4 * deps: content-disposition@0.5.2
5 * deps: finalhandler@0.5.1
6 - Fix exception when `err.headers` is not an object
7 - deps: statuses@~1.3.1
8 - perf: hoist regular expressions
9 - perf: remove duplicate validation path
10 * deps: proxy-addr@~1.1.3
11 - deps: ipaddr.js@1.2.0
16 * Add `acceptRanges` option to `res.sendFile`/`res.sendfile`
17 * Add `cacheControl` option to `res.sendFile`/`res.sendfile`
18 * Add `options` argument to `req.range`
19 - Includes the `combine` option
20 * Encode URL in `res.location`/`res.redirect` if not already encoded
21 * Fix some redirect handling in `res.sendFile`/`res.sendfile`
22 * Fix Windows absolute path check using forward slashes
23 * Improve error with invalid arguments to `req.get()`
24 * Improve performance for `res.json`/`res.jsonp` in most cases
25 * Improve `Range` header handling in `res.sendFile`/`res.sendfile`
26 * deps: accepts@~1.3.3
27 - Fix including type extensions in parameters in `Accept` parsing
28 - Fix parsing `Accept` parameters with quoted equals
29 - Fix parsing `Accept` parameters with quoted semicolons
30 - Many performance improvments
31 - deps: mime-types@~2.1.11
32 - deps: negotiator@0.6.1
33 * deps: content-type@~1.0.2
34 - perf: enable strict mode
36 - Add `sameSite` option
37 - Fix cookie `Max-Age` to never be a floating point number
38 - Improve error message when `encode` is not a function
39 - Improve error message when `expires` is not a `Date`
40 - Throw better error for invalid argument to parse
41 - Throw on invalid values provided to `serialize`
42 - perf: enable strict mode
43 - perf: hoist regular expression
44 - perf: use for loop in parse
45 - perf: use string concatination for serialization
46 * deps: finalhandler@0.5.0
47 - Change invalid or non-numeric status code to 500
48 - Overwrite status message to match set status code
49 - Prefer `err.statusCode` if `err.status` is invalid
50 - Set response headers from `err.headers` object
51 - Use `statuses` instead of `http` module for status messages
52 * deps: proxy-addr@~1.1.2
53 - Fix accepting various invalid netmasks
54 - Fix IPv6-mapped IPv4 validation edge cases
55 - IPv4 netmasks must be contingous
56 - IPv6 addresses cannot be used as a netmask
57 - deps: ipaddr.js@1.1.1
59 - Add `decoder` option in `parse` function
60 * deps: range-parser@~1.2.0
61 - Add `combine` option to combine overlapping ranges
62 - Fix incorrectly returning -1 when there is at least one valid range
63 - perf: remove internal function
65 - Add `acceptRanges` option
66 - Add `cacheControl` option
67 - Attempt to combine multiple ranges into single range
68 - Correctly inherit from `Stream` class
69 - Fix `Content-Range` header in 416 responses when using `start`/`end` options
70 - Fix `Content-Range` header missing from default 416 responses
71 - Fix redirect error when `path` contains raw non-URL characters
72 - Fix redirect when `path` starts with multiple forward slashes
73 - Ignore non-byte `Range` headers
74 - deps: http-errors@~1.5.0
75 - deps: range-parser@~1.2.0
76 - deps: statuses@~1.3.0
77 - perf: remove argument reassignment
78 * deps: serve-static@~1.11.1
79 - Add `acceptRanges` option
80 - Add `cacheControl` option
81 - Attempt to combine multiple ranges into single range
82 - Fix redirect error when `req.url` contains raw non-URL characters
83 - Ignore non-byte `Range` headers
84 - Use status code 301 for redirects
86 * deps: type-is@~1.6.13
87 - Fix type error when given invalid type to match against
88 - deps: mime-types@~2.1.11
90 - Only accept valid field names in the `field` argument
91 * perf: use strict equality when possible
96 * deps: content-disposition@0.5.1
97 - perf: enable strict mode
99 - Throw on invalid values provided to `serialize`
101 - Support web browser loading
102 - perf: enable strict mode
103 * deps: escape-html@~1.0.3
104 - perf: enable strict mode
105 - perf: optimize string replacement
106 - perf: use faster string coercion
107 * deps: finalhandler@0.4.1
108 - deps: escape-html@~1.0.3
109 * deps: merge-descriptors@1.0.1
110 - perf: enable strict mode
111 * deps: methods@~1.1.2
112 - perf: enable strict mode
113 * deps: parseurl@~1.3.1
114 - perf: enable strict mode
115 * deps: proxy-addr@~1.0.10
116 - deps: ipaddr.js@1.0.5
117 - perf: enable strict mode
118 * deps: range-parser@~1.0.3
119 - perf: enable strict mode
122 - deps: destroy@~1.0.4
123 - deps: escape-html@~1.0.3
124 - deps: range-parser@~1.0.3
125 * deps: serve-static@~1.10.2
126 - deps: escape-html@~1.0.3
127 - deps: parseurl@~1.3.0
133 * Fix infinite loop condition using `mergeParams: true`
134 * Fix inner numeric indices incorrectly altering parent `req.params`
139 * deps: accepts@~1.2.12
140 - deps: mime-types@~2.1.4
141 * deps: array-flatten@1.1.1
142 - perf: enable strict mode
143 * deps: path-to-regexp@0.1.7
144 - Fix regression with escaped round brackets and matching groups
145 * deps: type-is@~1.6.6
146 - deps: mime-types@~2.1.4
151 * deps: accepts@~1.2.10
152 - deps: mime-types@~2.1.2
154 - Fix dropping parameters like `hasOwnProperty`
155 - Fix various parsing edge cases
156 * deps: type-is@~1.6.4
157 - deps: mime-types@~2.1.2
158 - perf: enable strict mode
159 - perf: remove argument reassignment
164 * Add settings to debug output
165 * Fix `res.format` error when only `default` provided
166 * Fix issue where `next('route')` in `app.param` would incorrectly skip values
167 * Fix hiding platform issues with `decodeURIComponent`
168 - Only `URIError`s are a 400
169 * Fix using `*` before params in routes
170 * Fix using capture groups before params in routes
171 * Simplify `res.cookie` to call `res.append`
172 * Use `array-flatten` module for flattening arrays
173 * deps: accepts@~1.2.9
174 - deps: mime-types@~2.1.1
175 - perf: avoid argument reassignment & argument slice
176 - perf: avoid negotiator recursive construction
177 - perf: enable strict mode
178 - perf: remove unnecessary bitwise operator
180 - perf: deduce the scope of try-catch deopt
181 - perf: remove argument reassignments
182 * deps: escape-html@1.0.2
184 - Always include entity length in ETags for hash length extensions
185 - Generate non-Stats ETags using MD5 only (no longer CRC32)
186 - Improve stat performance by removing hashing
187 - Improve support for JXcore
188 - Remove base64 padding in ETags to shorten
189 - Support "fake" stats objects in environments without fs
190 - Use MD5 instead of MD4 in weak ETags over 1KB
191 * deps: finalhandler@0.4.0
192 - Fix a false-positive when unpiping in Node.js 0.8
193 - Support `statusCode` property on `Error` objects
194 - Use `unpipe` module for unpiping requests
195 - deps: escape-html@1.0.2
196 - deps: on-finished@~2.3.0
197 - perf: enable strict mode
198 - perf: remove argument reassignment
200 - Add weak `ETag` matching support
201 * deps: on-finished@~2.3.0
202 - Add defined behavior for HTTP `CONNECT` requests
203 - Add defined behavior for HTTP `Upgrade` requests
204 - deps: ee-first@1.1.1
205 * deps: path-to-regexp@0.1.6
207 - Allow Node.js HTTP server to set `Date` response header
208 - Fix incorrectly removing `Content-Location` on 304 response
209 - Improve the default redirect response headers
210 - Send appropriate headers on default error response
211 - Use `http-errors` for standard emitted errors
212 - Use `statuses` instead of `http` module for status messages
213 - deps: escape-html@1.0.2
216 - deps: on-finished@~2.3.0
217 - perf: enable strict mode
218 - perf: remove unnecessary array allocations
219 * deps: serve-static@~1.10.0
220 - Add `fallthrough` option
221 - Fix reading options from options prototype
222 - Improve the default redirect response headers
223 - Malformed URLs now `next()` instead of 400
224 - deps: escape-html@1.0.2
226 - perf: enable strict mode
227 - perf: remove argument reassignment
228 * deps: type-is@~1.6.3
229 - deps: mime-types@~2.1.1
230 - perf: reduce try block size
231 - perf: remove bitwise operations
232 * perf: enable strict mode
233 * perf: isolate `app.render` try block
234 * perf: remove argument reassignments in application
235 * perf: remove argument reassignments in request prototype
236 * perf: remove argument reassignments in response prototype
237 * perf: remove argument reassignments in routing
238 * perf: remove argument reassignments in `View`
239 * perf: skip attempting to decode zero length string
240 * perf: use saved reference to `http.STATUS_CODES`
245 * deps: accepts@~1.2.7
246 - deps: mime-types@~2.0.11
247 - deps: negotiator@0.5.3
252 - Improve support for JXcore
253 - Support "fake" stats objects in environments without `fs`
254 * deps: finalhandler@0.3.6
256 - deps: on-finished@~2.2.1
257 * deps: on-finished@~2.2.1
258 - Fix `isFinished(req)` when data buffered
259 * deps: proxy-addr@~1.0.8
260 - deps: ipaddr.js@1.0.1
262 - Fix allowing parameters like `constructor`
268 - deps: on-finished@~2.2.1
269 * deps: serve-static@~1.9.3
271 * deps: type-is@~1.6.2
272 - deps: mime-types@~2.0.11
277 * deps: accepts@~1.2.5
278 - deps: mime-types@~2.0.10
280 - Fix high intensity foreground color for bold
282 * deps: finalhandler@0.3.4
284 * deps: proxy-addr@~1.0.7
285 - deps: ipaddr.js@0.1.9
287 - Fix error when parameter `hasOwnProperty` is present
289 - Throw errors early for invalid `extensions` or `index` options
291 * deps: serve-static@~1.9.2
293 * deps: type-is@~1.6.1
294 - deps: mime-types@~2.0.10
299 * Fix regression where `"Request aborted"` is logged using `res.sendFile`
304 * Fix constructing application with non-configurable prototype properties
305 * Fix `ECONNRESET` errors from `res.sendFile` usage
306 * Fix `req.host` when using "trust proxy" hops count
307 * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
308 * Fix wrong `code` on aborted connections from `res.sendFile`
309 * deps: merge-descriptors@1.0.0
314 * Fix `"trust proxy"` setting to inherit when app is mounted
315 * Generate `ETag`s for all request responses
316 - No longer restricted to only responses for `GET` and `HEAD` requests
317 * Use `content-type` to parse `Content-Type` headers
318 * deps: accepts@~1.2.4
319 - Fix preference sorting to be stable for long acceptable lists
320 - deps: mime-types@~2.0.9
321 - deps: negotiator@0.5.1
322 * deps: cookie-signature@1.0.6
324 - Always read the stat size from the file
325 - Fix mutating passed-in `options`
327 * deps: serve-static@~1.9.1
329 * deps: type-is@~1.6.0
330 - fix argument reassignment
331 - fix false-positives in `hasBody` `Transfer-Encoding` check
332 - support wildcard for both type and subtype (`*/*`)
333 - deps: mime-types@~2.0.9
338 * Fix `res.redirect` double-calling `res.end` for `HEAD` requests
339 * deps: accepts@~1.2.3
340 - deps: mime-types@~2.0.8
341 * deps: proxy-addr@~1.0.6
342 - deps: ipaddr.js@0.1.8
343 * deps: type-is@~1.5.6
344 - deps: mime-types@~2.0.8
350 - Fix root path disclosure
351 * deps: serve-static@~1.8.1
352 - Fix redirect loop in Node.js 0.11.14
353 - Fix root path disclosure
359 * Add `res.append(field, val)` to append headers
360 * Deprecate leading `:` in `name` for `app.param(name, fn)`
361 * Deprecate `req.param()` -- use `req.params`, `req.body`, or `req.query` instead
362 * Deprecate `app.param(fn)`
363 * Fix `OPTIONS` responses to include the `HEAD` method properly
364 * Fix `res.sendFile` not always detecting aborted connection
365 * Match routes iteratively to prevent stack overflows
366 * deps: accepts@~1.2.2
367 - deps: mime-types@~2.0.7
368 - deps: negotiator@0.5.0
373 - deps: on-finished@~2.2.0
374 * deps: serve-static@~1.8.0
380 * Fix crash from error within `OPTIONS` response handler
381 * deps: proxy-addr@~1.0.5
382 - deps: ipaddr.js@0.1.6
387 * Fix `Allow` header for `OPTIONS` to not contain duplicate methods
388 * Fix incorrect "Request aborted" for `res.sendFile` when `HEAD` or 304
390 * deps: finalhandler@0.3.3
392 - deps: on-finished@~2.2.0
393 * deps: methods@~1.1.1
394 * deps: on-finished@~2.2.0
395 * deps: serve-static@~1.7.2
396 - Fix potential open redirect when mounted at root
397 * deps: type-is@~1.5.5
398 - deps: mime-types@~2.0.7
403 * Fix exception in `req.fresh`/`req.stale` without response headers
408 * Fix `res.send` double-calling `res.end` for `HEAD` requests
409 * deps: accepts@~1.1.4
410 - deps: mime-types@~2.0.4
411 * deps: type-is@~1.5.4
412 - deps: mime-types@~2.0.4
417 * Fix `res.sendfile` logging standard write errors
422 * Fix `res.sendFile` logging standard write errors
424 * deps: proxy-addr@~1.0.4
425 - deps: ipaddr.js@0.1.5
427 - Fix `arrayLimit` behavior
432 * Correctly invoke async router callback asynchronously
433 * deps: accepts@~1.1.3
434 - deps: mime-types@~2.0.3
435 * deps: type-is@~1.5.3
436 - deps: mime-types@~2.0.3
441 * Fix handling of URLs containing `://` in the path
443 - Fix parsing of mixed objects and values
448 * Add support for `app.set('views', array)`
449 - Views are looked up in sequence in array of directories
450 * Fix `res.send(status)` to mention `res.sendStatus(status)`
451 * Fix handling of invalid empty URLs
452 * Use `content-disposition` module for `res.attachment`/`res.download`
453 - Sends standards-compliant `Content-Disposition` header
454 - Full Unicode support
455 * Use `path.resolve` in view lookup
457 - Implement `DEBUG_FD` env variable support
460 - Improve string performance
461 - Slightly improve speed for weak ETags over 1KB
462 * deps: finalhandler@0.3.2
463 - Terminate in progress response only on error
464 - Use `on-finished` to determine request status
466 - deps: on-finished@~2.1.1
467 * deps: on-finished@~2.1.1
468 - Fix handling of pipelined requests
470 - Fix parsing of mixed implicit and explicit arrays
475 - deps: on-finished@~2.1.1
476 * deps: serve-static@~1.7.1
482 * Fix `res.redirect` body when redirect status specified
483 * deps: accepts@~1.1.2
484 - Fix error when media type has invalid parameter
485 - deps: negotiator@0.4.9
490 * Fix using same param name in array of paths
495 * deps: accepts@~1.1.1
496 - deps: mime-types@~2.0.2
497 - deps: negotiator@0.4.8
498 * deps: serve-static@~1.6.4
499 - Fix redirect loop when index file serving disabled
500 * deps: type-is@~1.5.2
501 - deps: mime-types@~2.0.2
507 * deps: proxy-addr@~1.0.3
508 - Use `forwarded` npm module
511 * deps: serve-static@~1.6.3
518 - Fix issue with object keys starting with numbers truncated
523 * deps: proxy-addr@~1.0.2
524 - Fix a global leak when multiple subnets are trusted
525 - deps: ipaddr.js@0.1.3
530 * Fix regression for empty string `path` in `app.use`
531 * Fix `router.use` to accept array of middleware without path
532 * Improve error message for bad `app.use` arguments
537 * Fix `app.use` to accept array of middleware without path
543 - deps: range-parser@~1.0.2
544 * deps: serve-static@~1.6.2
550 * Add `res.sendStatus`
551 * Invoke callback for sendfile when client aborts
552 - Applies to `res.sendFile`, `res.sendfile`, and `res.download`
553 - `err` will be populated with request aborted error
554 * Support IP address host in `req.subdomains`
555 * Use `etag` to generate `ETag` headers
556 * deps: accepts@~1.1.0
557 - update `mime-types`
558 * deps: cookie-signature@1.0.5
560 * deps: finalhandler@0.2.0
561 - Set `X-Content-Type-Options: nosniff` header
564 * deps: media-typer@0.3.0
565 - Throw error when parameter format invalid on parse
567 - Fix issue where first empty value in array is discarded
568 * deps: range-parser@~1.0.2
570 - Add `lastModified` option
571 - Use `etag` to generate `ETag` header
574 * deps: serve-static@~1.6.1
575 - Add `lastModified` option
577 * deps: type-is@~1.5.1
578 - fix `hasbody` to be true for `content-length: 0`
579 - deps: media-typer@0.3.0
580 - deps: mime-types@~2.0.1
582 - Accept valid `Vary` header string as `field`
588 - Fix a path traversal issue when using `root`
589 - Fix malicious path detection for empty string path
590 * deps: serve-static@~1.5.4
597 - Remove unnecessary cloning
604 - Performance improvements
610 - deps: destroy@1.0.3
611 - deps: on-finished@2.1.0
612 * deps: serve-static@~1.5.3
620 - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
621 * deps: serve-static@~1.5.2
627 * deps: parseurl@~1.3.0
629 * deps: serve-static@~1.5.1
630 - Fix parsing of weird `req.originalUrl` values
631 - deps: parseurl@~1.3.0
632 - deps: utils-merge@1.0.0
638 - Fix parsing array of objects
643 * fix incorrect deprecation warnings on `res.download`
645 - Accept urlencoded square brackets
646 - Accept empty values in implicit array notation
652 - accepts a file system path instead of a URL
653 - requires an absolute path or `root` option specified
654 * deprecate `res.sendfile` -- use `res.sendFile` instead
655 * support mounted app as any argument to `app.use()`
658 - Limits array length to 20
659 - Limits object depth to 5
660 - Limits parameters to 1,000
662 - Add `extensions` option
663 * deps: serve-static@~1.5.0
664 - Add `extensions` option
670 * fix `res.sendfile` regression for serving directory index files
672 - Fix incorrect 403 on Windows and Node.js 0.11
673 - Fix serving index files without root dir
674 * deps: serve-static@~1.4.4
681 - Fix incorrect 403 on Windows and Node.js 0.11
682 * deps: serve-static@~1.4.3
683 - Fix incorrect 403 on Windows and Node.js 0.11
690 - Work-around v8 generating empty stack traces
693 * deps: serve-static@~1.4.2
699 - Fix exception when global `Error.stackTraceLimit` is too low
702 * deps: serve-static@~1.4.1
707 * fix `req.protocol` for proxy-direct connections
708 * configurable query parser with `app.set('query parser', parser)`
709 - `app.set('query parser', 'extended')` parse with "qs" module
710 - `app.set('query parser', 'simple')` parse with "querystring" core module
711 - `app.set('query parser', false)` disable query string parsing
712 - `app.set('query parser', true)` enable simple parsing
713 * deprecate `res.json(status, obj)` -- use `res.status(status).json(obj)` instead
714 * deprecate `res.jsonp(status, obj)` -- use `res.status(status).jsonp(obj)` instead
715 * deprecate `res.send(status, body)` -- use `res.status(status).send(body)` instead
718 - Add `TRACE_DEPRECATION` environment variable
719 - Remove non-standard grey color from color output
720 - Support `--no-deprecation` argument
721 - Support `--trace-deprecation` argument
722 * deps: finalhandler@0.1.0
723 - Respond after request fully read
725 * deps: parseurl@~1.2.0
726 - Cache URLs based on original value
727 - Remove no-longer-needed URL mis-parse work-around
728 - Simplify the "fast-path" `RegExp`
730 - Add `dotfiles` option
731 - Cap `maxAge` value to 1 year
734 * deps: serve-static@~1.4.0
735 - deps: parseurl@~1.2.0
737 * perf: prevent multiple `Buffer` creation in `res.send`
742 * fix `subapp.mountpath` regression for `app.use(subapp)`
747 * accept multiple callbacks to `app.use()`
748 * add explicit "Rosetta Flash JSONP abuse" protection
749 - previous versions are not vulnerable; this is just explicit protection
750 * catch errors in multiple `req.param(name, fn)` handlers
751 * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
752 * fix `res.send(status, num)` to send `num` as json (not error)
753 * remove unnecessary escaping when `res.jsonp` returns JSON response
754 * support non-string `path` in `app.use(path, fn)`
755 - supports array of paths
757 * router: fix optimization on router exit
758 * router: refactor location of `try` blocks
759 * router: speed up standard `app.use(fn)`
761 - Add support for multiple wildcards in namespaces
762 * deps: finalhandler@0.0.3
764 * deps: methods@1.1.0
766 * deps: parseurl@~1.1.3
767 - faster parsing of href-only URLs
768 * deps: path-to-regexp@0.1.3
771 * deps: serve-static@~1.3.2
772 - deps: parseurl@~1.1.3
774 * perf: fix arguments reassign deopt in some `res` methods
779 * fix routing regression when altering `req.method`
784 * add deprecation message to non-plural `req.accepts*`
785 * add deprecation message to `res.send(body, status)`
786 * add deprecation message to `res.vary()`
787 * add `headers` option to `res.sendfile`
788 - use to set headers on successful file transfer
789 * add `mergeParams` option to `Router`
790 - merges `req.params` from parent routes
791 * add `req.hostname` -- correct name for what `req.host` returns
792 * deprecate things with `depd` module
793 * deprecate `req.host` -- use `req.hostname` instead
794 * fix behavior when handling request without routes
795 * fix handling when `route.all` is only route
796 * invoke `router.param()` only when route matches
797 * restore `req.params` after invoking router
798 * use `finalhandler` for final response handling
799 * use `media-typer` to alter content-type charset
800 * deps: accepts@~1.0.7
802 - Accept string for `maxage` (converted by `ms`)
803 - Include link in default redirect response
804 * deps: serve-static@~1.3.0
805 - Accept string for `maxAge` (converted by `ms`)
806 - Add `setHeaders` option
807 - Include HTML link in redirect response
809 * deps: type-is@~1.3.2
814 * deps: cookie-signature@1.0.4
815 - fix for timing attacks
820 * fix `res.attachment` Unicode filenames in Safari
821 * fix "trim prefix" debug message in `express:router`
822 * deps: accepts@~1.0.5
823 * deps: buffer-crc32@0.2.3
828 * fix persistence of modified `req.params[name]` from `app.param()`
829 * deps: accepts@1.0.3
830 - deps: negotiator@0.4.6
833 - Do not throw un-catchable error on file open race condition
834 - Use `escape-html` for HTML escaping
836 - deps: finished@1.2.2
838 * deps: serve-static@1.2.3
839 - Do not throw un-catchable error on file open race condition
845 * fix catching errors from top-level handlers
846 * use `vary` module for `res.vary`
848 * deps: proxy-addr@1.0.1
850 - fix "event emitter leak" warnings
852 - deps: finished@1.2.1
853 * deps: serve-static@1.2.2
854 - fix "event emitter leak" warnings
856 * deps: type-is@1.2.1
861 * deps: methods@1.0.1
863 - Send `max-age` in `Cache-Control` in correct format
864 * deps: serve-static@1.2.1
865 - use `escape-html` for escaping
871 * custom etag control with `app.set('etag', val)`
872 - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
873 - `app.set('etag', 'weak')` weak tag
874 - `app.set('etag', 'strong')` strong etag
875 - `app.set('etag', false)` turn off
876 - `app.set('etag', true)` standard etag
877 * mark `res.send` ETag as weak and reduce collisions
878 * update accepts to 1.0.2
879 - Fix interpretation when header not in request
880 * update send to 0.4.0
881 - Calculate ETag with md5 for reduced collisions
882 - Ignore stream errors after request ends
884 * update serve-static to 1.2.0
885 - Calculate ETag with md5 for reduced collisions
886 - Ignore stream errors after request ends
892 * fix handling of errors from `router.param()` callbacks
897 * revert "fix behavior of multiple `app.VERB` for the same path"
898 - this caused a regression in the order of route execution
903 * add `req.baseUrl` to access the path stripped from `req.url` in routes
904 * fix behavior of multiple `app.VERB` for the same path
905 * fix issue routing requests among sub routers
906 * invoke `router.param()` only when necessary instead of every match
907 * proper proxy trust with `app.set('trust proxy', trust)`
908 - `app.set('trust proxy', 1)` trust first hop
909 - `app.set('trust proxy', 'loopback')` trust loopback addresses
910 - `app.set('trust proxy', '10.0.0.1')` trust single IP
911 - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
912 - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
913 - `app.set('trust proxy', false)` turn off
914 - `app.set('trust proxy', true)` trust everything
915 * set proper `charset` in `Content-Type` for `res.send`
916 * update type-is to 1.2.0
917 - support suffix matching
922 * deprecate `app.del()` -- use `app.delete()` instead
923 * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
924 - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
925 * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
926 - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
927 * fix `req.next` when inside router instance
928 * include `ETag` header in `HEAD` requests
929 * keep previous `Content-Type` for `res.jsonp`
930 * support PURGE method
933 - include PURGE in `app.all`
934 * update debug to 0.8.0
935 - add `enable()` method
936 - change from stderr to stdout
937 * update methods to 1.0.0
943 * fix `req.host` for IPv6 literals
944 * fix `res.jsonp` error if callback param is object
949 * fix package.json to reflect supported node version
954 * pass options from `res.sendfile` to `send`
955 * preserve casing of headers in `res.header` and `res.set`
956 * support unicode file names in `res.attachment` and `res.download`
957 * update accepts to 1.0.1
958 - deps: negotiator@0.4.0
959 * update cookie to 0.1.2
960 - Fix for maxAge == 0
961 - made compat with expires field
962 * update send to 0.3.0
963 - Accept API options in options object
964 - Coerce option types
965 - Control whether to generate etags
966 - Default directory access to 403 when index disabled
967 - Fix sending files with dots without root set
968 - Include file path in etag
969 - Make "Can't set headers after they are sent." catchable
970 - Send full entity-body for multi range requests
971 - Set etags to "weak"
972 - Support "If-Range" header
973 - Support multiple index paths
975 * update serve-static to 1.1.0
976 - Accept options directly to `send` module
977 - Resolve relative paths at middleware setup
978 - Use parseurl to parse the URL from request
980 * update type-is to 1.1.0
981 - add non-array values support
982 - add `multipart` as a shorthand
989 - connect and connect's patches except for charset handling
990 - express(1) - moved to [express-generator](https://github.com/expressjs/generator)
991 - `express.createServer()` - it has been deprecated for a long time. Use `express()`
992 - `app.configure` - use logic in your own app code
993 - `app.router` - is removed
994 - `req.auth` - use `basic-auth` instead
995 - `req.accepted*` - use `req.accepts*()` instead
996 - `res.location` - relative URL resolution is removed
997 - `res.charset` - include the charset in the content type when using `res.set()`
998 - all bundled middleware except `static`
1000 - `app.route` -> `app.mountpath` when mounting an express app in another express app
1001 - `json spaces` no longer enabled by default in development
1002 - `req.accepts*` -> `req.accepts*s` - i.e. `req.acceptsEncoding` -> `req.acceptsEncodings`
1003 - `req.params` is now an object instead of an array
1004 - `res.locals` is no longer a function. It is a plain js object. Treat it as such.
1005 - `res.headerSent` -> `res.headersSent` to match node.js ServerResponse object
1007 - `req.accepts*` with [accepts](https://github.com/expressjs/accepts)
1008 - `req.is` with [type-is](https://github.com/expressjs/type-is)
1009 - [path-to-regexp](https://github.com/component/path-to-regexp)
1011 - `app.router()` - returns the app Router instance
1012 - `app.route()` - Proxy to the app's `Router#route()` method to create a new route
1013 - Router & Route - public API
1018 * deps: connect@2.30.2
1019 - deps: body-parser@~1.13.3
1020 - deps: compression@~1.5.2
1021 - deps: errorhandler@~1.4.2
1022 - deps: method-override@~2.3.5
1023 - deps: serve-index@~1.7.2
1024 - deps: type-is@~1.6.6
1025 - deps: vhost@~3.0.1
1027 - Fix setting empty header from empty `field`
1028 - perf: enable strict mode
1029 - perf: remove argument reassignments
1034 * deps: basic-auth@~1.0.3
1035 * deps: connect@2.30.1
1036 - deps: body-parser@~1.13.2
1037 - deps: compression@~1.5.1
1038 - deps: errorhandler@~1.4.1
1039 - deps: morgan@~1.6.1
1042 - deps: serve-index@~1.7.1
1043 - deps: type-is@~1.6.4
1048 * deps: basic-auth@1.0.2
1049 - perf: enable strict mode
1050 - perf: hoist regular expression
1051 - perf: parse with regular expressions
1052 - perf: remove argument reassignment
1053 * deps: connect@2.30.0
1054 - deps: body-parser@~1.13.1
1056 - deps: compression@~1.5.0
1057 - deps: cookie@0.1.3
1058 - deps: cookie-parser@~1.3.5
1059 - deps: csurf@~1.8.3
1060 - deps: errorhandler@~1.4.0
1061 - deps: express-session@~1.11.3
1062 - deps: finalhandler@0.4.0
1064 - deps: morgan@~1.6.0
1065 - deps: serve-favicon@~2.3.0
1066 - deps: serve-index@~1.7.0
1067 - deps: serve-static@~1.10.0
1068 - deps: type-is@~1.6.3
1069 * deps: cookie@0.1.3
1070 - perf: deduce the scope of try-catch deopt
1071 - perf: remove argument reassignments
1072 * deps: escape-html@1.0.2
1074 - Always include entity length in ETags for hash length extensions
1075 - Generate non-Stats ETags using MD5 only (no longer CRC32)
1076 - Improve stat performance by removing hashing
1077 - Improve support for JXcore
1078 - Remove base64 padding in ETags to shorten
1079 - Support "fake" stats objects in environments without fs
1080 - Use MD5 instead of MD4 in weak ETags over 1KB
1082 - Add weak `ETag` matching support
1083 * deps: mkdirp@0.5.1
1084 - Work in global strict mode
1086 - Allow Node.js HTTP server to set `Date` response header
1087 - Fix incorrectly removing `Content-Location` on 304 response
1088 - Improve the default redirect response headers
1089 - Send appropriate headers on default error response
1090 - Use `http-errors` for standard emitted errors
1091 - Use `statuses` instead of `http` module for status messages
1092 - deps: escape-html@1.0.2
1095 - deps: on-finished@~2.3.0
1096 - perf: enable strict mode
1097 - perf: remove unnecessary array allocations
1102 * deps: connect@2.29.2
1103 - deps: body-parser@~1.12.4
1104 - deps: compression@~1.4.4
1105 - deps: connect-timeout@~1.6.2
1106 - deps: debug@~2.2.0
1108 - deps: errorhandler@~1.3.6
1109 - deps: finalhandler@0.3.6
1110 - deps: method-override@~2.3.3
1111 - deps: morgan@~1.5.3
1113 - deps: response-time@~2.3.1
1114 - deps: serve-favicon@~2.2.1
1115 - deps: serve-index@~1.6.4
1116 - deps: serve-static@~1.9.3
1117 - deps: type-is@~1.6.2
1118 * deps: debug@~2.2.0
1121 * deps: proxy-addr@~1.0.8
1122 - deps: ipaddr.js@1.0.1
1124 - deps: debug@~2.2.0
1128 - deps: on-finished@~2.2.1
1133 * deps: connect@2.29.1
1134 - deps: body-parser@~1.12.2
1135 - deps: compression@~1.4.3
1136 - deps: connect-timeout@~1.6.1
1137 - deps: debug@~2.1.3
1138 - deps: errorhandler@~1.3.5
1139 - deps: express-session@~1.10.4
1140 - deps: finalhandler@0.3.4
1141 - deps: method-override@~2.3.2
1142 - deps: morgan@~1.5.2
1144 - deps: serve-index@~1.6.3
1145 - deps: serve-static@~1.9.2
1146 - deps: type-is@~1.6.1
1147 * deps: debug@~2.1.3
1148 - Fix high intensity foreground color for bold
1150 * deps: merge-descriptors@1.0.0
1151 * deps: proxy-addr@~1.0.7
1152 - deps: ipaddr.js@0.1.9
1154 - Throw errors early for invalid `extensions` or `index` options
1155 - deps: debug@~2.1.3
1160 * Fix `req.host` when using "trust proxy" hops count
1161 * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
1166 * Fix `"trust proxy"` setting to inherit when app is mounted
1167 * Generate `ETag`s for all request responses
1168 - No longer restricted to only responses for `GET` and `HEAD` requests
1169 * Use `content-type` to parse `Content-Type` headers
1170 * deps: connect@2.29.0
1171 - Use `content-type` to parse `Content-Type` headers
1172 - deps: body-parser@~1.12.0
1173 - deps: compression@~1.4.1
1174 - deps: connect-timeout@~1.6.0
1175 - deps: cookie-parser@~1.3.4
1176 - deps: cookie-signature@1.0.6
1177 - deps: csurf@~1.7.0
1178 - deps: errorhandler@~1.3.4
1179 - deps: express-session@~1.10.3
1180 - deps: http-errors@~1.3.1
1181 - deps: response-time@~2.3.0
1182 - deps: serve-index@~1.6.2
1183 - deps: serve-static@~1.9.1
1184 - deps: type-is@~1.6.0
1185 * deps: cookie-signature@1.0.6
1187 - Always read the stat size from the file
1188 - Fix mutating passed-in `options`
1194 * deps: connect@2.28.3
1195 - deps: compression@~1.3.1
1196 - deps: csurf@~1.6.6
1197 - deps: errorhandler@~1.3.3
1198 - deps: express-session@~1.10.2
1199 - deps: serve-index@~1.6.1
1200 - deps: type-is@~1.5.6
1201 * deps: proxy-addr@~1.0.6
1202 - deps: ipaddr.js@0.1.8
1207 * deps: connect@2.28.2
1208 - deps: body-parser@~1.10.2
1209 - deps: serve-static@~1.8.1
1211 - Fix root path disclosure
1216 * Fix `OPTIONS` responses to include the `HEAD` method property
1217 * Use `readline` for prompt in `express(1)`
1218 * deps: commander@2.6.0
1219 * deps: connect@2.28.1
1220 - deps: body-parser@~1.10.1
1221 - deps: compression@~1.3.0
1222 - deps: connect-timeout@~1.5.0
1223 - deps: csurf@~1.6.4
1224 - deps: debug@~2.1.1
1225 - deps: errorhandler@~1.3.2
1226 - deps: express-session@~1.10.1
1227 - deps: finalhandler@0.3.3
1228 - deps: method-override@~2.3.1
1229 - deps: morgan@~1.5.1
1230 - deps: serve-favicon@~2.2.0
1231 - deps: serve-index@~1.6.0
1232 - deps: serve-static@~1.8.0
1233 - deps: type-is@~1.5.5
1234 * deps: debug@~2.1.1
1235 * deps: methods@~1.1.1
1236 * deps: proxy-addr@~1.0.5
1237 - deps: ipaddr.js@0.1.6
1239 - deps: debug@~2.1.1
1242 - deps: on-finished@~2.2.0
1247 * Fix exception in `req.fresh`/`req.stale` without response headers
1252 * deps: connect@2.27.6
1253 - deps: compression@~1.2.2
1254 - deps: express-session@~1.9.3
1255 - deps: http-errors@~1.2.8
1256 - deps: serve-index@~1.5.3
1257 - deps: type-is@~1.5.4
1262 * deps: connect@2.27.4
1263 - deps: body-parser@~1.9.3
1264 - deps: compression@~1.2.1
1265 - deps: errorhandler@~1.2.3
1266 - deps: express-session@~1.9.2
1268 - deps: serve-favicon@~2.1.7
1269 - deps: serve-static@~1.5.1
1270 - deps: type-is@~1.5.3
1272 * deps: proxy-addr@~1.0.4
1273 - deps: ipaddr.js@0.1.5
1278 * deps: connect@2.27.3
1279 - Correctly invoke async callback asynchronously
1280 - deps: csurf@~1.6.3
1285 * deps: connect@2.27.2
1286 - Fix handling of URLs containing `://` in the path
1287 - deps: body-parser@~1.9.2
1293 * Fix internal `utils.merge` deprecation warnings
1294 * deps: connect@2.27.1
1295 - deps: body-parser@~1.9.1
1296 - deps: express-session@~1.9.1
1297 - deps: finalhandler@0.3.2
1298 - deps: morgan@~1.4.1
1300 - deps: serve-static@~1.7.1
1302 - deps: on-finished@~2.1.1
1307 * Use `content-disposition` module for `res.attachment`/`res.download`
1308 - Sends standards-compliant `Content-Disposition` header
1309 - Full Unicode support
1310 * Use `etag` module to generate `ETag` headers
1311 * deps: connect@2.27.0
1312 - Use `http-errors` module for creating errors
1313 - Use `utils-merge` module for merging objects
1314 - deps: body-parser@~1.9.0
1315 - deps: compression@~1.2.0
1316 - deps: connect-timeout@~1.4.0
1317 - deps: debug@~2.1.0
1319 - deps: express-session@~1.9.0
1320 - deps: finalhandler@0.3.1
1321 - deps: method-override@~2.3.0
1322 - deps: morgan@~1.4.0
1323 - deps: response-time@~2.2.0
1324 - deps: serve-favicon@~2.1.6
1325 - deps: serve-index@~1.5.0
1326 - deps: serve-static@~1.7.0
1327 * deps: debug@~2.1.0
1328 - Implement `DEBUG_FD` env variable support
1331 - deps: debug@~2.1.0
1338 * deps: connect@2.26.6
1339 - deps: compression@~1.1.2
1340 - deps: csurf@~1.6.2
1341 - deps: errorhandler@~1.2.2
1346 * deps: connect@2.26.5
1347 - Fix accepting non-object arguments to `logger`
1348 - deps: serve-static@~1.6.4
1353 * deps: connect@2.26.4
1354 - deps: morgan@~1.3.2
1355 - deps: type-is@~1.5.2
1360 * deps: connect@2.26.3
1361 - deps: body-parser@~1.8.4
1362 - deps: serve-favicon@~2.1.5
1363 - deps: serve-static@~1.6.3
1364 * deps: proxy-addr@~1.0.3
1365 - Use `forwarded` npm module
1372 * deps: connect@2.26.2
1373 - deps: body-parser@~1.8.3
1379 * deps: proxy-addr@~1.0.2
1380 - Fix a global leak when multiple subnets are trusted
1381 - deps: ipaddr.js@0.1.3
1386 * Use `crc` instead of `buffer-crc32` for speed
1387 * deps: connect@2.26.1
1388 - deps: body-parser@~1.8.2
1390 - deps: express-session@~1.8.2
1391 - deps: morgan@~1.3.1
1392 - deps: serve-favicon@~2.1.3
1393 - deps: serve-static@~1.6.2
1398 - deps: range-parser@~1.0.2
1403 * Fix error in `req.subdomains` on empty host
1408 * Support `X-Forwarded-Host` in `req.subdomains`
1409 * Support IP address host in `req.subdomains`
1410 * deps: connect@2.26.0
1411 - deps: body-parser@~1.8.1
1412 - deps: compression@~1.1.0
1413 - deps: connect-timeout@~1.3.0
1414 - deps: cookie-parser@~1.3.3
1415 - deps: cookie-signature@1.0.5
1416 - deps: csurf@~1.6.1
1417 - deps: debug@~2.0.0
1418 - deps: errorhandler@~1.2.0
1419 - deps: express-session@~1.8.1
1420 - deps: finalhandler@0.2.0
1422 - deps: media-typer@0.3.0
1423 - deps: method-override@~2.2.0
1424 - deps: morgan@~1.3.0
1426 - deps: serve-favicon@~2.1.3
1427 - deps: serve-index@~1.2.1
1428 - deps: serve-static@~1.6.1
1429 - deps: type-is@~1.5.1
1430 - deps: vhost@~3.0.0
1431 * deps: cookie-signature@1.0.5
1432 * deps: debug@~2.0.0
1434 * deps: media-typer@0.3.0
1435 - Throw error when parameter format invalid on parse
1436 * deps: range-parser@~1.0.2
1438 - Add `lastModified` option
1439 - Use `etag` to generate `ETag` header
1440 - deps: debug@~2.0.0
1443 - Accept valid `Vary` header string as `field`
1445 3.16.10 / 2014-09-04
1446 ====================
1448 * deps: connect@2.25.10
1449 - deps: serve-static@~1.5.4
1451 - Fix a path traversal issue when using `root`
1452 - Fix malicious path detection for empty string path
1457 * deps: connect@2.25.9
1458 - deps: body-parser@~1.6.7
1464 * deps: connect@2.25.8
1465 - deps: body-parser@~1.6.6
1466 - deps: csurf@~1.4.1
1472 * deps: connect@2.25.7
1473 - deps: body-parser@~1.6.5
1474 - deps: express-session@~1.7.6
1475 - deps: morgan@~1.2.3
1476 - deps: serve-static@~1.5.3
1478 - deps: destroy@1.0.3
1479 - deps: on-finished@2.1.0
1484 * deps: connect@2.25.6
1485 - deps: body-parser@~1.6.4
1487 - deps: serve-static@~1.5.2
1489 - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
1494 * deps: connect@2.25.5
1495 - Fix backwards compatibility in `logger`
1500 * Fix original URL parsing in `res.location`
1501 * deps: connect@2.25.4
1502 - Fix `query` middleware breaking with argument
1503 - deps: body-parser@~1.6.3
1504 - deps: compression@~1.0.11
1505 - deps: connect-timeout@~1.2.2
1506 - deps: express-session@~1.7.5
1507 - deps: method-override@~2.1.3
1508 - deps: on-headers@~1.0.0
1509 - deps: parseurl@~1.3.0
1511 - deps: response-time@~2.0.1
1512 - deps: serve-index@~1.1.6
1513 - deps: serve-static@~1.5.1
1514 * deps: parseurl@~1.3.0
1519 * deps: connect@2.25.3
1520 - deps: multiparty@3.3.2
1525 * deps: connect@2.25.2
1526 - deps: body-parser@~1.6.2
1532 * deps: connect@2.25.1
1533 - deps: body-parser@~1.6.1
1539 * deps: connect@2.25.0
1540 - deps: body-parser@~1.6.0
1541 - deps: compression@~1.0.10
1542 - deps: csurf@~1.4.0
1543 - deps: express-session@~1.7.4
1545 - deps: serve-static@~1.5.0
1547 - Add `extensions` option
1552 * fix `res.sendfile` regression for serving directory index files
1553 * deps: connect@2.24.3
1554 - deps: serve-index@~1.1.5
1555 - deps: serve-static@~1.4.4
1557 - Fix incorrect 403 on Windows and Node.js 0.11
1558 - Fix serving index files without root dir
1563 * deps: connect@2.24.2
1564 - deps: body-parser@~1.5.2
1566 - deps: express-session@~1.7.2
1567 - deps: morgan@~1.2.2
1568 - deps: serve-static@~1.4.2
1570 - Work-around v8 generating empty stack traces
1577 * deps: connect@2.24.1
1578 - deps: body-parser@~1.5.1
1580 - deps: express-session@~1.7.1
1581 - deps: morgan@~1.2.1
1582 - deps: serve-index@~1.1.4
1583 - deps: serve-static@~1.4.1
1585 - Fix exception when global `Error.stackTraceLimit` is too low
1592 * Fix `req.protocol` for proxy-direct connections
1593 * Pass options from `res.sendfile` to `send`
1594 * deps: connect@2.24.0
1595 - deps: body-parser@~1.5.0
1596 - deps: compression@~1.0.9
1597 - deps: connect-timeout@~1.2.1
1600 - deps: express-session@~1.7.0
1601 - deps: finalhandler@0.1.0
1602 - deps: method-override@~2.1.2
1603 - deps: morgan@~1.2.0
1604 - deps: multiparty@3.3.1
1605 - deps: parseurl@~1.2.0
1606 - deps: serve-static@~1.4.0
1609 - Add `TRACE_DEPRECATION` environment variable
1610 - Remove non-standard grey color from color output
1611 - Support `--no-deprecation` argument
1612 - Support `--trace-deprecation` argument
1613 * deps: parseurl@~1.2.0
1614 - Cache URLs based on original value
1615 - Remove no-longer-needed URL mis-parse work-around
1616 - Simplify the "fast-path" `RegExp`
1618 - Add `dotfiles` option
1619 - Cap `maxAge` value to 1 year
1626 * add explicit "Rosetta Flash JSONP abuse" protection
1627 - previous versions are not vulnerable; this is just explicit protection
1628 * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
1629 * fix `res.send(status, num)` to send `num` as json (not error)
1630 * remove unnecessary escaping when `res.jsonp` returns JSON response
1631 * deps: basic-auth@1.0.0
1632 - support empty password
1633 - support empty username
1634 * deps: connect@2.23.0
1636 - deps: express-session@~1.6.4
1637 - deps: method-override@~2.1.0
1638 - deps: parseurl@~1.1.3
1639 - deps: serve-static@~1.3.1
1641 - Add support for multiple wildcards in namespaces
1642 * deps: methods@1.1.0
1644 * deps: parseurl@~1.1.3
1645 - faster parsing of href-only URLs
1650 * add deprecation message to `app.configure`
1651 * add deprecation message to `req.auth`
1652 * use `basic-auth` to parse `Authorization` header
1653 * deps: connect@2.22.0
1654 - deps: csurf@~1.3.0
1655 - deps: express-session@~1.6.1
1656 - deps: multiparty@3.3.0
1657 - deps: serve-static@~1.3.0
1659 - Accept string for `maxage` (converted by `ms`)
1660 - Include link in default redirect response
1665 * deps: connect@2.21.1
1666 - deps: cookie-parser@1.3.2
1667 - deps: cookie-signature@1.0.4
1668 - deps: express-session@~1.5.2
1669 - deps: type-is@~1.3.2
1670 * deps: cookie-signature@1.0.4
1671 - fix for timing attacks
1676 * use `media-typer` to alter content-type charset
1677 * deps: connect@2.21.0
1678 - deprecate `connect(middleware)` -- use `app.use(middleware)` instead
1679 - deprecate `connect.createServer()` -- use `connect()` instead
1680 - fix `res.setHeader()` patch to work with with get -> append -> set pattern
1681 - deps: compression@~1.0.8
1682 - deps: errorhandler@~1.1.1
1683 - deps: express-session@~1.5.0
1684 - deps: serve-index@~1.1.3
1689 * deprecate things with `depd` module
1690 * deps: buffer-crc32@0.2.3
1691 * deps: connect@2.20.2
1692 - deprecate `verify` option to `json` -- use `body-parser` npm module instead
1693 - deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
1694 - deprecate things with `depd` module
1695 - use `finalhandler` for final response handling
1696 - use `media-typer` to parse `content-type` for charset
1697 - deps: body-parser@1.4.3
1698 - deps: connect-timeout@1.1.1
1699 - deps: cookie-parser@1.3.1
1701 - deps: errorhandler@1.1.0
1702 - deps: express-session@1.4.0
1703 - deps: multiparty@3.2.9
1704 - deps: serve-index@1.1.2
1705 - deps: type-is@1.3.1
1711 * deps: connect@2.19.6
1712 - deps: body-parser@1.3.1
1713 - deps: compression@1.0.7
1715 - deps: serve-index@1.1.1
1716 - deps: serve-static@1.2.3
1719 - Do not throw un-catchable error on file open race condition
1720 - Use `escape-html` for HTML escaping
1722 - deps: finished@1.2.2
1728 * deps: connect@2.19.5
1729 - fix "event emitter leak" warnings
1732 - deps: serve-static@1.2.2
1733 - deps: type-is@1.2.1
1736 - fix "event emitter leak" warnings
1737 - deps: finished@1.2.1
1743 * use `vary` module for `res.vary`
1744 * deps: connect@2.19.4
1745 - deps: errorhandler@1.0.2
1746 - deps: method-override@2.0.2
1747 - deps: serve-favicon@2.0.1
1753 * deps: connect@2.19.3
1754 - deps: compression@1.0.6
1759 * deps: connect@2.19.2
1760 - deps: compression@1.0.4
1761 * deps: proxy-addr@1.0.1
1766 * deps: connect@2.19.1
1767 - deprecate `methodOverride()` -- use `method-override` npm module instead
1768 - deps: body-parser@1.3.0
1769 - deps: method-override@2.0.1
1770 - deps: multiparty@3.2.8
1771 - deps: response-time@2.0.0
1772 - deps: serve-static@1.2.1
1773 * deps: methods@1.0.1
1775 - Send `max-age` in `Cache-Control` in correct format
1780 * custom etag control with `app.set('etag', val)`
1781 - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
1782 - `app.set('etag', 'weak')` weak tag
1783 - `app.set('etag', 'strong')` strong etag
1784 - `app.set('etag', false)` turn off
1785 - `app.set('etag', true)` standard etag
1786 * Include ETag in HEAD requests
1787 * mark `res.send` ETag as weak and reduce collisions
1788 * update connect to 2.18.0
1789 - deps: compression@1.0.3
1790 - deps: serve-index@1.1.0
1791 - deps: serve-static@1.2.0
1792 * update send to 0.4.0
1793 - Calculate ETag with md5 for reduced collisions
1794 - Ignore stream errors after request ends
1800 * update connect to 2.17.3
1801 - deps: body-parser@1.2.2
1802 - deps: express-session@1.2.1
1803 - deps: method-override@1.0.2
1808 * keep previous `Content-Type` for `res.jsonp`
1809 * set proper `charset` in `Content-Type` for `res.send`
1810 * update connect to 2.17.1
1811 - fix `res.charset` appending charset when `content-type` has one
1812 - deps: express-session@1.2.0
1813 - deps: morgan@1.1.1
1814 - deps: serve-index@1.0.3
1819 * proper proxy trust with `app.set('trust proxy', trust)`
1820 - `app.set('trust proxy', 1)` trust first hop
1821 - `app.set('trust proxy', 'loopback')` trust loopback addresses
1822 - `app.set('trust proxy', '10.0.0.1')` trust single IP
1823 - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
1824 - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
1825 - `app.set('trust proxy', false)` turn off
1826 - `app.set('trust proxy', true)` trust everything
1827 * update connect to 2.16.2
1828 - deprecate `res.headerSent` -- use `res.headersSent`
1829 - deprecate `res.on("header")` -- use on-headers module instead
1830 - fix edge-case in `res.appendHeader` that would append in wrong order
1831 - json: use body-parser
1832 - urlencoded: use body-parser
1834 - dep: cookie-parser@1.1.0
1836 - dep: express-session@1.1.0
1837 - dep: method-override@1.0.1
1842 * deprecate `app.del()` -- use `app.delete()` instead
1843 * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
1844 - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
1845 * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
1846 - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
1847 * support PURGE method
1849 - add `router.purge`
1850 - include PURGE in `app.all`
1851 * update connect to 2.15.0
1852 * Add `res.appendHeader`
1853 * Call error stack even when response has been sent
1854 * Patch `res.headerSent` to return Boolean
1855 * Patch `res.headersSent` for node.js 0.8
1856 * Prevent default 404 handler after response sent
1857 * dep: compression@1.0.2
1858 * dep: connect-timeout@1.1.0
1860 * dep: errorhandler@1.0.1
1861 * dep: express-session@1.0.4
1863 * dep: serve-favicon@2.0.0
1864 * dep: serve-index@1.0.2
1865 * update debug to 0.8.0
1866 * add `enable()` method
1867 * change from stderr to stdout
1868 * update methods to 1.0.0
1870 * update mkdirp to 0.5.0
1875 * fix `req.host` for IPv6 literals
1876 * fix `res.jsonp` error if callback param is object
1881 * update connect to 2.14.5
1882 * update cookie to 0.1.2
1883 * update mkdirp to 0.4.0
1884 * update send to 0.3.0
1889 * pin less-middleware in generated app
1899 * prevent incorrect automatic OPTIONS responses #1868 @dpatti
1900 * update binary and examples for jade 1.0 #1876 @yossi, #1877 @reqshark, #1892 @matheusazzi
1901 * throw 400 in case of malformed paths @rlidwka
1911 * update connect (raw-body)
1917 * res.location: remove leading ./ #1802 @kapouer
1918 * res.redirect: fix `res.redirect('toString') #1829 @michaelficarra
1919 * res.send: always send ETag when content-length > 0
1920 * router: add Router.all() method
1928 * express(1): replace bodyParser() with urlencoded() and json() #1795 @chirag04
1939 * downgrade commander
1946 * jsonp: check if callback is a function
1947 * router: wrap encodeURIComponent in a try/catch #1735 (@lxe)
1948 * res.format: now includes charset @1747 (@sorribas)
1949 * res.links: allow multiple calls @1746 (@sorribas)
1954 * add res.vary(). Closes #1682
1970 * Revert "remove charset from json responses. Closes #1631" (causes issues in some clients)
1971 * add: req.accepts take an argument list
1976 * update send and connect
1988 * remove .version export
1999 * add support for multiple X-Forwarded-Proto values. Closes #1646
2000 * change: remove charset from json responses. Closes #1631
2001 * change: return actual booleans from req.accept* functions
2002 * fix jsonp callback array throw
2013 * update node-cookie
2014 * add: throw a meaningful error when there is no default engine
2015 * change generation of ETags with res.send() to GET requests only. Closes #1619
2020 * fix `req.subdomains` when no Host is present
2021 * fix `req.host` when no Host is present, return undefined
2026 * update connect / qs
2036 * add app.VERB() paths array deprecation warning
2038 * update qs and remove all ~ semver crap
2039 * fix: accept number as value of Signed Cookie
2044 * add "view" constructor setting to override view behaviour
2045 * add req.acceptsEncoding(name)
2046 * add req.acceptedEncodings
2047 * revert cookie signature change causing session race conditions
2048 * fix sorting of Accept values of the same quality
2053 * add support for custom Accept parameters
2054 * update cookie-signature
2059 * add X-Forwarded-Host support to `req.host`
2060 * fix relative redirects
2062 * update buffer-crc32
2063 * remove legacy app.configure() method from app template.
2068 * add support for leading "." in "view engine" setting
2069 * add array support to `res.set()`
2070 * add node 0.8.x to travis.yml
2071 * add "subdomain offset" setting for tweaking `req.subdomains`
2072 * add `res.location(url)` implementing `res.redirect()`-like setting of Location
2073 * use app.get() for x-powered-by setting for inheritance
2074 * fix colons in passwords for `req.auth`
2079 * add http verb methods to Router
2081 * fix mangling of the `res.cookie()` options object
2082 * fix jsonp whitespace escape. Closes #1132
2087 * add throwing when a non-function is passed to a route
2088 * fix: explicitly remove Transfer-Encoding header from 204 and 304 responses
2089 * revert "add 'etag' option"
2094 * add 'etag' option to disable `res.send()` Etags
2095 * add escaping of urls in text/plain in `res.redirect()`
2096 for old browsers interpreting as html
2097 * change crc32 module for a more liberal license
2104 * update cookie module
2105 * fix cookie max-age
2110 * add OPTIONS to cors example. Closes #1398
2111 * fix route chaining regression. Closes #1397
2122 * add "Basic" check to req.auth
2123 * add `req.auth` test coverage
2124 * add cb && cb(payload) to `res.jsonp()`. Closes #1374
2125 * add backwards compat for `res.redirect()` status. Closes #1336
2126 * add support for `res.json()` to retain previously defined Content-Types. Closes #1349
2128 * change `res.redirect()` to utilize a pathname-relative Location again. Closes #1382
2129 * remove non-primitive string support for `res.send()`
2130 * fix view-locals example. Closes #1370
2131 * fix route-separation example
2133 3.0.0rc5 / 2012-09-18
2137 * add redis search example
2138 * add static-files example
2139 * add "x-powered-by" setting (`app.disable('x-powered-by')`)
2140 * add "application/octet-stream" redirect Accept test case. Closes #1317
2142 3.0.0rc4 / 2012-08-30
2145 * add `res.jsonp()`. Closes #1307
2146 * add "verbose errors" option to error-pages example
2147 * add another route example to express(1) so people are not so confused
2148 * add redis online user activity tracking example
2149 * update connect dep
2150 * fix etag quoting. Closes #1310
2151 * fix error-pages 404 status
2152 * fix jsonp callback char restrictions
2153 * remove old OPTIONS default response
2155 3.0.0rc3 / 2012-08-13
2158 * update connect dep
2159 * fix signed cookies to work with `connect.cookieParser()` ("s:" prefix was missing) [tnydwrds]
2160 * fix `res.render()` clobbering of "locals"
2162 3.0.0rc2 / 2012-08-03
2166 * update connect dep
2167 * deprecate `.createServer()` & remove old stale examples
2168 * fix: escape `res.redirect()` link
2171 3.0.0rc1 / 2012-07-24
2174 * add more examples to view-locals
2175 * add scheme-relative redirects (`res.redirect("//foo.com")`) support
2177 * update connect dep
2179 * fix `express(1)` -h flag, use -H for hogan. Closes #1245
2180 * fix `res.sendfile()` socket error handling regression
2182 3.0.0beta7 / 2012-07-16
2185 * update connect dep for `send()` root normalization regression
2187 3.0.0beta6 / 2012-07-13
2190 * add `err.view` property for view errors. Closes #1226
2191 * add "jsonp callback name" setting
2192 * add support for "/foo/:bar*" non-greedy matches
2193 * change `res.sendfile()` to use `send()` module
2194 * change `res.send` to use "response-send" module
2195 * remove `app.locals.use` and `res.locals.use`, use regular middleware
2197 3.0.0beta5 / 2012-07-03
2200 * add "make check" support
2201 * add route-map example
2202 * add `res.json(obj, status)` support back for BC
2203 * add "methods" dep, remove internal methods module
2204 * update connect dep
2205 * update auth example to utilize cores pbkdf2
2206 * updated tests to use "supertest"
2208 3.0.0beta4 / 2012-06-25
2212 * Added `req.range(size)`
2213 * Added `res.links(obj)`
2214 * Added `res.send(body, status)` support back for backwards compat
2215 * Added `.default()` support to `res.format()`
2216 * Added 2xx / 304 check to `req.fresh`
2217 * Revert "Added + support to the router"
2218 * Fixed `res.send()` freshness check, respect res.statusCode
2220 3.0.0beta3 / 2012-06-15
2223 * Added hogan `--hjs` to express(1) [nullfirm]
2224 * Added another example to content-negotiation
2226 * Changed: `res.send()` always checks freshness
2227 * Fixed: expose connects mime module. Closes #1165
2229 3.0.0beta2 / 2012-06-06
2232 * Added `+` support to the router
2234 * Changed `req.param()` to check route first
2235 * Update connect dep
2237 3.0.0beta1 / 2012-06-01
2240 * Added `res.format()` callback to override default 406 behaviour
2241 * Fixed `res.redirect()` 406. Closes #1154
2243 3.0.0alpha5 / 2012-05-30
2247 * Added `{ signed: true }` option to `res.cookie()`
2248 * Removed `res.signedCookie()`
2249 * Changed: dont reverse `req.ips`
2250 * Fixed "trust proxy" setting check for `req.ips`
2252 3.0.0alpha4 / 2012-05-09
2255 * Added: allow `[]` in jsonp callback. Closes #1128
2256 * Added `PORT` env var support in generated template. Closes #1118 [benatkin]
2257 * Updated: connect 2.2.2
2259 3.0.0alpha3 / 2012-05-04
2262 * Added public `app.routes`. Closes #887
2263 * Added _view-locals_ example
2264 * Added _mvc_ example
2265 * Added `res.locals.use()`. Closes #1120
2266 * Added conditional-GET support to `res.send()`
2267 * Added: coerce `res.set()` values to strings
2268 * Changed: moved `static()` in generated apps below router
2269 * Changed: `res.send()` only set ETag when not previously set
2270 * Changed connect 2.2.1 dep
2271 * Changed: `make test` now runs unit / acceptance tests
2272 * Fixed req/res proto inheritance
2274 3.0.0alpha2 / 2012-04-26
2277 * Added `make benchmark` back
2278 * Added `res.send()` support for `String` objects
2279 * Added client-side data exposing example
2280 * Added `res.header()` and `req.header()` aliases for BC
2281 * Added `express.createServer()` for BC
2282 * Perf: memoize parsed urls
2283 * Perf: connect 2.2.0 dep
2284 * Changed: make `expressInit()` middleware self-aware
2285 * Fixed: use app.get() for all core settings
2286 * Fixed redis session example
2287 * Fixed session example. Closes #1105
2288 * Fixed generated express dep. Closes #1078
2290 3.0.0alpha1 / 2012-04-15
2293 * Added `app.locals.use(callback)`
2294 * Added `app.locals` object
2295 * Added `app.locals(obj)`
2296 * Added `res.locals` object
2297 * Added `res.locals(obj)`
2298 * Added `res.format()` for content-negotiation
2299 * Added `app.engine()`
2300 * Added `res.cookie()` JSON cookie support
2301 * Added "trust proxy" setting
2302 * Added `req.subdomains`
2303 * Added `req.protocol`
2304 * Added `req.secure`
2309 * Added comma-delimited / array support for `req.accepts()`
2310 * Added debug instrumentation
2311 * Added `res.set(obj)`
2312 * Added `res.set(field, value)`
2313 * Added `res.get(field)`
2314 * Added `app.get(setting)`. Closes #842
2315 * Added `req.acceptsLanguage()`
2316 * Added `req.acceptsCharset()`
2317 * Added `req.accepted`
2318 * Added `req.acceptedLanguages`
2319 * Added `req.acceptedCharsets`
2320 * Added "json replacer" setting
2321 * Added "json spaces" setting
2322 * Added X-Forwarded-Proto support to `res.redirect()`. Closes #92
2323 * Added `--less` support to express(1)
2324 * Added `express.response` prototype
2325 * Added `express.request` prototype
2326 * Added `express.application` prototype
2327 * Added `app.path()`
2328 * Added `app.render()`
2329 * Added `res.type()` to replace `res.contentType()`
2330 * Changed: `res.redirect()` to add relative support
2331 * Changed: enable "jsonp callback" by default
2332 * Changed: renamed "case sensitive routes" to "case sensitive routing"
2333 * Rewrite of all tests with mocha
2334 * Removed "root" setting
2335 * Removed `res.redirect('home')` support
2336 * Removed `req.notify()`
2337 * Removed `app.register()`
2338 * Removed `app.redirect()`
2339 * Removed `app.is()`
2340 * Removed `app.helpers()`
2341 * Removed `app.dynamicHelpers()`
2342 * Fixed `res.sendfile()` with non-GET. Closes #723
2343 * Fixed express(1) public dir for windows. Closes #866
2348 * Added support for PURGE request method [pbuyle]
2349 * Fixed `express(1)` generated app `app.address()` before `listening` [mmalecki]
2354 * Update mkdirp dep. Closes #991
2359 * Fixed `app.all` duplicate DELETE requests [mscdex]
2364 * Updated hamljs dev dep. Closes #953
2369 * Fixed: set `filename` on cached templates [matthewleon]
2374 * Fixed `express(1)` eol on 0.4.x. Closes #947
2379 * Fixed `req.is()` when a charset is present
2384 * Fixed: express(1) LF -> CRLF for windows
2389 * Changed: updated connect to 1.8.x
2390 * Removed sass.js support from express(1)
2395 * Added ./routes dir for generated app by default
2396 * Added npm install reminder to express(1) app gen
2397 * Added 0.5.x support
2398 * Removed `make test-cov` since it wont work with node 0.5.x
2399 * Fixed express(1) public dir for windows. Closes #866
2404 * Added mkdirp to express(1). Closes #795
2405 * Added simple _json-config_ example
2406 * Added shorthand for the parsed request's pathname via `req.path`
2407 * Changed connect dep to 1.7.x to fix npm issue...
2408 * Fixed `res.redirect()` __HEAD__ support. [reported by xerox]
2409 * Fixed `req.flash()`, only escape args
2410 * Fixed absolute path checking on windows. Closes #829 [reported by andrewpmckenzie]
2415 * Fixed multiple param callback regression. Closes #824 [reported by TroyGoode]
2420 * Added support for routes to handle errors. Closes #809
2421 * Added `app.routes.all()`. Closes #803
2422 * Added "basepath" setting to work in conjunction with reverse proxies etc.
2423 * Refactored `Route` to use a single array of callbacks
2424 * Added support for multiple callbacks for `app.param()`. Closes #801
2426 * Changed: removed .call(self) for route callbacks
2427 * Dependency: `qs >= 0.3.1`
2428 * Fixed `res.redirect()` on windows due to `join()` usage. Closes #808
2433 * Fixed `res.header()` intention of a set, even when `undefined`
2434 * Fixed `*`, value no longer required
2435 * Fixed `res.send(204)` support. Closes #771
2440 * Added docs for `status` option special-case. Closes #739
2441 * Fixed `options.filename`, exposing the view path to template engines
2446 * Revert "removed jsonp stripping" for XSS
2451 * Added `res.json()` JSONP support. Closes #737
2452 * Added _extending-templates_ example. Closes #730
2453 * Added "strict routing" setting for trailing slashes
2454 * Added support for multiple envs in `app.configure()` calls. Closes #735
2455 * Changed: `res.send()` using `res.json()`
2456 * Changed: when cookie `path === null` don't default it
2457 * Changed; default cookie path to "home" setting. Closes #731
2458 * Removed _pids/logs_ creation from express(1)
2463 * Added chainable `res.status(code)`
2464 * Added `res.json()`, an explicit version of `res.send(obj)`
2465 * Added simple web-service example
2470 * \#express is now on freenode! come join!
2471 * Added `req.get(field, param)`
2472 * Added links to Japanese documentation, thanks @hideyukisaito!
2473 * Added; the `express(1)` generated app outputs the env
2474 * Added `content-negotiation` example
2475 * Dependency: connect >= 1.5.1 < 2.0.0
2476 * Fixed view layout bug. Closes #720
2477 * Fixed; ignore body on 304. Closes #701
2483 * Removed generation of dummy test file from `express(1)`
2484 * Fixed; `express(1)` adds express as a dep
2485 * Fixed; prune on `prepublish`
2490 * Added `req.route`, exposing the current route
2491 * Added _package.json_ generation support to `express(1)`
2492 * Fixed call to `app.param()` function for optional params. Closes #682
2497 * Fixed bug-ish with `../' in `res.partial()` calls
2502 * Fixed `app.options()`
2507 * Added route `Collection`, ex: `app.get('/user/:id').remove();`
2508 * Added support for `app.param(fn)` to define param logic
2509 * Removed `app.param()` support for callback with return value
2510 * Removed module.parent check from express(1) generated app. Closes #670
2511 * Refactored router. Closes #639
2516 * Changed; using devDependencies instead of git submodules
2517 * Fixed redis session example
2518 * Fixed markdown example
2519 * Fixed view caching, should not be enabled in development
2524 * Added export `.view` as alias for `.View`
2529 * Added `./examples/say`
2530 * Fixed `res.sendfile()` bug preventing the transfer of files with spaces
2535 * Added "case sensitive routes" option.
2536 * Changed; split methods supported per rfc [slaskis]
2537 * Fixed route-specific middleware when using the same callback function several times
2547 * Added `app.match()` as `app.match.all()`
2548 * Added `app.lookup()` as `app.lookup.all()`
2549 * Added `app.remove()` for `app.remove.all()`
2550 * Added `app.remove.VERB()`
2551 * Fixed template caching collision issue. Closes #644
2552 * Moved router over from connect and started refactor
2557 * Added options support to `res.clearCookie()`
2558 * Added `res.helpers()` as alias of `res.locals()`
2559 * Added; json defaults to UTF-8 with `res.send()`. Closes #632. [Daniel * Dependency `connect >= 1.4.0`
2560 * Changed; auto set Content-Type in res.attachement [Aaron Heckmann]
2561 * Renamed "cache views" to "view cache". Closes #628
2562 * Fixed caching of views when using several apps. Closes #637
2563 * Fixed gotcha invoking `app.param()` callbacks once per route middleware.
2565 * Fixed partial lookup precedence. Closes #631
2571 * Added second callback support for `res.download()` connection errors
2572 * Fixed `filename` option passing to template engine
2577 * Added `layout(path)` helper to change the layout within a view. Closes #610
2578 * Fixed `partial()` collection object support.
2579 Previously only anything with `.length` would work.
2580 When `.length` is present one must still be aware of holes,
2581 however now `{ collection: {foo: 'bar'}}` is valid, exposes
2582 `keyInCollection` and `keysInCollection`.
2584 * Performance improved with better view caching
2585 * Removed `request` and `response` locals
2586 * Changed; errorHandler page title is now `Express` instead of `Connect`
2591 * Added `app.lookup.VERB()`, ex `app.lookup.put('/user/:id')`. Closes #606
2592 * Added `app.match.VERB()`, ex `app.match.put('/user/12')`. Closes #606
2593 * Added `app.VERB(path)` as alias of `app.lookup.VERB()`.
2594 * Dependency `connect >= 1.2.0`
2599 * Added; expose `err.view` object when failing to locate a view
2600 * Fixed `res.partial()` call `next(err)` when no callback is given [reported by aheckmann]
2601 * Fixed; `res.send(undefined)` responds with 204 [aheckmann]
2606 * Added `<root>/_?<name>` partial lookup support. Closes #447
2607 * Added `request`, `response`, and `app` local variables
2608 * Added `settings` local variable, containing the app's settings
2609 * Added `req.flash()` exception if `req.session` is not available
2610 * Added `res.send(bool)` support (json response)
2611 * Fixed stylus example for latest version
2612 * Fixed; wrap try/catch around `res.render()`
2617 * Fixed up index view path alternative.
2618 * Changed; `res.locals()` without object returns the locals
2620 2.0.0rc3 / 2011-03-17
2623 * Added `res.locals(obj)` to compliment `res.local(key, val)`
2624 * Added `res.partial()` callback support
2625 * Fixed recursive error reporting issue in `res.render()`
2627 2.0.0rc2 / 2011-03-17
2630 * Changed; `partial()` "locals" are now optional
2631 * Fixed `SlowBuffer` support. Closes #584 [reported by tyrda01]
2632 * Fixed .filename view engine option [reported by drudge]
2633 * Fixed blog example
2634 * Fixed `{req,res}.app` reference when mounting [Ben Weaver]
2636 2.0.0rc / 2011-03-14
2639 * Fixed; expose `HTTPSServer` constructor
2640 * Fixed express(1) default test charset. Closes #579 [reported by secoif]
2641 * Fixed; default charset to utf-8 instead of utf8 for lame IE [reported by NickP]
2643 2.0.0beta3 / 2011-03-09
2646 * Added support for `res.contentType()` literal
2647 The original `res.contentType('.json')`,
2648 `res.contentType('application/json')`, and `res.contentType('json')`
2650 * Added `res.render()` status option support back
2651 * Added charset option for `res.render()`
2652 * Added `.charset` support (via connect 1.0.4)
2653 * Added view resolution hints when in development and a lookup fails
2654 * Added layout lookup support relative to the page view.
2655 For example while rendering `./views/user/index.jade` if you create
2656 `./views/user/layout.jade` it will be used in favour of the root layout.
2657 * Fixed `res.redirect()`. RFC states absolute url [reported by unlink]
2658 * Fixed; default `res.send()` string charset to utf8
2659 * Removed `Partial` constructor (not currently used)
2661 2.0.0beta2 / 2011-03-07
2664 * Added res.render() `.locals` support back to aid in migration process
2665 * Fixed flash example
2667 2.0.0beta / 2011-03-03
2670 * Added HTTPS support
2671 * Added `res.cookie()` maxAge support
2672 * Added `req.header()` _Referrer_ / _Referer_ special-case, either works
2673 * Added mount support for `res.redirect()`, now respects the mount-point
2674 * Added `union()` util, taking place of `merge(clone())` combo
2675 * Added stylus support to express(1) generated app
2676 * Added secret to session middleware used in examples and generated app
2677 * Added `res.local(name, val)` for progressive view locals
2678 * Added default param support to `req.param(name, default)`
2679 * Added `app.disabled()` and `app.enabled()`
2680 * Added `app.register()` support for omitting leading ".", either works
2681 * Added `res.partial()`, using the same interface as `partial()` within a view. Closes #539
2682 * Added `app.param()` to map route params to async/sync logic
2683 * Added; aliased `app.helpers()` as `app.locals()`. Closes #481
2684 * Added extname with no leading "." support to `res.contentType()`
2685 * Added `cache views` setting, defaulting to enabled in "production" env
2686 * Added index file partial resolution, eg: partial('user') may try _views/user/index.jade_.
2687 * Added `req.accepts()` support for extensions
2688 * Changed; `res.download()` and `res.sendfile()` now utilize Connect's
2689 static file server `connect.static.send()`.
2690 * Changed; replaced `connect.utils.mime()` with npm _mime_ module
2691 * Changed; allow `req.query` to be pre-defined (via middleware or other parent
2692 * Changed view partial resolution, now relative to parent view
2693 * Changed view engine signature. no longer `engine.render(str, options, callback)`, now `engine.compile(str, options) -> Function`, the returned function accepts `fn(locals)`.
2694 * Fixed `req.param()` bug returning Array.prototype methods. Closes #552
2695 * Fixed; using `Stream#pipe()` instead of `sys.pump()` in `res.sendfile()`
2696 * Fixed; using _qs_ module instead of _querystring_
2697 * Fixed; strip unsafe chars from jsonp callbacks
2698 * Removed "stream threshold" setting
2703 * Allow `req.query` to be pre-defined (via middleware or other parent app)
2704 * "connect": ">= 0.5.0 < 1.0.0". Closes #547
2705 * Removed the long deprecated __EXPRESS_ENV__ support
2710 * Fixed `render()` setting inheritance.
2711 Mounted apps would not inherit "view engine"
2716 * Fixed `view engine` setting bug when period is in dirname
2721 * Added secret to generated app `session()` call
2726 * Added `qs` dependency to _package.json_
2727 * Fixed namespaced `require()`s for latest connect support
2732 * Remove unsafe characters from JSONP callback names [Ryan Grove]
2737 * Removed nested require, using `connect.router`
2742 * Fixed for middleware stacked via `createServer()`
2743 previously the `foo` middleware passed to `createServer(foo)`
2744 would not have access to Express methods such as `res.send()`
2745 or props like `req.query` etc.
2750 * Added; deduce partial object names from the last segment.
2751 For example by default `partial('forum/post', postObject)` will
2752 give you the _post_ object, providing a meaningful default.
2753 * Added http status code string representation to `res.redirect()` body
2754 * Added; `res.redirect()` supporting _text/plain_ and _text/html_ via __Accept__.
2755 * Added `req.is()` to aid in content negotiation
2756 * Added partial local inheritance [suggested by masylum]. Closes #102
2757 providing access to parent template locals.
2758 * Added _-s, --session[s]_ flag to express(1) to add session related middleware
2759 * Added _--template_ flag to express(1) to specify the
2760 template engine to use.
2761 * Added _--css_ flag to express(1) to specify the
2762 stylesheet engine to use (or just plain css by default).
2763 * Added `app.all()` support [thanks aheckmann]
2764 * Added partial direct object support.
2765 You may now `partial('user', user)` providing the "user" local,
2766 vs previously `partial('user', { object: user })`.
2767 * Added _route-separation_ example since many people question ways
2768 to do this with CommonJS modules. Also view the _blog_ example for
2770 * Performance; caching view path derived partial object names
2771 * Fixed partial local inheritance precedence. [reported by Nick Poulden] Closes #454
2772 * Fixed jsonp support; _text/javascript_ as per mailinglist discussion
2774 1.0.0rc4 / 2010-10-14
2777 * Added _NODE_ENV_ support, _EXPRESS_ENV_ is deprecated and will be removed in 1.0.0
2778 * Added route-middleware support (very helpful, see the [docs](http://expressjs.com/guide.html#Route-Middleware))
2779 * Added _jsonp callback_ setting to enable/disable jsonp autowrapping [Dav Glass]
2780 * Added callback query check on response.send to autowrap JSON objects for simple webservice implementations [Dav Glass]
2781 * Added `partial()` support for array-like collections. Closes #434
2782 * Added support for swappable querystring parsers
2783 * Added session usage docs. Closes #443
2784 * Added dynamic helper caching. Closes #439 [suggested by maritz]
2785 * Added authentication example
2786 * Added basic Range support to `res.sendfile()` (and `res.download()` etc)
2787 * Changed; `express(1)` generated app using 2 spaces instead of 4
2788 * Default env to "development" again [aheckmann]
2789 * Removed _context_ option is no more, use "scope"
2790 * Fixed; exposing _./support_ libs to examples so they can run without installs
2793 1.0.0rc3 / 2010-09-20
2796 * Added confirmation for `express(1)` app generation. Closes #391
2797 * Added extending of flash formatters via `app.flashFormatters`
2798 * Added flash formatter support. Closes #411
2799 * Added streaming support to `res.sendfile()` using `sys.pump()` when >= "stream threshold"
2800 * Added _stream threshold_ setting for `res.sendfile()`
2801 * Added `res.send()` __HEAD__ support
2802 * Added `res.clearCookie()`
2803 * Added `res.cookie()`
2804 * Added `res.render()` headers option
2805 * Added `res.redirect()` response bodies
2806 * Added `res.render()` status option support. Closes #425 [thanks aheckmann]
2807 * Fixed `res.sendfile()` responding with 403 on malicious path
2808 * Fixed `res.download()` bug; when an error occurs remove _Content-Disposition_
2809 * Fixed; mounted apps settings now inherit from parent app [aheckmann]
2810 * Fixed; stripping Content-Length / Content-Type when 204
2811 * Fixed `res.send()` 204. Closes #419
2812 * Fixed multiple _Set-Cookie_ headers via `res.header()`. Closes #402
2813 * Fixed bug messing with error handlers when `listenFD()` is called instead of `listen()`. [thanks guillermo]
2816 1.0.0rc2 / 2010-08-17
2819 * Added `app.register()` for template engine mapping. Closes #390
2820 * Added `res.render()` callback support as second argument (no options)
2821 * Added callback support to `res.download()`
2822 * Added callback support for `res.sendfile()`
2823 * Added support for middleware access via `express.middlewareName()` vs `connect.middlewareName()`
2824 * Added "partials" setting to docs
2825 * Added default expresso tests to `express(1)` generated app. Closes #384
2826 * Fixed `res.sendfile()` error handling, defer via `next()`
2827 * Fixed `res.render()` callback when a layout is used [thanks guillermo]
2828 * Fixed; `make install` creating ~/.node_libraries when not present
2829 * Fixed issue preventing error handlers from being defined anywhere. Closes #387
2831 1.0.0rc / 2010-07-28
2834 * Added mounted hook. Closes #369
2835 * Added connect dependency to _package.json_
2837 * Removed "reload views" setting and support code
2838 development env never caches, production always caches.
2840 * Removed _param_ in route callbacks, signature is now
2841 simply (req, res, next), previously (req, res, params, next).
2842 Use _req.params_ for path captures, _req.query_ for GET params.
2844 * Fixed "home" setting
2845 * Fixed middleware/router precedence issue. Closes #366
2846 * Fixed; _configure()_ callbacks called immediately. Closes #368
2848 1.0.0beta2 / 2010-07-23
2851 * Added more examples
2852 * Added; exporting `Server` constructor
2853 * Added `Server#helpers()` for view locals
2854 * Added `Server#dynamicHelpers()` for dynamic view locals. Closes #349
2855 * Added support for absolute view paths
2856 * Added; _home_ setting defaults to `Server#route` for mounted apps. Closes #363
2857 * Added Guillermo Rauch to the contributor list
2858 * Added support for "as" for non-collection partials. Closes #341
2859 * Fixed _install.sh_, ensuring _~/.node_libraries_ exists. Closes #362 [thanks jf]
2860 * Fixed `res.render()` exceptions, now passed to `next()` when no callback is given [thanks guillermo]
2861 * Fixed instanceof `Array` checks, now `Array.isArray()`
2862 * Fixed express(1) expansion of public dirs. Closes #348
2863 * Fixed middleware precedence. Closes #345
2864 * Fixed view watcher, now async [thanks aheckmann]
2866 1.0.0beta / 2010-07-15
2872 - Check [ExpressJS.com](http://expressjs.com) for migration guide and updated docs
2877 * Utilize relative requires
2878 * Added Static bufferSize option [aheckmann]
2879 * Fixed caching of view and partial subdirectories [aheckmann]
2880 * Fixed mime.type() comments now that ".ext" is not supported
2881 * Updated haml submodule
2882 * Updated class submodule
2883 * Removed bin/express
2888 * Added node v0.1.97 compatibility
2889 * Added support for deleting cookies via Request#cookie('key', null)
2890 * Updated haml submodule
2891 * Fixed not-found page, now using using charset utf-8
2892 * Fixed show-exceptions page, now using using charset utf-8
2893 * Fixed view support due to fs.readFile Buffers
2894 * Changed; mime.type() no longer accepts ".type" due to node extname() changes
2899 * Added node v0.1.96 compatibility
2900 * Added view `helpers` export which act as additional local variables
2901 * Updated haml submodule
2902 * Changed ETag; removed inode, modified time only
2903 * Fixed LF to CRLF for setting multiple cookies
2904 * Fixed cookie complation; values are now urlencoded
2905 * Fixed cookies parsing; accepts quoted values and url escaped cookies
2910 * Added support for layouts using different engines
2911 - this.render('page.html.haml', { layout: 'super-cool-layout.html.ejs' })
2912 - this.render('page.html.haml', { layout: 'foo' }) // assumes 'foo.html.haml'
2913 - this.render('page.html.haml', { layout: false }) // no layout
2914 * Updated ext submodule
2915 * Updated haml submodule
2916 * Fixed EJS partial support by passing along the context. Issue #307
2921 * Fixed binary uploads.
2926 * Added charset support via Request#charset (automatically assigned to 'UTF-8' when respond()'s
2927 encoding is set to 'utf8' or 'utf-8'.
2928 * Added "encoding" option to Request#render(). Closes #299
2929 * Added "dump exceptions" setting, which is enabled by default.
2930 * Added simple ejs template engine support
2931 * Added error response support for text/plain, application/json. Closes #297
2932 * Added callback function param to Request#error()
2933 * Added Request#sendHead()
2934 * Added Request#stream()
2935 * Added support for Request#respond(304, null) for empty response bodies
2936 * Added ETag support to Request#sendfile()
2937 * Added options to Request#sendfile(), passed to fs.createReadStream()
2938 * Added filename arg to Request#download()
2939 * Performance enhanced due to pre-reversing plugins so that plugins.reverse() is not called on each request
2940 * Performance enhanced by preventing several calls to toLowerCase() in Router#match()
2941 * Changed; Request#sendfile() now streams
2942 * Changed; Renamed Request#halt() to Request#respond(). Closes #289
2943 * Changed; Using sys.inspect() instead of JSON.encode() for error output
2944 * Changed; run() returns the http.Server instance. Closes #298
2945 * Changed; Defaulting Server#host to null (INADDR_ANY)
2946 * Changed; Logger "common" format scale of 0.4f
2947 * Removed Logger "request" format
2948 * Fixed; Catching ENOENT in view caching, preventing error when "views/partials" is not found
2949 * Fixed several issues with http client
2950 * Fixed Logger Content-Length output
2951 * Fixed bug preventing Opera from retaining the generated session id. Closes #292
2956 * Added DSL level error() route support
2957 * Added DSL level notFound() route support
2958 * Added Request#error()
2959 * Added Request#notFound()
2960 * Added Request#render() callback function. Closes #258
2961 * Added "max upload size" setting
2962 * Added "magic" variables to collection partials (\_\_index\_\_, \_\_length\_\_, \_\_isFirst\_\_, \_\_isLast\_\_). Closes #254
2963 * Added [haml.js](http://github.com/visionmedia/haml.js) submodule; removed haml-js
2964 * Added callback function support to Request#halt() as 3rd/4th arg
2965 * Added preprocessing of route param wildcards using param(). Closes #251
2966 * Added view partial support (with collections etc)
2967 * Fixed bug preventing falsey params (such as ?page=0). Closes #286
2968 * Fixed setting of multiple cookies. Closes #199
2969 * Changed; view naming convention is now NAME.TYPE.ENGINE (for example page.html.haml)
2970 * Changed; session cookie is now httpOnly
2971 * Changed; Request is no longer global
2972 * Changed; Event is no longer global
2973 * Changed; "sys" module is no longer global
2974 * Changed; moved Request#download to Static plugin where it belongs
2975 * Changed; Request instance created before body parsing. Closes #262
2976 * Changed; Pre-caching views in memory when "cache view contents" is enabled. Closes #253
2977 * Changed; Pre-caching view partials in memory when "cache view partials" is enabled
2978 * Updated support to node --version 0.1.90
2979 * Updated dependencies
2980 * Removed set("session cookie") in favour of use(Session, { cookie: { ... }})
2981 * Removed utils.mixin(); use Object#mergeDeep()
2986 * Added coffeescript example app. Closes #242
2987 * Changed; cache api now async friendly. Closes #240
2988 * Removed deprecated 'express/static' support. Use 'express/plugins/static'
2993 * Added Request#isXHR. Closes #229
2994 * Added `make install` (for the executable)
2995 * Added `express` executable for setting up simple app templates
2996 * Added "GET /public/*" to Static plugin, defaulting to <root>/public
2997 * Added Static plugin
2998 * Fixed; Request#render() only calls cache.get() once
2999 * Fixed; Namespacing View caches with "view:"
3000 * Fixed; Namespacing Static caches with "static:"
3001 * Fixed; Both example apps now use the Static plugin
3002 * Fixed set("views"). Closes #239
3003 * Fixed missing space for combined log format
3004 * Deprecated Request#sendfile() and 'express/static'
3005 * Removed Server#running
3010 * Added Request#flash() support without args, now returns all flashes
3011 * Updated ext submodule
3016 * Fixed session reaper
3017 * Changed; class.js replacing js-oo Class implementation (quite a bit faster, no browser cruft)
3022 * Added package.json
3023 * Fixed requiring of haml / sass due to kiwi removal
3028 * Fixed GIT submodules (HAH!)
3033 * Changed; Express now using submodules again until a PM is adopted
3034 * Changed; chat example using millisecond conversions from ext
3039 * Added Request#pass() support (finds the next matching route, or the given path)
3040 * Added Logger plugin (default "common" format replaces CommonLogger)
3041 * Removed Profiler plugin
3042 * Removed CommonLogger plugin
3047 * Added seed.yml for kiwi package management support
3048 * Added HTTP client query string support when method is GET. Closes #205
3050 * Added support for arbitrary view engines.
3051 For example "foo.engine.html" will now require('engine'),
3052 the exports from this module are cached after the first require().
3054 * Added async plugin support
3056 * Removed usage of RESTful route funcs as http client
3057 get() etc, use http.get() and friends
3059 * Removed custom exceptions
3064 * Added ext dependency (library of js extensions)
3065 * Removed extname() / basename() utils. Use path module
3066 * Removed toArray() util. Use arguments.values
3067 * Removed escapeRegexp() util. Use RegExp.escape()
3068 * Removed process.mixin() dependency. Use utils.mixin()
3069 * Removed Collection
3070 * Removed ElementCollection
3071 * Shameless self promotion of ebook "Advanced JavaScript" (http://dev-mag.com) ;)
3076 * Added flash() example to sample upload app
3077 * Added high level restful http client module (express/http)
3078 * Changed; RESTful route functions double as HTTP clients. Closes #69
3079 * Changed; throwing error when routes are added at runtime
3080 * Changed; defaulting render() context to the current Request. Closes #197
3081 * Updated haml submodule
3086 * Updated haml / sass submodules. Closes #200
3087 * Added flash message support. Closes #64
3088 * Added accepts() now allows multiple args. fixes #117
3089 * Added support for plugins to halt. Closes #189
3090 * Added alternate layout support. Closes #119
3091 * Removed Route#run(). Closes #188
3092 * Fixed broken specs due to use(Cookie) missing
3097 * Added "plot" format option for Profiler (for gnuplot processing)
3098 * Added request number to Profiler plugin
3099 * Fixed binary encoding for multi-part file uploads, was previously defaulting to UTF8
3100 * Fixed issue with routes not firing when not files are present. Closes #184
3101 * Fixed process.Promise -> events.Promise
3106 * Added parseParam() support for name[] etc. (allows for file inputs with "multiple" attr) Closes #180
3107 * Added Both Cache and Session option "reapInterval" may be "reapEvery". Closes #174
3108 * Added expiration support to cache api with reaper. Closes #133
3109 * Added cache Store.Memory#reap()
3110 * Added Cache; cache api now uses first class Cache instances
3111 * Added abstract session Store. Closes #172
3112 * Changed; cache Memory.Store#get() utilizing Collection
3113 * Renamed MemoryStore -> Store.Memory
3114 * Fixed use() of the same plugin several time will always use latest options. Closes #176
3119 * Changed; Hooks (before / after) pass request as arg as well as evaluated in their context
3120 * Updated node support to 0.1.27 Closes #169
3121 * Updated dirname(__filename) -> __dirname
3122 * Updated libxmljs support to v0.2.0
3123 * Added session support with memory store / reaping
3124 * Added quick uid() helper
3125 * Added multi-part upload support
3126 * Added Sass.js support / submodule
3127 * Added production env caching view contents and static files
3128 * Added static file caching. Closes #136
3129 * Added cache plugin with memory stores
3130 * Added support to StaticFile so that it works with non-textual files.
3131 * Removed dirname() helper
3132 * Removed several globals (now their modules must be required)
3137 * Added view benchmarks; currently haml vs ejs
3138 * Added Request#attachment() specs. Closes #116
3139 * Added use of node's parseQuery() util. Closes #123
3140 * Added `make init` for submodules
3142 * Updated sample chat app to show messages on load
3143 * Updated libxmljs parseString -> parseHtmlString
3144 * Fixed `make init` to work with older versions of git
3145 * Fixed specs can now run independent specs for those who cant build deps. Closes #127
3146 * Fixed issues introduced by the node url module changes. Closes 126.
3147 * Fixed two assertions failing due to Collection#keys() returning strings
3148 * Fixed faulty Collection#toArray() spec due to keys() returning strings
3149 * Fixed `make test` now builds libxmljs.node before testing