 * Added simple _json-config_ example
2825 * Added shorthand for the parsed request's pathname via `req.path`
2826 * Changed connect dep to 1.7.x to fix npm issue...
2827 * Fixed `res.redirect()` __HEAD__ support. [reported by xerox]
2828 * Fixed `req.flash()`, only escape args
2829 * Fixed absolute path checking on windows. Closes #829 [reported by andrewpmckenzie]
2834 * Fixed multiple param callback regression. Closes #824 [reported by TroyGoode]
2839 * Added support for routes to handle errors. Closes #809
2840 * Added `app.routes.all()`. Closes #803
2841 * Added "basepath" setting to work in conjunction with reverse proxies etc.
2842 * Refactored `Route` to use a single array of callbacks
2843 * Added support for multiple callbacks for `app.param()`. Closes #801
2845 * Changed: removed .call(self) for route callbacks
2846 * Dependency: `qs >= 0.3.1`
2847 * Fixed `res.redirect()` on windows due to `join()` usage. Closes #808
2852 * Fixed `res.header()` intention of a set, even when `undefined`
2853 * Fixed `*`, value no longer required
2854 * Fixed `res.send(204)` support. Closes #771
2859 * Added docs for `status` option special-case. Closes #739
2860 * Fixed `options.filename`, exposing the view path to template engines
2865 * Revert "removed jsonp stripping" for XSS
2870 * Added `res.json()` JSONP support. Closes #737
2871 * Added _extending-templates_ example. Closes #730
2872 * Added "strict routing" setting for trailing slashes
2873 * Added support for multiple envs in `app.configure()` calls. Closes #735
2874 * Changed: `res.send()` using `res.json()`
2875 * Changed: when cookie `path === null` don't default it
2876 * Changed; default cookie path to "home" setting. Closes #731
2877 * Removed _pids/logs_ creation from express(1)
2882 * Added chainable `res.status(code)`
2883 * Added `res.json()`, an explicit version of `res.send(obj)`
2884 * Added simple web-service example
2889 * \#express is now on freenode! come join!
2890 * Added `req.get(field, param)`
2891 * Added links to Japanese documentation, thanks @hideyukisaito!
2892 * Added; the `express(1)` generated app outputs the env
2893 * Added `content-negotiation` example
2894 * Dependency: connect >= 1.5.1 < 2.0.0
2895 * Fixed view layout bug. Closes #720
2896 * Fixed; ignore body on 304. Closes #701
2902 * Removed generation of dummy test file from `express(1)`
2903 * Fixed; `express(1)` adds express as a dep
2904 * Fixed; prune on `prepublish`
2909 * Added `req.route`, exposing the current route
2910 * Added _package.json_ generation support to `express(1)`
2911 * Fixed call to `app.param()` function for optional params. Closes #682
2916 * Fixed bug-ish with `../' in `res.partial()` calls
2921 * Fixed `app.options()`
2926 * Added route `Collection`, ex: `app.get('/user/:id').remove();`
2927 * Added support for `app.param(fn)` to define param logic
2928 * Removed `app.param()` support for callback with return value
2929 * Removed module.parent check from express(1) generated app. Closes #670
2930 * Refactored router. Closes #639
2935 * Changed; using devDependencies instead of git submodules
2936 * Fixed redis session example
2937 * Fixed markdown example
2938 * Fixed view caching, should not be enabled in development
2943 * Added export `.view` as alias for `.View`
2948 * Added `./examples/say`
2949 * Fixed `res.sendfile()` bug preventing the transfer of files with spaces
2954 * Added "case sensitive routes" option.
2955 * Changed; split methods supported per rfc [slaskis]
2956 * Fixed route-specific middleware when using the same callback function several times
2966 * Added `app.match()` as `app.match.all()`
2967 * Added `app.lookup()` as `app.lookup.all()`
2968 * Added `app.remove()` for `app.remove.all()`
2969 * Added `app.remove.VERB()`
2970 * Fixed template caching collision issue. Closes #644
2971 * Moved router over from connect and started refactor
2976 * Added options support to `res.clearCookie()`
2977 * Added `res.helpers()` as alias of `res.locals()`
2978 * Added; json defaults to UTF-8 with `res.send()`. Closes #632. [Daniel * Dependency `connect >= 1.4.0`
2979 * Changed; auto set Content-Type in res.attachement [Aaron Heckmann]
2980 * Renamed "cache views" to "view cache". Closes #628
2981 * Fixed caching of views when using several apps. Closes #637
2982 * Fixed gotcha invoking `app.param()` callbacks once per route middleware.
2984 * Fixed partial lookup precedence. Closes #631
2990 * Added second callback support for `res.download()` connection errors
2991 * Fixed `filename` option passing to template engine
2996 * Added `layout(path)` helper to change the layout within a view. Closes #610
2997 * Fixed `partial()` collection object support.
2998 Previously only anything with `.length` would work.
2999 When `.length` is present one must still be aware of holes,
3000 however now `{ collection: {foo: 'bar'}}` is valid, exposes
3001 `keyInCollection` and `keysInCollection`.
3003 * Performance improved with better view caching
3004 * Removed `request` and `response` locals
3005 * Changed; errorHandler page title is now `Express` instead of `Connect`
3010 * Added `app.lookup.VERB()`, ex `app.lookup.put('/user/:id')`. Closes #606
3011 * Added `app.match.VERB()`, ex `app.match.put('/user/12')`. Closes #606
3012 * Added `app.VERB(path)` as alias of `app.lookup.VERB()`.
3013 * Dependency `connect >= 1.2.0`
3018 * Added; expose `err.view` object when failing to locate a view
3019 * Fixed `res.partial()` call `next(err)` when no callback is given [reported by aheckmann]
3020 * Fixed; `res.send(undefined)` responds with 204 [aheckmann]
3025 * Added `<root>/_?<name>` partial lookup support. Closes #447
3026 * Added `request`, `response`, and `app` local variables
3027 * Added `settings` local variable, containing the app's settings
3028 * Added `req.flash()` exception if `req.session` is not available
3029 * Added `res.send(bool)` support (json response)
3030 * Fixed stylus example for latest version
3031 * Fixed; wrap try/catch around `res.render()`
3036 * Fixed up index view path alternative.
3037 * Changed; `res.locals()` without object returns the locals
3039 2.0.0rc3 / 2011-03-17
3042 * Added `res.locals(obj)` to compliment `res.local(key, val)`
3043 * Added `res.partial()` callback support
3044 * Fixed recursive error reporting issue in `res.render()`
3046 2.0.0rc2 / 2011-03-17
3049 * Changed; `partial()` "locals" are now optional
3050 * Fixed `SlowBuffer` support. Closes #584 [reported by tyrda01]
3051 * Fixed .filename view engine option [reported by drudge]
3052 * Fixed blog example
3053 * Fixed `{req,res}.app` reference when mounting [Ben Weaver]
3055 2.0.0rc / 2011-03-14
3058 * Fixed; expose `HTTPSServer` constructor
3059 * Fixed express(1) default test charset. Closes #579 [reported by secoif]
3060 * Fixed; default charset to utf-8 instead of utf8 for lame IE [reported by NickP]
3062 2.0.0beta3 / 2011-03-09
3065 * Added support for `res.contentType()` literal
3066 The original `res.contentType('.json')`,
3067 `res.contentType('application/json')`, and `res.contentType('json')`
3069 * Added `res.render()` status option support back
3070 * Added charset option for `res.render()`
3071 * Added `.charset` support (via connect 1.0.4)
3072 * Added view resolution hints when in development and a lookup fails
3073 * Added layout lookup support relative to the page view.
3074 For example while rendering `./views/user/index.jade` if you create
3075 `./views/user/layout.jade` it will be used in favour of the root layout.
3076 * Fixed `res.redirect()`. RFC states absolute url [reported by unlink]
3077 * Fixed; default `res.send()` string charset to utf8
3078 * Removed `Partial` constructor (not currently used)
3080 2.0.0beta2 / 2011-03-07
3083 * Added res.render() `.locals` support back to aid in migration process
3084 * Fixed flash example
3086 2.0.0beta / 2011-03-03
3089 * Added HTTPS support
3090 * Added `res.cookie()` maxAge support
3091 * Added `req.header()` _Referrer_ / _Referer_ special-case, either works
3092 * Added mount support for `res.redirect()`, now respects the mount-point
3093 * Added `union()` util, taking place of `merge(clone())` combo
3094 * Added stylus support to express(1) generated app
3095 * Added secret to session middleware used in examples and generated app
3096 * Added `res.local(name, val)` for progressive view locals
3097 * Added default param support to `req.param(name, default)`
3098 * Added `app.disabled()` and `app.enabled()`
3099 * Added `app.register()` support for omitting leading ".", either works
3100 * Added `res.partial()`, using the same interface as `partial()` within a view. Closes #539
3101 * Added `app.param()` to map route params to async/sync logic
3102 * Added; aliased `app.helpers()` as `app.locals()`. Closes #481
3103 * Added extname with no leading "." support to `res.contentType()`
3104 * Added `cache views` setting, defaulting to enabled in "production" env
3105 * Added index file partial resolution, eg: partial('user') may try _views/user/index.jade_.
3106 * Added `req.accepts()` support for extensions
3107 * Changed; `res.download()` and `res.sendfile()` now utilize Connect's
3108 static file server `connect.static.send()`.
3109 * Changed; replaced `connect.utils.mime()` with npm _mime_ module
3110 * Changed; allow `req.query` to be pre-defined (via middleware or other parent
3111 * Changed view partial resolution, now relative to parent view
3112 * Changed view engine signature. no longer `engine.render(str, options, callback)`, now `engine.compile(str, options) -> Function`, the returned function accepts `fn(locals)`.
3113 * Fixed `req.param()` bug returning Array.prototype methods. Closes #552
3114 * Fixed; using `Stream#pipe()` instead of `sys.pump()` in `res.sendfile()`
3115 * Fixed; using _qs_ module instead of _querystring_
3116 * Fixed; strip unsafe chars from jsonp callbacks
3117 * Removed "stream threshold" setting
3122 * Allow `req.query` to be pre-defined (via middleware or other parent app)
3123 * "connect": ">= 0.5.0 < 1.0.0". Closes #547
3124 * Removed the long deprecated __EXPRESS_ENV__ support
3129 * Fixed `render()` setting inheritance.
3130 Mounted apps would not inherit "view engine"
3135 * Fixed `view engine` setting bug when period is in dirname
3140 * Added secret to generated app `session()` call
3145 * Added `qs` dependency to _package.json_
3146 * Fixed namespaced `require()`s for latest connect support
3151 * Remove unsafe characters from JSONP callback names [Ryan Grove]
3156 * Removed nested require, using `connect.router`
3161 * Fixed for middleware stacked via `createServer()`
3162 previously the `foo` middleware passed to `createServer(foo)`
3163 would not have access to Express methods such as `res.send()`
3164 or props like `req.query` etc.
3169 * Added; deduce partial object names from the last segment.
3170 For example by default `partial('forum/post', postObject)` will
3171 give you the _post_ object, providing a meaningful default.
3172 * Added http status code string representation to `res.redirect()` body
3173 * Added; `res.redirect()` supporting _text/plain_ and _text/html_ via __Accept__.
3174 * Added `req.is()` to aid in content negotiation
3175 * Added partial local inheritance [suggested by masylum]. Closes #102
3176 providing access to parent template locals.
3177 * Added _-s, --session[s]_ flag to express(1) to add session related middleware
3178 * Added _--template_ flag to express(1) to specify the
3179 template engine to use.
3180 * Added _--css_ flag to express(1) to specify the
3181 stylesheet engine to use (or just plain css by default).
3182 * Added `app.all()` support [thanks aheckmann]
3183 * Added partial direct object support.
3184 You may now `partial('user', user)` providing the "user" local,
3185 vs previously `partial('user', { object: user })`.
3186 * Added _route-separation_ example since many people question ways
3187 to do this with CommonJS modules. Also view the _blog_ example for
3189 * Performance; caching view path derived partial object names
3190 * Fixed partial local inheritance precedence. [reported by Nick Poulden] Closes #454
3191 * Fixed jsonp support; _text/javascript_ as per mailinglist discussion
3193 1.0.0rc4 / 2010-10-14
3196 * Added _NODE_ENV_ support, _EXPRESS_ENV_ is deprecated and will be removed in 1.0.0
3197 * Added route-middleware support (very helpful, see the [docs](http://expressjs.com/guide.html#Route-Middleware))
3198 * Added _jsonp callback_ setting to enable/disable jsonp autowrapping [Dav Glass]
3199 * Added callback query check on response.send to autowrap JSON objects for simple webservice implementations [Dav Glass]
3200 * Added `partial()` support for array-like collections. Closes #434
3201 * Added support for swappable querystring parsers
3202 * Added session usage docs. Closes #443
3203 * Added dynamic helper caching. Closes #439 [suggested by maritz]
3204 * Added authentication example
3205 * Added basic Range support to `res.sendfile()` (and `res.download()` etc)
3206 * Changed; `express(1)` generated app using 2 spaces instead of 4
3207 * Default env to "development" again [aheckmann]
3208 * Removed _context_ option is no more, use "scope"
3209 * Fixed; exposing _./support_ libs to examples so they can run without installs
3212 1.0.0rc3 / 2010-09-20
3215 * Added confirmation for `express(1)` app generation. Closes #391
3216 * Added extending of flash formatters via `app.flashFormatters`
3217 * Added flash formatter support. Closes #411
3218 * Added streaming support to `res.sendfile()` using `sys.pump()` when >= "stream threshold"
3219 * Added _stream threshold_ setting for `res.sendfile()`
3220 * Added `res.send()` __HEAD__ support
3221 * Added `res.clearCookie()`
3222 * Added `res.cookie()`
3223 * Added `res.render()` headers option
3224 * Added `res.redirect()` response bodies
3225 * Added `res.render()` status option support. Closes #425 [thanks aheckmann]
3226 * Fixed `res.sendfile()` responding with 403 on malicious path
3227 * Fixed `res.download()` bug; when an error occurs remove _Content-Disposition_
3228 * Fixed; mounted apps settings now inherit from parent app [aheckmann]
3229 * Fixed; stripping Content-Length / Content-Type when 204
3230 * Fixed `res.send()` 204. Closes #419
3231 * Fixed multiple _Set-Cookie_ headers via `res.header()`. Closes #402
3232 * Fixed bug messing with error handlers when `listenFD()` is called instead of `listen()`. [thanks guillermo]
3235 1.0.0rc2 / 2010-08-17
3238 * Added `app.register()` for template engine mapping. Closes #390
3239 * Added `res.render()` callback support as second argument (no options)
3240 * Added callback support to `res.download()`
3241 * Added callback support for `res.sendfile()`
3242 * Added support for middleware access via `express.middlewareName()` vs `connect.middlewareName()`
3243 * Added "partials" setting to docs
3244 * Added default expresso tests to `express(1)` generated app. Closes #384
3245 * Fixed `res.sendfile()` error handling, defer via `next()`
3246 * Fixed `res.render()` callback when a layout is used [thanks guillermo]
3247 * Fixed; `make install` creating ~/.node_libraries when not present
3248 * Fixed issue preventing error handlers from being defined anywhere. Closes #387
3250 1.0.0rc / 2010-07-28
3253 * Added mounted hook. Closes #369
3254 * Added connect dependency to _package.json_
3256 * Removed "reload views" setting and support code
3257 development env never caches, production always caches.
3259 * Removed _param_ in route callbacks, signature is now
3260 simply (req, res, next), previously (req, res, params, next).
3261 Use _req.params_ for path captures, _req.query_ for GET params.
3263 * Fixed "home" setting
3264 * Fixed middleware/router precedence issue. Closes #366
3265 * Fixed; _configure()_ callbacks called immediately. Closes #368
3267 1.0.0beta2 / 2010-07-23
3270 * Added more examples
3271 * Added; exporting `Server` constructor
3272 * Added `Server#helpers()` for view locals
3273 * Added `Server#dynamicHelpers()` for dynamic view locals. Closes #349
3274 * Added support for absolute view paths
3275 * Added; _home_ setting defaults to `Server#route` for mounted apps. Closes #363
3276 * Added Guillermo Rauch to the contributor list
3277 * Added support for "as" for non-collection partials. Closes #341
3278 * Fixed _install.sh_, ensuring _~/.node_libraries_ exists. Closes #362 [thanks jf]
3279 * Fixed `res.render()` exceptions, now passed to `next()` when no callback is given [thanks guillermo]
3280 * Fixed instanceof `Array` checks, now `Array.isArray()`
3281 * Fixed express(1) expansion of public dirs. Closes #348
3282 * Fixed middleware precedence. Closes #345
3283 * Fixed view watcher, now async [thanks aheckmann]
3285 1.0.0beta / 2010-07-15
3291 - Check [ExpressJS.com](http://expressjs.com) for migration guide and updated docs
3296 * Utilize relative requires
3297 * Added Static bufferSize option [aheckmann]
3298 * Fixed caching of view and partial subdirectories [aheckmann]
3299 * Fixed mime.type() comments now that ".ext" is not supported
3300 * Updated haml submodule
3301 * Updated class submodule
3302 * Removed bin/express
3307 * Added node v0.1.97 compatibility
3308 * Added support for deleting cookies via Request#cookie('key', null)
3309 * Updated haml submodule
3310 * Fixed not-found page, now using using charset utf-8
3311 * Fixed show-exceptions page, now using using charset utf-8
3312 * Fixed view support due to fs.readFile Buffers
3313 * Changed; mime.type() no longer accepts ".type" due to node extname() changes
3318 * Added node v0.1.96 compatibility
3319 * Added view `helpers` export which act as additional local variables
3320 * Updated haml submodule
3321 * Changed ETag; removed inode, modified time only
3322 * Fixed LF to CRLF for setting multiple cookies
3323 * Fixed cookie compilation; values are now urlencoded
3324 * Fixed cookies parsing; accepts quoted values and url escaped cookies
3329 * Added support for layouts using different engines
3330 - this.render('page.html.haml', { layout: 'super-cool-layout.html.ejs' })
3331 - this.render('page.html.haml', { layout: 'foo' }) // assumes 'foo.html.haml'
3332 - this.render('page.html.haml', { layout: false }) // no layout
3333 * Updated ext submodule
3334 * Updated haml submodule
3335 * Fixed EJS partial support by passing along the context. Issue #307
3340 * Fixed binary uploads.
3345 * Added charset support via Request#charset (automatically assigned to 'UTF-8' when respond()'s
3346 encoding is set to 'utf8' or 'utf-8'.
3347 * Added "encoding" option to Request#render(). Closes #299
3348 * Added "dump exceptions" setting, which is enabled by default.
3349 * Added simple ejs template engine support
3350 * Added error response support for text/plain, application/json. Closes #297
3351 * Added callback function param to Request#error()
3352 * Added Request#sendHead()
3353 * Added Request#stream()
3354 * Added support for Request#respond(304, null) for empty response bodies
3355 * Added ETag support to Request#sendfile()
3356 * Added options to Request#sendfile(), passed to fs.createReadStream()
3357 * Added filename arg to Request#download()
3358 * Performance enhanced due to pre-reversing plugins so that plugins.reverse() is not called on each request
3359 * Performance enhanced by preventing several calls to toLowerCase() in Router#match()
3360 * Changed; Request#sendfile() now streams
3361 * Changed; Renamed Request#halt() to Request#respond(). Closes #289
3362 * Changed; Using sys.inspect() instead of JSON.encode() for error output
3363 * Changed; run() returns the http.Server instance. Closes #298
3364 * Changed; Defaulting Server#host to null (INADDR_ANY)
3365 * Changed; Logger "common" format scale of 0.4f
3366 * Removed Logger "request" format
3367 * Fixed; Catching ENOENT in view caching, preventing error when "views/partials" is not found
3368 * Fixed several issues with http client
3369 * Fixed Logger Content-Length output
3370 * Fixed bug preventing Opera from retaining the generated session id. Closes #292
3375 * Added DSL level error() route support
3376 * Added DSL level notFound() route support
3377 * Added Request#error()
3378 * Added Request#notFound()
3379 * Added Request#render() callback function. Closes #258
3380 * Added "max upload size" setting
3381 * Added "magic" variables to collection partials (\_\_index\_\_, \_\_length\_\_, \_\_isFirst\_\_, \_\_isLast\_\_). Closes #254
3382 * Added [haml.js](http://github.com/visionmedia/haml.js) submodule; removed haml-js
3383 * Added callback function support to Request#halt() as 3rd/4th arg
3384 * Added preprocessing of route param wildcards using param(). Closes #251
3385 * Added view partial support (with collections etc)
3386 * Fixed bug preventing falsey params (such as ?page=0). Closes #286
3387 * Fixed setting of multiple cookies. Closes #199
3388 * Changed; view naming convention is now NAME.TYPE.ENGINE (for example page.html.haml)
3389 * Changed; session cookie is now httpOnly
3390 * Changed; Request is no longer global
3391 * Changed; Event is no longer global
3392 * Changed; "sys" module is no longer global
3393 * Changed; moved Request#download to Static plugin where it belongs
3394 * Changed; Request instance created before body parsing. Closes #262
3395 * Changed; Pre-caching views in memory when "cache view contents" is enabled. Closes #253
3396 * Changed; Pre-caching view partials in memory when "cache view partials" is enabled
3397 * Updated support to node --version 0.1.90
3398 * Updated dependencies
3399 * Removed set("session cookie") in favour of use(Session, { cookie: { ... }})
3400 * Removed utils.mixin(); use Object#mergeDeep()
3405 * Added coffeescript example app. Closes #242
3406 * Changed; cache api now async friendly. Closes #240
3407 * Removed deprecated 'express/static' support. Use 'express/plugins/static'
3412 * Added Request#isXHR. Closes #229
3413 * Added `make install` (for the executable)
3414 * Added `express` executable for setting up simple app templates
3415 * Added "GET /public/*" to Static plugin, defaulting to <root>/public
3416 * Added Static plugin
3417 * Fixed; Request#render() only calls cache.get() once
3418 * Fixed; Namespacing View caches with "view:"
3419 * Fixed; Namespacing Static caches with "static:"
3420 * Fixed; Both example apps now use the Static plugin
3421 * Fixed set("views"). Closes #239
3422 * Fixed missing space for combined log format
3423 * Deprecated Request#sendfile() and 'express/static'
3424 * Removed Server#running
3429 * Added Request#flash() support without args, now returns all flashes
3430 * Updated ext submodule
3435 * Fixed session reaper
3436 * Changed; class.js replacing js-oo Class implementation (quite a bit faster, no browser cruft)
3441 * Added package.json
3442 * Fixed requiring of haml / sass due to kiwi removal
3447 * Fixed GIT submodules (HAH!)
3452 * Changed; Express now using submodules again until a PM is adopted
3453 * Changed; chat example using millisecond conversions from ext
3458 * Added Request#pass() support (finds the next matching route, or the given path)
3459 * Added Logger plugin (default "common" format replaces CommonLogger)
3460 * Removed Profiler plugin
3461 * Removed CommonLogger plugin
3466 * Added seed.yml for kiwi package management support
3467 * Added HTTP client query string support when method is GET. Closes #205
3469 * Added support for arbitrary view engines.
3470 For example "foo.engine.html" will now require('engine'),
3471 the exports from this module are cached after the first require().
3473 * Added async plugin support
3475 * Removed usage of RESTful route funcs as http client
3476 get() etc, use http.get() and friends
3478 * Removed custom exceptions
3483 * Added ext dependency (library of js extensions)
3484 * Removed extname() / basename() utils. Use path module
3485 * Removed toArray() util. Use arguments.values
3486 * Removed escapeRegexp() util. Use RegExp.escape()
3487 * Removed process.mixin() dependency. Use utils.mixin()
3488 * Removed Collection
3489 * Removed ElementCollection
3490 * Shameless self promotion of ebook "Advanced JavaScript" (http://dev-mag.com) ;)
3495 * Added flash() example to sample upload app
3496 * Added high level restful http client module (express/http)
3497 * Changed; RESTful route functions double as HTTP clients. Closes #69
3498 * Changed; throwing error when routes are added at runtime
3499 * Changed; defaulting render() context to the current Request. Closes #197
3500 * Updated haml submodule
3505 * Updated haml / sass submodules. Closes #200
3506 * Added flash message support. Closes #64
3507 * Added accepts() now allows multiple args. fixes #117
3508 * Added support for plugins to halt. Closes #189
3509 * Added alternate layout support. Closes #119
3510 * Removed Route#run(). Closes #188
3511 * Fixed broken specs due to use(Cookie) missing
3516 * Added "plot" format option for Profiler (for gnuplot processing)
3517 * Added request number to Profiler plugin
3518 * Fixed binary encoding for multipart file uploads, was previously defaulting to UTF8
3519 * Fixed issue with routes not firing when not files are present. Closes #184
3520 * Fixed process.Promise -> events.Promise
3525 * Added parseParam() support for name[] etc. (allows for file inputs with "multiple" attr) Closes #180
3526 * Added Both Cache and Session option "reapInterval" may be "reapEvery". Closes #174
3527 * Added expiration support to cache api with reaper. Closes #133
3528 * Added cache Store.Memory#reap()
3529 * Added Cache; cache api now uses first class Cache instances
3530 * Added abstract session Store. Closes #172
3531 * Changed; cache Memory.Store#get() utilizing Collection
3532 * Renamed MemoryStore -> Store.Memory
3533 * Fixed use() of the same plugin several time will always use latest options. Closes #176
3538 * Changed; Hooks (before / after) pass request as arg as well as evaluated in their context
3539 * Updated node support to 0.1.27 Closes #169
3540 * Updated dirname(__filename) -> __dirname
3541 * Updated libxmljs support to v0.2.0
3542 * Added session support with memory store / reaping
3543 * Added quick uid() helper
3544 * Added multi-part upload support
3545 * Added Sass.js support / submodule
3546 * Added production env caching view contents and static files
3547 * Added static file caching. Closes #136
3548 * Added cache plugin with memory stores
3549 * Added support to StaticFile so that it works with non-textual files.
3550 * Removed dirname() helper
3551 * Removed several globals (now their modules must be required)
3556 * Added view benchmarks; currently haml vs ejs
3557 * Added Request#attachment() specs. Closes #116
3558 * Added use of node's parseQuery() util. Closes #123
3559 * Added `make init` for submodules
3561 * Updated sample chat app to show messages on load
3562 * Updated libxmljs parseString -> parseHtmlString
3563 * Fixed `make init` to work with older versions of git
3564 * Fixed specs can now run independent specs for those who can't build deps. Closes #127
3565 * Fixed issues introduced by the node url module changes. Closes 126.
3566 * Fixed two assertions failing due to Collection#keys() returning strings
3567 * Fixed faulty Collection#toArray() spec due to keys() returning strings
3568 * Fixed `make test` now builds libxmljs.node before testing