4 * Add "root" option to `res.download`
5 * Deprecate string and non-integer arguments to `res.status`
6 * Ignore `Object.prototype` values in settings through `app.set`/`app.get`
7 * Support proper 205 responses using `res.send`
8 * deps: finalhandler@1.2.0
9 - Remove set content headers that break response
10 - deps: on-finished@2.4.1
11 - deps: statuses@2.0.1
13 - Fix emitted 416 error missing headers property
14 - Limit the headers removed for 304 response
17 - deps: http-errors@2.0.0
18 - deps: on-finished@2.4.1
19 - deps: statuses@2.0.1
20 * deps: serve-static@1.15.0
26 * deps: accepts@~1.3.8
27 - deps: mime-types@~2.1.34
28 - deps: negotiator@0.6.3
29 * deps: body-parser@1.19.2
32 - deps: raw-body@2.4.3
35 * Fix handling of `__proto__` keys
36 * pref: remove unnecessary regexp for trust proxy
41 * Fix handling of `undefined` in `res.jsonp`
42 * Fix handling of `undefined` when `"json escape"` is enabled
43 * Fix incorrect middleware execution with unanchored `RegExp`s
44 * Fix `res.jsonp(obj, status)` deprecation message
45 * Fix typo in `res.is` JSDoc
46 * deps: body-parser@1.19.1
48 - deps: http-errors@1.8.1
50 - deps: raw-body@2.4.2
51 - deps: safe-buffer@5.2.1
52 - deps: type-is@~1.6.18
53 * deps: content-disposition@0.5.4
54 - deps: safe-buffer@5.2.1
56 - Fix `maxAge` option to reject invalid values
57 * deps: proxy-addr@~2.0.7
58 - Use `req.socket` over deprecated `req.connection`
59 - deps: forwarded@0.2.0
60 - deps: ipaddr.js@1.9.1
62 * deps: safe-buffer@5.2.1
64 - deps: http-errors@1.8.1
66 - pref: ignore empty http tokens
67 * deps: serve-static@1.14.2
69 * deps: setprototypeof@1.2.0
74 * Revert "Improve error message for `null`/`undefined` to `res.status`"
79 * Add `express.raw` to parse bodies into `Buffer`
80 * Add `express.text` to parse bodies into string
81 * Improve error message for non-strings to `res.sendFile`
82 * Improve error message for `null`/`undefined` to `res.status`
83 * Support multiple hosts in `X-Forwarded-Host`
84 * deps: accepts@~1.3.7
85 * deps: body-parser@1.19.0
87 - Add petabyte (`pb`) support
88 - Fix parsing array brackets after index
90 - deps: http-errors@1.7.2
91 - deps: iconv-lite@0.4.24
93 - deps: raw-body@2.4.0
94 - deps: type-is@~1.6.17
95 * deps: content-disposition@0.5.3
97 - Add `SameSite=None` support
98 * deps: finalhandler@~1.1.2
99 - Set stricter `Content-Security-Policy` header
100 - deps: parseurl@~1.3.3
101 - deps: statuses@~1.5.0
102 * deps: parseurl@~1.3.3
103 * deps: proxy-addr@~2.0.5
104 - deps: ipaddr.js@1.9.0
106 - Fix parsing array brackets after index
107 * deps: range-parser@~1.2.1
109 - Set stricter CSP header in redirect & error responses
110 - deps: http-errors@~1.7.2
113 - deps: range-parser@~1.2.1
114 - deps: statuses@~1.5.0
115 - perf: remove redundant `path.normalize` call
116 * deps: serve-static@1.14.1
117 - Set stricter CSP header in redirect response
118 - deps: parseurl@~1.3.3
120 * deps: setprototypeof@1.1.1
121 * deps: statuses@~1.5.0
122 - Add `103 Early Hints`
123 * deps: type-is@~1.6.18
124 - deps: mime-types@~2.1.24
125 - perf: prevent internal `throw` on invalid type
130 * Fix issue where `"Request aborted"` may be logged in `res.sendfile`
131 * Fix JSDoc for `Router` constructor
132 * deps: body-parser@1.18.3
133 - Fix deprecation warnings on Node.js 10+
134 - Fix stack trace for strict json parse error
136 - deps: http-errors@~1.6.3
137 - deps: iconv-lite@0.4.23
139 - deps: raw-body@2.3.3
140 - deps: type-is@~1.6.16
141 * deps: proxy-addr@~2.0.4
142 - deps: ipaddr.js@1.8.0
144 * deps: safe-buffer@5.1.2
149 * deps: accepts@~1.3.5
150 - deps: mime-types@~2.1.18
152 - perf: remove argument reassignment
153 * deps: encodeurl@~1.0.2
154 - Fix encoding `%` as last character
155 * deps: finalhandler@1.1.1
156 - Fix 404 output for bad / missing pathnames
157 - deps: encodeurl@~1.0.2
158 - deps: statuses@~1.4.0
159 * deps: proxy-addr@~2.0.3
160 - deps: ipaddr.js@1.6.0
162 - Fix incorrect end tag in default error & redirects
164 - deps: encodeurl@~1.0.2
165 - deps: statuses@~1.4.0
166 * deps: serve-static@1.13.2
167 - Fix incorrect end tag in redirects
168 - deps: encodeurl@~1.0.2
170 * deps: statuses@~1.4.0
171 * deps: type-is@~1.6.16
172 - deps: mime-types@~2.1.18
177 * Fix `TypeError` in `res.send` when given `Buffer` and `ETag` header set
178 * perf: skip parsing of entire `X-Forwarded-Proto` header
184 * deps: serve-static@1.13.1
185 - Fix regression when `root` is incorrectly set to a file
191 * Add `"json escape"` setting for `res.json` and `res.jsonp`
192 * Add `express.json` and `express.urlencoded` to parse bodies
193 * Add `options` argument to `res.download`
194 * Improve error message when autoloading invalid view engine
195 * Improve error messages when non-function provided as middleware
196 * Skip `Buffer` encoding when not generating ETag for small response
197 * Use `safe-buffer` for improved Buffer API
198 * deps: accepts@~1.3.4
199 - deps: mime-types@~2.1.16
200 * deps: content-type@~1.0.4
201 - perf: remove argument reassignment
202 - perf: skip parameter parsing when no parameters
204 - perf: replace regular expression with substring
205 * deps: finalhandler@1.1.0
206 - Use `res.headersSent` when available
207 * deps: parseurl@~1.3.2
208 - perf: reduce overhead for full URLs
209 - perf: unroll the "fast-path" `RegExp`
210 * deps: proxy-addr@~2.0.2
211 - Fix trimming leading / trailing OWS in `X-Forwarded-For`
212 - deps: forwarded@~0.1.2
213 - deps: ipaddr.js@1.5.2
214 - perf: reduce overhead when no `X-Forwarded-For` header
216 - Fix parsing & compacting very deep objects
218 - Add 70 new types for file extensions
219 - Add `immutable` option
220 - Fix missing `</html>` in default error & redirects
221 - Set charset as "UTF-8" for .js and .json
222 - Use instance methods on steam to check for listeners
224 - perf: improve path validation speed
225 * deps: serve-static@1.13.0
226 - Add 70 new types for file extensions
227 - Add `immutable` option
228 - Set charset as "UTF-8" for .js and .json
230 * deps: setprototypeof@1.1.0
231 * deps: utils-merge@1.0.1
233 - perf: improve header token parsing speed
234 * perf: re-use options object when generating ETags
235 * perf: remove dead `.charset` set in `res.jsonp`
241 * deps: finalhandler@~1.0.6
243 - deps: parseurl@~1.3.2
245 - Fix handling of modified headers with invalid dates
246 - perf: improve ETag match loop
247 - perf: improve `If-None-Match` token parsing
249 - Fix handling of modified headers with invalid dates
253 - perf: improve `If-Match` token parsing
254 * deps: serve-static@1.12.6
255 - deps: parseurl@~1.3.2
257 - perf: improve slash collapsing
264 - Remove unnecessary `Buffer` loading
265 * deps: finalhandler@~1.0.4
267 * deps: proxy-addr@~1.1.5
268 - Fix array argument being altered
269 - deps: ipaddr.js@1.4.0
274 - deps: http-errors@~1.6.2
275 * deps: serve-static@1.12.4
281 * Fix error when `res.set` cannot add charset to `Content-Type`
283 - Fix `DEBUG_MAX_ARRAY_LENGTH`
285 * deps: finalhandler@~1.0.3
286 - Fix missing `</html>` in HTML document
288 * deps: proxy-addr@~1.1.4
289 - deps: ipaddr.js@1.3.0
293 * deps: serve-static@1.12.3
295 * deps: type-is@~1.6.15
296 - deps: mime-types@~2.1.15
298 - perf: hoist regular expression
304 - Fix regression parsing keys starting with `[`
310 - Fix issue when `Date.parse` does not return `NaN` on invalid date
311 - Fix strict violation in broken environments
312 * deps: serve-static@1.12.1
313 - Fix issue when `Date.parse` does not return `NaN` on invalid date
319 * Add debug message when loading view engine
320 * Add `next("router")` to exit from router
321 * Fix case where `router.use` skipped requests routes did not
322 * Remove usage of `res._headers` private field
323 - Improves compatibility with Node.js 8 nightly
324 * Skip routing when `req.url` is not set
325 * Use `%o` in path debug to tell types apart
326 * Use `Object.create` to setup request & response prototypes
327 * Use `setprototypeof` module to replace `__proto__` setting
328 * Use `statuses` instead of `http` module for status messages
330 - Allow colors in workers
331 - Deprecated `DEBUG_FD` environment variable set to `3` or higher
332 - Fix error when running under React Native
333 - Use same color for same namespace
336 - Use SHA1 instead of MD5 for ETag hashing
337 - Works with FIPS 140-2 OpenSSL configuration
338 * deps: finalhandler@~1.0.0
339 - Fix exception when `err` cannot be converted to a string
340 - Fully URL-encode the pathname in the 404
341 - Only include the pathname in the 404 message
342 - Send complete HTML document
343 - Set `Content-Security-Policy: default-src 'self'` header
346 - Fix false detection of `no-cache` request directive
347 - Fix incorrect result when `If-None-Match` has both `*` and ETags
348 - Fix weak `ETag` matching to match spec
349 - perf: delay reading header values until needed
350 - perf: enable strict mode
351 - perf: hoist regular expressions
352 - perf: remove duplicate conditional
353 - perf: remove unnecessary boolean coercions
354 - perf: skip checking modified time if ETag check failed
355 - perf: skip parsing `If-None-Match` when no `ETag` header
356 - perf: use `Date.parse` instead of `new Date`
358 - Fix array parsing from skipping empty values
359 - Fix compacting nested arrays
361 - Fix false detection of `no-cache` request directive
362 - Fix incorrect result when `If-None-Match` has both `*` and ETags
363 - Fix weak `ETag` matching to match spec
364 - Remove usage of `res._headers` private field
365 - Support `If-Match` and `If-Unmodified-Since` headers
366 - Use `res.getHeaderNames()` when available
367 - Use `res.headersSent` when available
371 - deps: http-errors@~1.6.1
372 * deps: serve-static@1.12.0
373 - Fix false detection of `no-cache` request directive
374 - Fix incorrect result when `If-None-Match` has both `*` and ETags
375 - Fix weak `ETag` matching to match spec
376 - Remove usage of `res._headers` private field
377 - Send complete HTML document in redirect response
378 - Set default CSP header in redirect response
379 - Support `If-Match` and `If-Unmodified-Since` headers
380 - Use `res.getHeaderNames()` when available
381 - Use `res.headersSent` when available
383 * perf: add fast match path for `*` route
384 * perf: improve `req.ips` performance
389 * deps: content-disposition@0.5.2
390 * deps: finalhandler@0.5.1
391 - Fix exception when `err.headers` is not an object
392 - deps: statuses@~1.3.1
393 - perf: hoist regular expressions
394 - perf: remove duplicate validation path
395 * deps: proxy-addr@~1.1.3
396 - deps: ipaddr.js@1.2.0
398 - deps: http-errors@~1.5.1
400 - deps: statuses@~1.3.1
401 * deps: serve-static@~1.11.2
403 * deps: type-is@~1.6.14
404 - deps: mime-types@~2.1.13
409 * Add `acceptRanges` option to `res.sendFile`/`res.sendfile`
410 * Add `cacheControl` option to `res.sendFile`/`res.sendfile`
411 * Add `options` argument to `req.range`
412 - Includes the `combine` option
413 * Encode URL in `res.location`/`res.redirect` if not already encoded
414 * Fix some redirect handling in `res.sendFile`/`res.sendfile`
415 * Fix Windows absolute path check using forward slashes
416 * Improve error with invalid arguments to `req.get()`
417 * Improve performance for `res.json`/`res.jsonp` in most cases
418 * Improve `Range` header handling in `res.sendFile`/`res.sendfile`
419 * deps: accepts@~1.3.3
420 - Fix including type extensions in parameters in `Accept` parsing
421 - Fix parsing `Accept` parameters with quoted equals
422 - Fix parsing `Accept` parameters with quoted semicolons
423 - Many performance improvements
424 - deps: mime-types@~2.1.11
425 - deps: negotiator@0.6.1
426 * deps: content-type@~1.0.2
427 - perf: enable strict mode
429 - Add `sameSite` option
430 - Fix cookie `Max-Age` to never be a floating point number
431 - Improve error message when `encode` is not a function
432 - Improve error message when `expires` is not a `Date`
433 - Throw better error for invalid argument to parse
434 - Throw on invalid values provided to `serialize`
435 - perf: enable strict mode
436 - perf: hoist regular expression
437 - perf: use for loop in parse
438 - perf: use string concatenation for serialization
439 * deps: finalhandler@0.5.0
440 - Change invalid or non-numeric status code to 500
441 - Overwrite status message to match set status code
442 - Prefer `err.statusCode` if `err.status` is invalid
443 - Set response headers from `err.headers` object
444 - Use `statuses` instead of `http` module for status messages
445 * deps: proxy-addr@~1.1.2
446 - Fix accepting various invalid netmasks
447 - Fix IPv6-mapped IPv4 validation edge cases
448 - IPv4 netmasks must be contiguous
449 - IPv6 addresses cannot be used as a netmask
450 - deps: ipaddr.js@1.1.1
452 - Add `decoder` option in `parse` function
453 * deps: range-parser@~1.2.0
454 - Add `combine` option to combine overlapping ranges
455 - Fix incorrectly returning -1 when there is at least one valid range
456 - perf: remove internal function
458 - Add `acceptRanges` option
459 - Add `cacheControl` option
460 - Attempt to combine multiple ranges into single range
461 - Correctly inherit from `Stream` class
462 - Fix `Content-Range` header in 416 responses when using `start`/`end` options
463 - Fix `Content-Range` header missing from default 416 responses
464 - Fix redirect error when `path` contains raw non-URL characters
465 - Fix redirect when `path` starts with multiple forward slashes
466 - Ignore non-byte `Range` headers
467 - deps: http-errors@~1.5.0
468 - deps: range-parser@~1.2.0
469 - deps: statuses@~1.3.0
470 - perf: remove argument reassignment
471 * deps: serve-static@~1.11.1
472 - Add `acceptRanges` option
473 - Add `cacheControl` option
474 - Attempt to combine multiple ranges into single range
475 - Fix redirect error when `req.url` contains raw non-URL characters
476 - Ignore non-byte `Range` headers
477 - Use status code 301 for redirects
479 * deps: type-is@~1.6.13
480 - Fix type error when given invalid type to match against
481 - deps: mime-types@~2.1.11
483 - Only accept valid field names in the `field` argument
484 * perf: use strict equality when possible
489 * deps: content-disposition@0.5.1
490 - perf: enable strict mode
492 - Throw on invalid values provided to `serialize`
494 - Support web browser loading
495 - perf: enable strict mode
496 * deps: escape-html@~1.0.3
497 - perf: enable strict mode
498 - perf: optimize string replacement
499 - perf: use faster string coercion
500 * deps: finalhandler@0.4.1
501 - deps: escape-html@~1.0.3
502 * deps: merge-descriptors@1.0.1
503 - perf: enable strict mode
504 * deps: methods@~1.1.2
505 - perf: enable strict mode
506 * deps: parseurl@~1.3.1
507 - perf: enable strict mode
508 * deps: proxy-addr@~1.0.10
509 - deps: ipaddr.js@1.0.5
510 - perf: enable strict mode
511 * deps: range-parser@~1.0.3
512 - perf: enable strict mode
515 - deps: destroy@~1.0.4
516 - deps: escape-html@~1.0.3
517 - deps: range-parser@~1.0.3
518 * deps: serve-static@~1.10.2
519 - deps: escape-html@~1.0.3
520 - deps: parseurl@~1.3.0
526 * Fix infinite loop condition using `mergeParams: true`
527 * Fix inner numeric indices incorrectly altering parent `req.params`
532 * deps: accepts@~1.2.12
533 - deps: mime-types@~2.1.4
534 * deps: array-flatten@1.1.1
535 - perf: enable strict mode
536 * deps: path-to-regexp@0.1.7
537 - Fix regression with escaped round brackets and matching groups
538 * deps: type-is@~1.6.6
539 - deps: mime-types@~2.1.4
544 * deps: accepts@~1.2.10
545 - deps: mime-types@~2.1.2
547 - Fix dropping parameters like `hasOwnProperty`
548 - Fix various parsing edge cases
549 * deps: type-is@~1.6.4
550 - deps: mime-types@~2.1.2
551 - perf: enable strict mode
552 - perf: remove argument reassignment
557 * Add settings to debug output
558 * Fix `res.format` error when only `default` provided
559 * Fix issue where `next('route')` in `app.param` would incorrectly skip values
560 * Fix hiding platform issues with `decodeURIComponent`
561 - Only `URIError`s are a 400
562 * Fix using `*` before params in routes
563 * Fix using capture groups before params in routes
564 * Simplify `res.cookie` to call `res.append`
565 * Use `array-flatten` module for flattening arrays
566 * deps: accepts@~1.2.9
567 - deps: mime-types@~2.1.1
568 - perf: avoid argument reassignment & argument slice
569 - perf: avoid negotiator recursive construction
570 - perf: enable strict mode
571 - perf: remove unnecessary bitwise operator
573 - perf: deduce the scope of try-catch deopt
574 - perf: remove argument reassignments
575 * deps: escape-html@1.0.2
577 - Always include entity length in ETags for hash length extensions
578 - Generate non-Stats ETags using MD5 only (no longer CRC32)
579 - Improve stat performance by removing hashing
580 - Improve support for JXcore
581 - Remove base64 padding in ETags to shorten
582 - Support "fake" stats objects in environments without fs
583 - Use MD5 instead of MD4 in weak ETags over 1KB
584 * deps: finalhandler@0.4.0
585 - Fix a false-positive when unpiping in Node.js 0.8
586 - Support `statusCode` property on `Error` objects
587 - Use `unpipe` module for unpiping requests
588 - deps: escape-html@1.0.2
589 - deps: on-finished@~2.3.0
590 - perf: enable strict mode
591 - perf: remove argument reassignment
593 - Add weak `ETag` matching support
594 * deps: on-finished@~2.3.0
595 - Add defined behavior for HTTP `CONNECT` requests
596 - Add defined behavior for HTTP `Upgrade` requests
597 - deps: ee-first@1.1.1
598 * deps: path-to-regexp@0.1.6
600 - Allow Node.js HTTP server to set `Date` response header
601 - Fix incorrectly removing `Content-Location` on 304 response
602 - Improve the default redirect response headers
603 - Send appropriate headers on default error response
604 - Use `http-errors` for standard emitted errors
605 - Use `statuses` instead of `http` module for status messages
606 - deps: escape-html@1.0.2
609 - deps: on-finished@~2.3.0
610 - perf: enable strict mode
611 - perf: remove unnecessary array allocations
612 * deps: serve-static@~1.10.0
613 - Add `fallthrough` option
614 - Fix reading options from options prototype
615 - Improve the default redirect response headers
616 - Malformed URLs now `next()` instead of 400
617 - deps: escape-html@1.0.2
619 - perf: enable strict mode
620 - perf: remove argument reassignment
621 * deps: type-is@~1.6.3
622 - deps: mime-types@~2.1.1
623 - perf: reduce try block size
624 - perf: remove bitwise operations
625 * perf: enable strict mode
626 * perf: isolate `app.render` try block
627 * perf: remove argument reassignments in application
628 * perf: remove argument reassignments in request prototype
629 * perf: remove argument reassignments in response prototype
630 * perf: remove argument reassignments in routing
631 * perf: remove argument reassignments in `View`
632 * perf: skip attempting to decode zero length string
633 * perf: use saved reference to `http.STATUS_CODES`
638 * deps: accepts@~1.2.7
639 - deps: mime-types@~2.0.11
640 - deps: negotiator@0.5.3
645 - Improve support for JXcore
646 - Support "fake" stats objects in environments without `fs`
647 * deps: finalhandler@0.3.6
649 - deps: on-finished@~2.2.1
650 * deps: on-finished@~2.2.1
651 - Fix `isFinished(req)` when data buffered
652 * deps: proxy-addr@~1.0.8
653 - deps: ipaddr.js@1.0.1
655 - Fix allowing parameters like `constructor`
661 - deps: on-finished@~2.2.1
662 * deps: serve-static@~1.9.3
664 * deps: type-is@~1.6.2
665 - deps: mime-types@~2.0.11
670 * deps: accepts@~1.2.5
671 - deps: mime-types@~2.0.10
673 - Fix high intensity foreground color for bold
675 * deps: finalhandler@0.3.4
677 * deps: proxy-addr@~1.0.7
678 - deps: ipaddr.js@0.1.9
680 - Fix error when parameter `hasOwnProperty` is present
682 - Throw errors early for invalid `extensions` or `index` options
684 * deps: serve-static@~1.9.2
686 * deps: type-is@~1.6.1
687 - deps: mime-types@~2.0.10
692 * Fix regression where `"Request aborted"` is logged using `res.sendFile`
697 * Fix constructing application with non-configurable prototype properties
698 * Fix `ECONNRESET` errors from `res.sendFile` usage
699 * Fix `req.host` when using "trust proxy" hops count
700 * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
701 * Fix wrong `code` on aborted connections from `res.sendFile`
702 * deps: merge-descriptors@1.0.0
707 * Fix `"trust proxy"` setting to inherit when app is mounted
708 * Generate `ETag`s for all request responses
709 - No longer restricted to only responses for `GET` and `HEAD` requests
710 * Use `content-type` to parse `Content-Type` headers
711 * deps: accepts@~1.2.4
712 - Fix preference sorting to be stable for long acceptable lists
713 - deps: mime-types@~2.0.9
714 - deps: negotiator@0.5.1
715 * deps: cookie-signature@1.0.6
717 - Always read the stat size from the file
718 - Fix mutating passed-in `options`
720 * deps: serve-static@~1.9.1
722 * deps: type-is@~1.6.0
723 - fix argument reassignment
724 - fix false-positives in `hasBody` `Transfer-Encoding` check
725 - support wildcard for both type and subtype (`*/*`)
726 - deps: mime-types@~2.0.9
731 * Fix `res.redirect` double-calling `res.end` for `HEAD` requests
732 * deps: accepts@~1.2.3
733 - deps: mime-types@~2.0.8
734 * deps: proxy-addr@~1.0.6
735 - deps: ipaddr.js@0.1.8
736 * deps: type-is@~1.5.6
737 - deps: mime-types@~2.0.8
743 - Fix root path disclosure
744 * deps: serve-static@~1.8.1
745 - Fix redirect loop in Node.js 0.11.14
746 - Fix root path disclosure
752 * Add `res.append(field, val)` to append headers
753 * Deprecate leading `:` in `name` for `app.param(name, fn)`
754 * Deprecate `req.param()` -- use `req.params`, `req.body`, or `req.query` instead
755 * Deprecate `app.param(fn)`
756 * Fix `OPTIONS` responses to include the `HEAD` method properly
757 * Fix `res.sendFile` not always detecting aborted connection
758 * Match routes iteratively to prevent stack overflows
759 * deps: accepts@~1.2.2
760 - deps: mime-types@~2.0.7
761 - deps: negotiator@0.5.0
766 - deps: on-finished@~2.2.0
767 * deps: serve-static@~1.8.0
773 * Fix crash from error within `OPTIONS` response handler
774 * deps: proxy-addr@~1.0.5
775 - deps: ipaddr.js@0.1.6
780 * Fix `Allow` header for `OPTIONS` to not contain duplicate methods
781 * Fix incorrect "Request aborted" for `res.sendFile` when `HEAD` or 304
783 * deps: finalhandler@0.3.3
785 - deps: on-finished@~2.2.0
786 * deps: methods@~1.1.1
787 * deps: on-finished@~2.2.0
788 * deps: serve-static@~1.7.2
789 - Fix potential open redirect when mounted at root
790 * deps: type-is@~1.5.5
791 - deps: mime-types@~2.0.7
796 * Fix exception in `req.fresh`/`req.stale` without response headers
801 * Fix `res.send` double-calling `res.end` for `HEAD` requests
802 * deps: accepts@~1.1.4
803 - deps: mime-types@~2.0.4
804 * deps: type-is@~1.5.4
805 - deps: mime-types@~2.0.4
810 * Fix `res.sendfile` logging standard write errors
815 * Fix `res.sendFile` logging standard write errors
817 * deps: proxy-addr@~1.0.4
818 - deps: ipaddr.js@0.1.5
820 - Fix `arrayLimit` behavior
825 * Correctly invoke async router callback asynchronously
826 * deps: accepts@~1.1.3
827 - deps: mime-types@~2.0.3
828 * deps: type-is@~1.5.3
829 - deps: mime-types@~2.0.3
834 * Fix handling of URLs containing `://` in the path
836 - Fix parsing of mixed objects and values
841 * Add support for `app.set('views', array)`
842 - Views are looked up in sequence in array of directories
843 * Fix `res.send(status)` to mention `res.sendStatus(status)`
844 * Fix handling of invalid empty URLs
845 * Use `content-disposition` module for `res.attachment`/`res.download`
846 - Sends standards-compliant `Content-Disposition` header
847 - Full Unicode support
848 * Use `path.resolve` in view lookup
850 - Implement `DEBUG_FD` env variable support
853 - Improve string performance
854 - Slightly improve speed for weak ETags over 1KB
855 * deps: finalhandler@0.3.2
856 - Terminate in progress response only on error
857 - Use `on-finished` to determine request status
859 - deps: on-finished@~2.1.1
860 * deps: on-finished@~2.1.1
861 - Fix handling of pipelined requests
863 - Fix parsing of mixed implicit and explicit arrays
868 - deps: on-finished@~2.1.1
869 * deps: serve-static@~1.7.1
875 * Fix `res.redirect` body when redirect status specified
876 * deps: accepts@~1.1.2
877 - Fix error when media type has invalid parameter
878 - deps: negotiator@0.4.9
883 * Fix using same param name in array of paths
888 * deps: accepts@~1.1.1
889 - deps: mime-types@~2.0.2
890 - deps: negotiator@0.4.8
891 * deps: serve-static@~1.6.4
892 - Fix redirect loop when index file serving disabled
893 * deps: type-is@~1.5.2
894 - deps: mime-types@~2.0.2
900 * deps: proxy-addr@~1.0.3
901 - Use `forwarded` npm module
904 * deps: serve-static@~1.6.3
911 - Fix issue with object keys starting with numbers truncated
916 * deps: proxy-addr@~1.0.2
917 - Fix a global leak when multiple subnets are trusted
918 - deps: ipaddr.js@0.1.3
923 * Fix regression for empty string `path` in `app.use`
924 * Fix `router.use` to accept array of middleware without path
925 * Improve error message for bad `app.use` arguments
930 * Fix `app.use` to accept array of middleware without path
936 - deps: range-parser@~1.0.2
937 * deps: serve-static@~1.6.2
943 * Add `res.sendStatus`
944 * Invoke callback for sendfile when client aborts
945 - Applies to `res.sendFile`, `res.sendfile`, and `res.download`
946 - `err` will be populated with request aborted error
947 * Support IP address host in `req.subdomains`
948 * Use `etag` to generate `ETag` headers
949 * deps: accepts@~1.1.0
950 - update `mime-types`
951 * deps: cookie-signature@1.0.5
953 * deps: finalhandler@0.2.0
954 - Set `X-Content-Type-Options: nosniff` header
957 * deps: media-typer@0.3.0
958 - Throw error when parameter format invalid on parse
960 - Fix issue where first empty value in array is discarded
961 * deps: range-parser@~1.0.2
963 - Add `lastModified` option
964 - Use `etag` to generate `ETag` header
967 * deps: serve-static@~1.6.1
968 - Add `lastModified` option
970 * deps: type-is@~1.5.1
971 - fix `hasbody` to be true for `content-length: 0`
972 - deps: media-typer@0.3.0
973 - deps: mime-types@~2.0.1
975 - Accept valid `Vary` header string as `field`
981 - Fix a path traversal issue when using `root`
982 - Fix malicious path detection for empty string path
983 * deps: serve-static@~1.5.4
990 - Remove unnecessary cloning
997 - Performance improvements
1003 - deps: destroy@1.0.3
1004 - deps: on-finished@2.1.0
1005 * deps: serve-static@~1.5.3
1013 - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
1014 * deps: serve-static@~1.5.2
1020 * deps: parseurl@~1.3.0
1022 * deps: serve-static@~1.5.1
1023 - Fix parsing of weird `req.originalUrl` values
1024 - deps: parseurl@~1.3.0
1025 - deps: utils-merge@1.0.0
1031 - Fix parsing array of objects
1036 * fix incorrect deprecation warnings on `res.download`
1038 - Accept urlencoded square brackets
1039 - Accept empty values in implicit array notation
1044 * add `res.sendFile`
1045 - accepts a file system path instead of a URL
1046 - requires an absolute path or `root` option specified
1047 * deprecate `res.sendfile` -- use `res.sendFile` instead
1048 * support mounted app as any argument to `app.use()`
1051 - Limits array length to 20
1052 - Limits object depth to 5
1053 - Limits parameters to 1,000
1055 - Add `extensions` option
1056 * deps: serve-static@~1.5.0
1057 - Add `extensions` option
1063 * fix `res.sendfile` regression for serving directory index files
1065 - Fix incorrect 403 on Windows and Node.js 0.11
1066 - Fix serving index files without root dir
1067 * deps: serve-static@~1.4.4
1074 - Fix incorrect 403 on Windows and Node.js 0.11
1075 * deps: serve-static@~1.4.3
1076 - Fix incorrect 403 on Windows and Node.js 0.11
1083 - Work-around v8 generating empty stack traces
1086 * deps: serve-static@~1.4.2
1092 - Fix exception when global `Error.stackTraceLimit` is too low
1095 * deps: serve-static@~1.4.1
1100 * fix `req.protocol` for proxy-direct connections
1101 * configurable query parser with `app.set('query parser', parser)`
1102 - `app.set('query parser', 'extended')` parse with "qs" module
1103 - `app.set('query parser', 'simple')` parse with "querystring" core module
1104 - `app.set('query parser', false)` disable query string parsing
1105 - `app.set('query parser', true)` enable simple parsing
1106 * deprecate `res.json(status, obj)` -- use `res.status(status).json(obj)` instead
1107 * deprecate `res.jsonp(status, obj)` -- use `res.status(status).jsonp(obj)` instead
1108 * deprecate `res.send(status, body)` -- use `res.status(status).send(body)` instead
1111 - Add `TRACE_DEPRECATION` environment variable
1112 - Remove non-standard grey color from color output
1113 - Support `--no-deprecation` argument
1114 - Support `--trace-deprecation` argument
1115 * deps: finalhandler@0.1.0
1116 - Respond after request fully read
1118 * deps: parseurl@~1.2.0
1119 - Cache URLs based on original value
1120 - Remove no-longer-needed URL mis-parse work-around
1121 - Simplify the "fast-path" `RegExp`
1123 - Add `dotfiles` option
1124 - Cap `maxAge` value to 1 year
1127 * deps: serve-static@~1.4.0
1128 - deps: parseurl@~1.2.0
1130 * perf: prevent multiple `Buffer` creation in `res.send`
1135 * fix `subapp.mountpath` regression for `app.use(subapp)`
1140 * accept multiple callbacks to `app.use()`
1141 * add explicit "Rosetta Flash JSONP abuse" protection
1142 - previous versions are not vulnerable; this is just explicit protection
1143 * catch errors in multiple `req.param(name, fn)` handlers
1144 * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
1145 * fix `res.send(status, num)` to send `num` as json (not error)
1146 * remove unnecessary escaping when `res.jsonp` returns JSON response
1147 * support non-string `path` in `app.use(path, fn)`
1148 - supports array of paths
1150 * router: fix optimization on router exit
1151 * router: refactor location of `try` blocks
1152 * router: speed up standard `app.use(fn)`
1154 - Add support for multiple wildcards in namespaces
1155 * deps: finalhandler@0.0.3
1157 * deps: methods@1.1.0
1159 * deps: parseurl@~1.1.3
1160 - faster parsing of href-only URLs
1161 * deps: path-to-regexp@0.1.3
1164 * deps: serve-static@~1.3.2
1165 - deps: parseurl@~1.1.3
1167 * perf: fix arguments reassign deopt in some `res` methods
1172 * fix routing regression when altering `req.method`
1177 * add deprecation message to non-plural `req.accepts*`
1178 * add deprecation message to `res.send(body, status)`
1179 * add deprecation message to `res.vary()`
1180 * add `headers` option to `res.sendfile`
1181 - use to set headers on successful file transfer
1182 * add `mergeParams` option to `Router`
1183 - merges `req.params` from parent routes
1184 * add `req.hostname` -- correct name for what `req.host` returns
1185 * deprecate things with `depd` module
1186 * deprecate `req.host` -- use `req.hostname` instead
1187 * fix behavior when handling request without routes
1188 * fix handling when `route.all` is only route
1189 * invoke `router.param()` only when route matches
1190 * restore `req.params` after invoking router
1191 * use `finalhandler` for final response handling
1192 * use `media-typer` to alter content-type charset
1193 * deps: accepts@~1.0.7
1195 - Accept string for `maxage` (converted by `ms`)
1196 - Include link in default redirect response
1197 * deps: serve-static@~1.3.0
1198 - Accept string for `maxAge` (converted by `ms`)
1199 - Add `setHeaders` option
1200 - Include HTML link in redirect response
1202 * deps: type-is@~1.3.2
1207 * deps: cookie-signature@1.0.4
1208 - fix for timing attacks
1213 * fix `res.attachment` Unicode filenames in Safari
1214 * fix "trim prefix" debug message in `express:router`
1215 * deps: accepts@~1.0.5
1216 * deps: buffer-crc32@0.2.3
1221 * fix persistence of modified `req.params[name]` from `app.param()`
1222 * deps: accepts@1.0.3
1223 - deps: negotiator@0.4.6
1226 - Do not throw uncatchable error on file open race condition
1227 - Use `escape-html` for HTML escaping
1229 - deps: finished@1.2.2
1231 * deps: serve-static@1.2.3
1232 - Do not throw uncatchable error on file open race condition
1238 * fix catching errors from top-level handlers
1239 * use `vary` module for `res.vary`
1241 * deps: proxy-addr@1.0.1
1243 - fix "event emitter leak" warnings
1245 - deps: finished@1.2.1
1246 * deps: serve-static@1.2.2
1247 - fix "event emitter leak" warnings
1249 * deps: type-is@1.2.1
1254 * deps: methods@1.0.1
1256 - Send `max-age` in `Cache-Control` in correct format
1257 * deps: serve-static@1.2.1
1258 - use `escape-html` for escaping
1264 * custom etag control with `app.set('etag', val)`
1265 - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
1266 - `app.set('etag', 'weak')` weak tag
1267 - `app.set('etag', 'strong')` strong etag
1268 - `app.set('etag', false)` turn off
1269 - `app.set('etag', true)` standard etag
1270 * mark `res.send` ETag as weak and reduce collisions
1271 * update accepts to 1.0.2
1272 - Fix interpretation when header not in request
1273 * update send to 0.4.0
1274 - Calculate ETag with md5 for reduced collisions
1275 - Ignore stream errors after request ends
1277 * update serve-static to 1.2.0
1278 - Calculate ETag with md5 for reduced collisions
1279 - Ignore stream errors after request ends
1285 * fix handling of errors from `router.param()` callbacks
1290 * revert "fix behavior of multiple `app.VERB` for the same path"
1291 - this caused a regression in the order of route execution
1296 * add `req.baseUrl` to access the path stripped from `req.url` in routes
1297 * fix behavior of multiple `app.VERB` for the same path
1298 * fix issue routing requests among sub routers
1299 * invoke `router.param()` only when necessary instead of every match
1300 * proper proxy trust with `app.set('trust proxy', trust)`
1301 - `app.set('trust proxy', 1)` trust first hop
1302 - `app.set('trust proxy', 'loopback')` trust loopback addresses
1303 - `app.set('trust proxy', '10.0.0.1')` trust single IP
1304 - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
1305 - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
1306 - `app.set('trust proxy', false)` turn off
1307 - `app.set('trust proxy', true)` trust everything
1308 * set proper `charset` in `Content-Type` for `res.send`
1309 * update type-is to 1.2.0
1310 - support suffix matching
1315 * deprecate `app.del()` -- use `app.delete()` instead
1316 * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
1317 - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
1318 * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
1319 - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
1320 * fix `req.next` when inside router instance
1321 * include `ETag` header in `HEAD` requests
1322 * keep previous `Content-Type` for `res.jsonp`
1323 * support PURGE method
1325 - add `router.purge`
1326 - include PURGE in `app.all`
1327 * update debug to 0.8.0
1328 - add `enable()` method
1329 - change from stderr to stdout
1330 * update methods to 1.0.0
1336 * fix `req.host` for IPv6 literals
1337 * fix `res.jsonp` error if callback param is object
1342 * fix package.json to reflect supported node version
1347 * pass options from `res.sendfile` to `send`
1348 * preserve casing of headers in `res.header` and `res.set`
1349 * support unicode file names in `res.attachment` and `res.download`
1350 * update accepts to 1.0.1
1351 - deps: negotiator@0.4.0
1352 * update cookie to 0.1.2
1353 - Fix for maxAge == 0
1354 - made compat with expires field
1355 * update send to 0.3.0
1356 - Accept API options in options object
1357 - Coerce option types
1358 - Control whether to generate etags
1359 - Default directory access to 403 when index disabled
1360 - Fix sending files with dots without root set
1361 - Include file path in etag
1362 - Make "Can't set headers after they are sent." catchable
1363 - Send full entity-body for multi range requests
1364 - Set etags to "weak"
1365 - Support "If-Range" header
1366 - Support multiple index paths
1368 * update serve-static to 1.1.0
1369 - Accept options directly to `send` module
1370 - Resolve relative paths at middleware setup
1371 - Use parseurl to parse the URL from request
1373 * update type-is to 1.1.0
1374 - add non-array values support
1375 - add `multipart` as a shorthand
1382 - connect and connect's patches except for charset handling
1383 - express(1) - moved to [express-generator](https://github.com/expressjs/generator)
1384 - `express.createServer()` - it has been deprecated for a long time. Use `express()`
1385 - `app.configure` - use logic in your own app code
1386 - `app.router` - is removed
1387 - `req.auth` - use `basic-auth` instead
1388 - `req.accepted*` - use `req.accepts*()` instead
1389 - `res.location` - relative URL resolution is removed
1390 - `res.charset` - include the charset in the content type when using `res.set()`
1391 - all bundled middleware except `static`
1393 - `app.route` -> `app.mountpath` when mounting an express app in another express app
1394 - `json spaces` no longer enabled by default in development
1395 - `req.accepts*` -> `req.accepts*s` - i.e. `req.acceptsEncoding` -> `req.acceptsEncodings`
1396 - `req.params` is now an object instead of an array
1397 - `res.locals` is no longer a function. It is a plain js object. Treat it as such.
1398 - `res.headerSent` -> `res.headersSent` to match node.js ServerResponse object
1400 - `req.accepts*` with [accepts](https://github.com/expressjs/accepts)
1401 - `req.is` with [type-is](https://github.com/expressjs/type-is)
1402 - [path-to-regexp](https://github.com/component/path-to-regexp)
1404 - `app.router()` - returns the app Router instance
1405 - `app.route()` - Proxy to the app's `Router#route()` method to create a new route
1406 - Router & Route - public API
1411 * deps: connect@2.30.2
1412 - deps: body-parser@~1.13.3
1413 - deps: compression@~1.5.2
1414 - deps: errorhandler@~1.4.2
1415 - deps: method-override@~2.3.5
1416 - deps: serve-index@~1.7.2
1417 - deps: type-is@~1.6.6
1418 - deps: vhost@~3.0.1
1420 - Fix setting empty header from empty `field`
1421 - perf: enable strict mode
1422 - perf: remove argument reassignments
1427 * deps: basic-auth@~1.0.3
1428 * deps: connect@2.30.1
1429 - deps: body-parser@~1.13.2
1430 - deps: compression@~1.5.1
1431 - deps: errorhandler@~1.4.1
1432 - deps: morgan@~1.6.1
1435 - deps: serve-index@~1.7.1
1436 - deps: type-is@~1.6.4
1441 * deps: basic-auth@1.0.2
1442 - perf: enable strict mode
1443 - perf: hoist regular expression
1444 - perf: parse with regular expressions
1445 - perf: remove argument reassignment
1446 * deps: connect@2.30.0
1447 - deps: body-parser@~1.13.1
1449 - deps: compression@~1.5.0
1450 - deps: cookie@0.1.3
1451 - deps: cookie-parser@~1.3.5
1452 - deps: csurf@~1.8.3
1453 - deps: errorhandler@~1.4.0
1454 - deps: express-session@~1.11.3
1455 - deps: finalhandler@0.4.0
1457 - deps: morgan@~1.6.0
1458 - deps: serve-favicon@~2.3.0
1459 - deps: serve-index@~1.7.0
1460 - deps: serve-static@~1.10.0
1461 - deps: type-is@~1.6.3
1462 * deps: cookie@0.1.3
1463 - perf: deduce the scope of try-catch deopt
1464 - perf: remove argument reassignments
1465 * deps: escape-html@1.0.2
1467 - Always include entity length in ETags for hash length extensions
1468 - Generate non-Stats ETags using MD5 only (no longer CRC32)
1469 - Improve stat performance by removing hashing
1470 - Improve support for JXcore
1471 - Remove base64 padding in ETags to shorten
1472 - Support "fake" stats objects in environments without fs
1473 - Use MD5 instead of MD4 in weak ETags over 1KB
1475 - Add weak `ETag` matching support
1476 * deps: mkdirp@0.5.1
1477 - Work in global strict mode
1479 - Allow Node.js HTTP server to set `Date` response header
1480 - Fix incorrectly removing `Content-Location` on 304 response
1481 - Improve the default redirect response headers
1482 - Send appropriate headers on default error response
1483 - Use `http-errors` for standard emitted errors
1484 - Use `statuses` instead of `http` module for status messages
1485 - deps: escape-html@1.0.2
1488 - deps: on-finished@~2.3.0
1489 - perf: enable strict mode
1490 - perf: remove unnecessary array allocations
1495 * deps: connect@2.29.2
1496 - deps: body-parser@~1.12.4
1497 - deps: compression@~1.4.4
1498 - deps: connect-timeout@~1.6.2
1499 - deps: debug@~2.2.0
1501 - deps: errorhandler@~1.3.6
1502 - deps: finalhandler@0.3.6
1503 - deps: method-override@~2.3.3
1504 - deps: morgan@~1.5.3
1506 - deps: response-time@~2.3.1
1507 - deps: serve-favicon@~2.2.1
1508 - deps: serve-index@~1.6.4
1509 - deps: serve-static@~1.9.3
1510 - deps: type-is@~1.6.2
1511 * deps: debug@~2.2.0
1514 * deps: proxy-addr@~1.0.8
1515 - deps: ipaddr.js@1.0.1
1517 - deps: debug@~2.2.0
1521 - deps: on-finished@~2.2.1
1526 * deps: connect@2.29.1
1527 - deps: body-parser@~1.12.2
1528 - deps: compression@~1.4.3
1529 - deps: connect-timeout@~1.6.1
1530 - deps: debug@~2.1.3
1531 - deps: errorhandler@~1.3.5
1532 - deps: express-session@~1.10.4
1533 - deps: finalhandler@0.3.4
1534 - deps: method-override@~2.3.2
1535 - deps: morgan@~1.5.2
1537 - deps: serve-index@~1.6.3
1538 - deps: serve-static@~1.9.2
1539 - deps: type-is@~1.6.1
1540 * deps: debug@~2.1.3
1541 - Fix high intensity foreground color for bold
1543 * deps: merge-descriptors@1.0.0
1544 * deps: proxy-addr@~1.0.7
1545 - deps: ipaddr.js@0.1.9
1547 - Throw errors early for invalid `extensions` or `index` options
1548 - deps: debug@~2.1.3
1553 * Fix `req.host` when using "trust proxy" hops count
1554 * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
1559 * Fix `"trust proxy"` setting to inherit when app is mounted
1560 * Generate `ETag`s for all request responses
1561 - No longer restricted to only responses for `GET` and `HEAD` requests
1562 * Use `content-type` to parse `Content-Type` headers
1563 * deps: connect@2.29.0
1564 - Use `content-type` to parse `Content-Type` headers
1565 - deps: body-parser@~1.12.0
1566 - deps: compression@~1.4.1
1567 - deps: connect-timeout@~1.6.0
1568 - deps: cookie-parser@~1.3.4
1569 - deps: cookie-signature@1.0.6
1570 - deps: csurf@~1.7.0
1571 - deps: errorhandler@~1.3.4
1572 - deps: express-session@~1.10.3
1573 - deps: http-errors@~1.3.1
1574 - deps: response-time@~2.3.0
1575 - deps: serve-index@~1.6.2
1576 - deps: serve-static@~1.9.1
1577 - deps: type-is@~1.6.0
1578 * deps: cookie-signature@1.0.6
1580 - Always read the stat size from the file
1581 - Fix mutating passed-in `options`
1587 * deps: connect@2.28.3
1588 - deps: compression@~1.3.1
1589 - deps: csurf@~1.6.6
1590 - deps: errorhandler@~1.3.3
1591 - deps: express-session@~1.10.2
1592 - deps: serve-index@~1.6.1
1593 - deps: type-is@~1.5.6
1594 * deps: proxy-addr@~1.0.6
1595 - deps: ipaddr.js@0.1.8
1600 * deps: connect@2.28.2
1601 - deps: body-parser@~1.10.2
1602 - deps: serve-static@~1.8.1
1604 - Fix root path disclosure
1609 * Fix `OPTIONS` responses to include the `HEAD` method property
1610 * Use `readline` for prompt in `express(1)`
1611 * deps: commander@2.6.0
1612 * deps: connect@2.28.1
1613 - deps: body-parser@~1.10.1
1614 - deps: compression@~1.3.0
1615 - deps: connect-timeout@~1.5.0
1616 - deps: csurf@~1.6.4
1617 - deps: debug@~2.1.1
1618 - deps: errorhandler@~1.3.2
1619 - deps: express-session@~1.10.1
1620 - deps: finalhandler@0.3.3
1621 - deps: method-override@~2.3.1
1622 - deps: morgan@~1.5.1
1623 - deps: serve-favicon@~2.2.0
1624 - deps: serve-index@~1.6.0
1625 - deps: serve-static@~1.8.0
1626 - deps: type-is@~1.5.5
1627 * deps: debug@~2.1.1
1628 * deps: methods@~1.1.1
1629 * deps: proxy-addr@~1.0.5
1630 - deps: ipaddr.js@0.1.6
1632 - deps: debug@~2.1.1
1635 - deps: on-finished@~2.2.0
1640 * Fix exception in `req.fresh`/`req.stale` without response headers
1645 * deps: connect@2.27.6
1646 - deps: compression@~1.2.2
1647 - deps: express-session@~1.9.3
1648 - deps: http-errors@~1.2.8
1649 - deps: serve-index@~1.5.3
1650 - deps: type-is@~1.5.4
1655 * deps: connect@2.27.4
1656 - deps: body-parser@~1.9.3
1657 - deps: compression@~1.2.1
1658 - deps: errorhandler@~1.2.3
1659 - deps: express-session@~1.9.2
1661 - deps: serve-favicon@~2.1.7
1662 - deps: serve-static@~1.5.1
1663 - deps: type-is@~1.5.3
1665 * deps: proxy-addr@~1.0.4
1666 - deps: ipaddr.js@0.1.5
1671 * deps: connect@2.27.3
1672 - Correctly invoke async callback asynchronously
1673 - deps: csurf@~1.6.3
1678 * deps: connect@2.27.2
1679 - Fix handling of URLs containing `://` in the path
1680 - deps: body-parser@~1.9.2
1686 * Fix internal `utils.merge` deprecation warnings
1687 * deps: connect@2.27.1
1688 - deps: body-parser@~1.9.1
1689 - deps: express-session@~1.9.1
1690 - deps: finalhandler@0.3.2
1691 - deps: morgan@~1.4.1
1693 - deps: serve-static@~1.7.1
1695 - deps: on-finished@~2.1.1
1700 * Use `content-disposition` module for `res.attachment`/`res.download`
1701 - Sends standards-compliant `Content-Disposition` header
1702 - Full Unicode support
1703 * Use `etag` module to generate `ETag` headers
1704 * deps: connect@2.27.0
1705 - Use `http-errors` module for creating errors
1706 - Use `utils-merge` module for merging objects
1707 - deps: body-parser@~1.9.0
1708 - deps: compression@~1.2.0
1709 - deps: connect-timeout@~1.4.0
1710 - deps: debug@~2.1.0
1712 - deps: express-session@~1.9.0
1713 - deps: finalhandler@0.3.1
1714 - deps: method-override@~2.3.0
1715 - deps: morgan@~1.4.0
1716 - deps: response-time@~2.2.0
1717 - deps: serve-favicon@~2.1.6
1718 - deps: serve-index@~1.5.0
1719 - deps: serve-static@~1.7.0
1720 * deps: debug@~2.1.0
1721 - Implement `DEBUG_FD` env variable support
1724 - deps: debug@~2.1.0
1731 * deps: connect@2.26.6
1732 - deps: compression@~1.1.2
1733 - deps: csurf@~1.6.2
1734 - deps: errorhandler@~1.2.2
1739 * deps: connect@2.26.5
1740 - Fix accepting non-object arguments to `logger`
1741 - deps: serve-static@~1.6.4
1746 * deps: connect@2.26.4
1747 - deps: morgan@~1.3.2
1748 - deps: type-is@~1.5.2
1753 * deps: connect@2.26.3
1754 - deps: body-parser@~1.8.4
1755 - deps: serve-favicon@~2.1.5
1756 - deps: serve-static@~1.6.3
1757 * deps: proxy-addr@~1.0.3
1758 - Use `forwarded` npm module
1765 * deps: connect@2.26.2
1766 - deps: body-parser@~1.8.3
1772 * deps: proxy-addr@~1.0.2
1773 - Fix a global leak when multiple subnets are trusted
1774 - deps: ipaddr.js@0.1.3
1779 * Use `crc` instead of `buffer-crc32` for speed
1780 * deps: connect@2.26.1
1781 - deps: body-parser@~1.8.2
1783 - deps: express-session@~1.8.2
1784 - deps: morgan@~1.3.1
1785 - deps: serve-favicon@~2.1.3
1786 - deps: serve-static@~1.6.2
1791 - deps: range-parser@~1.0.2
1796 * Fix error in `req.subdomains` on empty host
1801 * Support `X-Forwarded-Host` in `req.subdomains`
1802 * Support IP address host in `req.subdomains`
1803 * deps: connect@2.26.0
1804 - deps: body-parser@~1.8.1
1805 - deps: compression@~1.1.0
1806 - deps: connect-timeout@~1.3.0
1807 - deps: cookie-parser@~1.3.3
1808 - deps: cookie-signature@1.0.5
1809 - deps: csurf@~1.6.1
1810 - deps: debug@~2.0.0
1811 - deps: errorhandler@~1.2.0
1812 - deps: express-session@~1.8.1
1813 - deps: finalhandler@0.2.0
1815 - deps: media-typer@0.3.0
1816 - deps: method-override@~2.2.0
1817 - deps: morgan@~1.3.0
1819 - deps: serve-favicon@~2.1.3
1820 - deps: serve-index@~1.2.1
1821 - deps: serve-static@~1.6.1
1822 - deps: type-is@~1.5.1
1823 - deps: vhost@~3.0.0
1824 * deps: cookie-signature@1.0.5
1825 * deps: debug@~2.0.0
1827 * deps: media-typer@0.3.0
1828 - Throw error when parameter format invalid on parse
1829 * deps: range-parser@~1.0.2
1831 - Add `lastModified` option
1832 - Use `etag` to generate `ETag` header
1833 - deps: debug@~2.0.0
1836 - Accept valid `Vary` header string as `field`
1838 3.16.10 / 2014-09-04
1839 ====================
1841 * deps: connect@2.25.10
1842 - deps: serve-static@~1.5.4
1844 - Fix a path traversal issue when using `root`
1845 - Fix malicious path detection for empty string path
1850 * deps: connect@2.25.9
1851 - deps: body-parser@~1.6.7
1857 * deps: connect@2.25.8
1858 - deps: body-parser@~1.6.6
1859 - deps: csurf@~1.4.1
1865 * deps: connect@2.25.7
1866 - deps: body-parser@~1.6.5
1867 - deps: express-session@~1.7.6
1868 - deps: morgan@~1.2.3
1869 - deps: serve-static@~1.5.3
1871 - deps: destroy@1.0.3
1872 - deps: on-finished@2.1.0
1877 * deps: connect@2.25.6
1878 - deps: body-parser@~1.6.4
1880 - deps: serve-static@~1.5.2
1882 - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
1887 * deps: connect@2.25.5
1888 - Fix backwards compatibility in `logger`
1893 * Fix original URL parsing in `res.location`
1894 * deps: connect@2.25.4
1895 - Fix `query` middleware breaking with argument
1896 - deps: body-parser@~1.6.3
1897 - deps: compression@~1.0.11
1898 - deps: connect-timeout@~1.2.2
1899 - deps: express-session@~1.7.5
1900 - deps: method-override@~2.1.3
1901 - deps: on-headers@~1.0.0
1902 - deps: parseurl@~1.3.0
1904 - deps: response-time@~2.0.1
1905 - deps: serve-index@~1.1.6
1906 - deps: serve-static@~1.5.1
1907 * deps: parseurl@~1.3.0
1912 * deps: connect@2.25.3
1913 - deps: multiparty@3.3.2
1918 * deps: connect@2.25.2
1919 - deps: body-parser@~1.6.2
1925 * deps: connect@2.25.1
1926 - deps: body-parser@~1.6.1
1932 * deps: connect@2.25.0
1933 - deps: body-parser@~1.6.0
1934 - deps: compression@~1.0.10
1935 - deps: csurf@~1.4.0
1936 - deps: express-session@~1.7.4
1938 - deps: serve-static@~1.5.0
1940 - Add `extensions` option
1945 * fix `res.sendfile` regression for serving directory index files
1946 * deps: connect@2.24.3
1947 - deps: serve-index@~1.1.5
1948 - deps: serve-static@~1.4.4
1950 - Fix incorrect 403 on Windows and Node.js 0.11
1951 - Fix serving index files without root dir
1956 * deps: connect@2.24.2
1957 - deps: body-parser@~1.5.2
1959 - deps: express-session@~1.7.2
1960 - deps: morgan@~1.2.2
1961 - deps: serve-static@~1.4.2
1963 - Work-around v8 generating empty stack traces
1970 * deps: connect@2.24.1
1971 - deps: body-parser@~1.5.1
1973 - deps: express-session@~1.7.1
1974 - deps: morgan@~1.2.1
1975 - deps: serve-index@~1.1.4
1976 - deps: serve-static@~1.4.1
1978 - Fix exception when global `Error.stackTraceLimit` is too low
1985 * Fix `req.protocol` for proxy-direct connections
1986 * Pass options from `res.sendfile` to `send`
1987 * deps: connect@2.24.0
1988 - deps: body-parser@~1.5.0
1989 - deps: compression@~1.0.9
1990 - deps: connect-timeout@~1.2.1
1993 - deps: express-session@~1.7.0
1994 - deps: finalhandler@0.1.0
1995 - deps: method-override@~2.1.2
1996 - deps: morgan@~1.2.0
1997 - deps: multiparty@3.3.1
1998 - deps: parseurl@~1.2.0
1999 - deps: serve-static@~1.4.0
2002 - Add `TRACE_DEPRECATION` environment variable
2003 - Remove non-standard grey color from color output
2004 - Support `--no-deprecation` argument
2005 - Support `--trace-deprecation` argument
2006 * deps: parseurl@~1.2.0
2007 - Cache URLs based on original value
2008 - Remove no-longer-needed URL mis-parse work-around
2009 - Simplify the "fast-path" `RegExp`
2011 - Add `dotfiles` option
2012 - Cap `maxAge` value to 1 year
2019 * add explicit "Rosetta Flash JSONP abuse" protection
2020 - previous versions are not vulnerable; this is just explicit protection
2021 * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
2022 * fix `res.send(status, num)` to send `num` as json (not error)
2023 * remove unnecessary escaping when `res.jsonp` returns JSON response
2024 * deps: basic-auth@1.0.0
2025 - support empty password
2026 - support empty username
2027 * deps: connect@2.23.0
2029 - deps: express-session@~1.6.4
2030 - deps: method-override@~2.1.0
2031 - deps: parseurl@~1.1.3
2032 - deps: serve-static@~1.3.1
2034 - Add support for multiple wildcards in namespaces
2035 * deps: methods@1.1.0
2037 * deps: parseurl@~1.1.3
2038 - faster parsing of href-only URLs
2043 * add deprecation message to `app.configure`
2044 * add deprecation message to `req.auth`
2045 * use `basic-auth` to parse `Authorization` header
2046 * deps: connect@2.22.0
2047 - deps: csurf@~1.3.0
2048 - deps: express-session@~1.6.1
2049 - deps: multiparty@3.3.0
2050 - deps: serve-static@~1.3.0
2052 - Accept string for `maxage` (converted by `ms`)
2053 - Include link in default redirect response
2058 * deps: connect@2.21.1
2059 - deps: cookie-parser@1.3.2
2060 - deps: cookie-signature@1.0.4
2061 - deps: express-session@~1.5.2
2062 - deps: type-is@~1.3.2
2063 * deps: cookie-signature@1.0.4
2064 - fix for timing attacks
2069 * use `media-typer` to alter content-type charset
2070 * deps: connect@2.21.0
2071 - deprecate `connect(middleware)` -- use `app.use(middleware)` instead
2072 - deprecate `connect.createServer()` -- use `connect()` instead
2073 - fix `res.setHeader()` patch to work with with get -> append -> set pattern
2074 - deps: compression@~1.0.8
2075 - deps: errorhandler@~1.1.1
2076 - deps: express-session@~1.5.0
2077 - deps: serve-index@~1.1.3
2082 * deprecate things with `depd` module
2083 * deps: buffer-crc32@0.2.3
2084 * deps: connect@2.20.2
2085 - deprecate `verify` option to `json` -- use `body-parser` npm module instead
2086 - deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
2087 - deprecate things with `depd` module
2088 - use `finalhandler` for final response handling
2089 - use `media-typer` to parse `content-type` for charset
2090 - deps: body-parser@1.4.3
2091 - deps: connect-timeout@1.1.1
2092 - deps: cookie-parser@1.3.1
2094 - deps: errorhandler@1.1.0
2095 - deps: express-session@1.4.0
2096 - deps: multiparty@3.2.9
2097 - deps: serve-index@1.1.2
2098 - deps: type-is@1.3.1
2104 * deps: connect@2.19.6
2105 - deps: body-parser@1.3.1
2106 - deps: compression@1.0.7
2108 - deps: serve-index@1.1.1
2109 - deps: serve-static@1.2.3
2112 - Do not throw uncatchable error on file open race condition
2113 - Use `escape-html` for HTML escaping
2115 - deps: finished@1.2.2
2121 * deps: connect@2.19.5
2122 - fix "event emitter leak" warnings
2125 - deps: serve-static@1.2.2
2126 - deps: type-is@1.2.1
2129 - fix "event emitter leak" warnings
2130 - deps: finished@1.2.1
2136 * use `vary` module for `res.vary`
2137 * deps: connect@2.19.4
2138 - deps: errorhandler@1.0.2
2139 - deps: method-override@2.0.2
2140 - deps: serve-favicon@2.0.1
2146 * deps: connect@2.19.3
2147 - deps: compression@1.0.6
2152 * deps: connect@2.19.2
2153 - deps: compression@1.0.4
2154 * deps: proxy-addr@1.0.1
2159 * deps: connect@2.19.1
2160 - deprecate `methodOverride()` -- use `method-override` npm module instead
2161 - deps: body-parser@1.3.0
2162 - deps: method-override@2.0.1
2163 - deps: multiparty@3.2.8
2164 - deps: response-time@2.0.0
2165 - deps: serve-static@1.2.1
2166 * deps: methods@1.0.1
2168 - Send `max-age` in `Cache-Control` in correct format
2173 * custom etag control with `app.set('etag', val)`
2174 - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
2175 - `app.set('etag', 'weak')` weak tag
2176 - `app.set('etag', 'strong')` strong etag
2177 - `app.set('etag', false)` turn off
2178 - `app.set('etag', true)` standard etag
2179 * Include ETag in HEAD requests
2180 * mark `res.send` ETag as weak and reduce collisions
2181 * update connect to 2.18.0
2182 - deps: compression@1.0.3
2183 - deps: serve-index@1.1.0
2184 - deps: serve-static@1.2.0
2185 * update send to 0.4.0
2186 - Calculate ETag with md5 for reduced collisions
2187 - Ignore stream errors after request ends
2193 * update connect to 2.17.3
2194 - deps: body-parser@1.2.2
2195 - deps: express-session@1.2.1
2196 - deps: method-override@1.0.2
2201 * keep previous `Content-Type` for `res.jsonp`
2202 * set proper `charset` in `Content-Type` for `res.send`
2203 * update connect to 2.17.1
2204 - fix `res.charset` appending charset when `content-type` has one
2205 - deps: express-session@1.2.0
2206 - deps: morgan@1.1.1
2207 - deps: serve-index@1.0.3
2212 * proper proxy trust with `app.set('trust proxy', trust)`
2213 - `app.set('trust proxy', 1)` trust first hop
2214 - `app.set('trust proxy', 'loopback')` trust loopback addresses
2215 - `app.set('trust proxy', '10.0.0.1')` trust single IP
2216 - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
2217 - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
2218 - `app.set('trust proxy', false)` turn off
2219 - `app.set('trust proxy', true)` trust everything
2220 * update connect to 2.16.2
2221 - deprecate `res.headerSent` -- use `res.headersSent`
2222 - deprecate `res.on("header")` -- use on-headers module instead
2223 - fix edge-case in `res.appendHeader` that would append in wrong order
2224 - json: use body-parser
2225 - urlencoded: use body-parser
2227 - dep: cookie-parser@1.1.0
2229 - dep: express-session@1.1.0
2230 - dep: method-override@1.0.1
2235 * deprecate `app.del()` -- use `app.delete()` instead
2236 * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
2237 - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
2238 * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
2239 - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
2240 * support PURGE method
2242 - add `router.purge`
2243 - include PURGE in `app.all`
2244 * update connect to 2.15.0
2245 * Add `res.appendHeader`
2246 * Call error stack even when response has been sent
2247 * Patch `res.headerSent` to return Boolean
2248 * Patch `res.headersSent` for node.js 0.8
2249 * Prevent default 404 handler after response sent
2250 * dep: compression@1.0.2
2251 * dep: connect-timeout@1.1.0
2253 * dep: errorhandler@1.0.1
2254 * dep: express-session@1.0.4
2256 * dep: serve-favicon@2.0.0
2257 * dep: serve-index@1.0.2
2258 * update debug to 0.8.0
2259 * add `enable()` method
2260 * change from stderr to stdout
2261 * update methods to 1.0.0
2263 * update mkdirp to 0.5.0
2268 * fix `req.host` for IPv6 literals
2269 * fix `res.jsonp` error if callback param is object
2274 * update connect to 2.14.5
2275 * update cookie to 0.1.2
2276 * update mkdirp to 0.4.0
2277 * update send to 0.3.0
2282 * pin less-middleware in generated app
2292 * prevent incorrect automatic OPTIONS responses #1868 @dpatti
2293 * update binary and examples for jade 1.0 #1876 @yossi, #1877 @reqshark, #1892 @matheusazzi
2294 * throw 400 in case of malformed paths @rlidwka
2304 * update connect (raw-body)
2310 * res.location: remove leading ./ #1802 @kapouer
2311 * res.redirect: fix `res.redirect('toString') #1829 @michaelficarra
2312 * res.send: always send ETag when content-length > 0
2313 * router: add Router.all() method
2321 * express(1): replace bodyParser() with urlencoded() and json() #1795 @chirag04
2332 * downgrade commander
2339 * jsonp: check if callback is a function
2340 * router: wrap encodeURIComponent in a try/catch #1735 (@lxe)
2341 * res.format: now includes charset @1747 (@sorribas)
2342 * res.links: allow multiple calls @1746 (@sorribas)
2347 * add res.vary(). Closes #1682
2363 * Revert "remove charset from json responses. Closes #1631" (causes issues in some clients)
2364 * add: req.accepts take an argument list
2369 * update send and connect
2381 * remove .version export
2392 * add support for multiple X-Forwarded-Proto values. Closes #1646
2393 * change: remove charset from json responses. Closes #1631
2394 * change: return actual booleans from req.accept* functions
2395 * fix jsonp callback array throw
2406 * update node-cookie
2407 * add: throw a meaningful error when there is no default engine
2408 * change generation of ETags with res.send() to GET requests only. Closes #1619
2413 * fix `req.subdomains` when no Host is present
2414 * fix `req.host` when no Host is present, return undefined
2419 * update connect / qs
2429 * add app.VERB() paths array deprecation warning
2431 * update qs and remove all ~ semver crap
2432 * fix: accept number as value of Signed Cookie
2437 * add "view" constructor setting to override view behaviour
2438 * add req.acceptsEncoding(name)
2439 * add req.acceptedEncodings
2440 * revert cookie signature change causing session race conditions
2441 * fix sorting of Accept values of the same quality
2446 * add support for custom Accept parameters
2447 * update cookie-signature
2452 * add X-Forwarded-Host support to `req.host`
2453 * fix relative redirects
2455 * update buffer-crc32
2456 * remove legacy app.configure() method from app template.
2461 * add support for leading "." in "view engine" setting
2462 * add array support to `res.set()`
2463 * add node 0.8.x to travis.yml
2464 * add "subdomain offset" setting for tweaking `req.subdomains`
2465 * add `res.location(url)` implementing `res.redirect()`-like setting of Location
2466 * use app.get() for x-powered-by setting for inheritance
2467 * fix colons in passwords for `req.auth`
2472 * add http verb methods to Router
2474 * fix mangling of the `res.cookie()` options object
2475 * fix jsonp whitespace escape. Closes #1132
2480 * add throwing when a non-function is passed to a route
2481 * fix: explicitly remove Transfer-Encoding header from 204 and 304 responses
2482 * revert "add 'etag' option"
2487 * add 'etag' option to disable `res.send()` Etags
2488 * add escaping of urls in text/plain in `res.redirect()`
2489 for old browsers interpreting as html
2490 * change crc32 module for a more liberal license
2497 * update cookie module
2498 * fix cookie max-age
2503 * add OPTIONS to cors example. Closes #1398
2504 * fix route chaining regression. Closes #1397
2515 * add "Basic" check to req.auth
2516 * add `req.auth` test coverage
2517 * add cb && cb(payload) to `res.jsonp()`. Closes #1374
2518 * add backwards compat for `res.redirect()` status. Closes #1336
2519 * add support for `res.json()` to retain previously defined Content-Types. Closes #1349
2521 * change `res.redirect()` to utilize a pathname-relative Location again. Closes #1382
2522 * remove non-primitive string support for `res.send()`
2523 * fix view-locals example. Closes #1370
2524 * fix route-separation example
2526 3.0.0rc5 / 2012-09-18
2530 * add redis search example
2531 * add static-files example
2532 * add "x-powered-by" setting (`app.disable('x-powered-by')`)
2533 * add "application/octet-stream" redirect Accept test case. Closes #1317
2535 3.0.0rc4 / 2012-08-30
2538 * add `res.jsonp()`. Closes #1307
2539 * add "verbose errors" option to error-pages example
2540 * add another route example to express(1) so people are not so confused
2541 * add redis online user activity tracking example
2542 * update connect dep
2543 * fix etag quoting. Closes #1310
2544 * fix error-pages 404 status
2545 * fix jsonp callback char restrictions
2546 * remove old OPTIONS default response
2548 3.0.0rc3 / 2012-08-13
2551 * update connect dep
2552 * fix signed cookies to work with `connect.cookieParser()` ("s:" prefix was missing) [tnydwrds]
2553 * fix `res.render()` clobbering of "locals"
2555 3.0.0rc2 / 2012-08-03
2559 * update connect dep
2560 * deprecate `.createServer()` & remove old stale examples
2561 * fix: escape `res.redirect()` link
2564 3.0.0rc1 / 2012-07-24
2567 * add more examples to view-locals
2568 * add scheme-relative redirects (`res.redirect("//foo.com")`) support
2570 * update connect dep
2572 * fix `express(1)` -h flag, use -H for hogan. Closes #1245
2573 * fix `res.sendfile()` socket error handling regression
2575 3.0.0beta7 / 2012-07-16
2578 * update connect dep for `send()` root normalization regression
2580 3.0.0beta6 / 2012-07-13
2583 * add `err.view` property for view errors. Closes #1226
2584 * add "jsonp callback name" setting
2585 * add support for "/foo/:bar*" non-greedy matches
2586 * change `res.sendfile()` to use `send()` module
2587 * change `res.send` to use "response-send" module
2588 * remove `app.locals.use` and `res.locals.use`, use regular middleware
2590 3.0.0beta5 / 2012-07-03
2593 * add "make check" support
2594 * add route-map example
2595 * add `res.json(obj, status)` support back for BC
2596 * add "methods" dep, remove internal methods module
2597 * update connect dep
2598 * update auth example to utilize cores pbkdf2
2599 * updated tests to use "supertest"
2601 3.0.0beta4 / 2012-06-25
2605 * Added `req.range(size)`
2606 * Added `res.links(obj)`
2607 * Added `res.send(body, status)` support back for backwards compat
2608 * Added `.default()` support to `res.format()`
2609 * Added 2xx / 304 check to `req.fresh`
2610 * Revert "Added + support to the router"
2611 * Fixed `res.send()` freshness check, respect res.statusCode
2613 3.0.0beta3 / 2012-06-15
2616 * Added hogan `--hjs` to express(1) [nullfirm]
2617 * Added another example to content-negotiation
2619 * Changed: `res.send()` always checks freshness
2620 * Fixed: expose connects mime module. Closes #1165
2622 3.0.0beta2 / 2012-06-06
2625 * Added `+` support to the router
2627 * Changed `req.param()` to check route first
2628 * Update connect dep
2630 3.0.0beta1 / 2012-06-01
2633 * Added `res.format()` callback to override default 406 behaviour
2634 * Fixed `res.redirect()` 406. Closes #1154
2636 3.0.0alpha5 / 2012-05-30
2640 * Added `{ signed: true }` option to `res.cookie()`
2641 * Removed `res.signedCookie()`
2642 * Changed: dont reverse `req.ips`
2643 * Fixed "trust proxy" setting check for `req.ips`
2645 3.0.0alpha4 / 2012-05-09
2648 * Added: allow `[]` in jsonp callback. Closes #1128
2649 * Added `PORT` env var support in generated template. Closes #1118 [benatkin]
2650 * Updated: connect 2.2.2
2652 3.0.0alpha3 / 2012-05-04
2655 * Added public `app.routes`. Closes #887
2656 * Added _view-locals_ example
2657 * Added _mvc_ example
2658 * Added `res.locals.use()`. Closes #1120
2659 * Added conditional-GET support to `res.send()`
2660 * Added: coerce `res.set()` values to strings
2661 * Changed: moved `static()` in generated apps below router
2662 * Changed: `res.send()` only set ETag when not previously set
2663 * Changed connect 2.2.1 dep
2664 * Changed: `make test` now runs unit / acceptance tests
2665 * Fixed req/res proto inheritance
2667 3.0.0alpha2 / 2012-04-26
2670 * Added `make benchmark` back
2671 * Added `res.send()` support for `String` objects
2672 * Added client-side data exposing example
2673 * Added `res.header()` and `req.header()` aliases for BC
2674 * Added `express.createServer()` for BC
2675 * Perf: memoize parsed urls
2676 * Perf: connect 2.2.0 dep
2677 * Changed: make `expressInit()` middleware self-aware
2678 * Fixed: use app.get() for all core settings
2679 * Fixed redis session example
2680 * Fixed session example. Closes #1105
2681 * Fixed generated express dep. Closes #1078
2683 3.0.0alpha1 / 2012-04-15
2686 * Added `app.locals.use(callback)`
2687 * Added `app.locals` object
2688 * Added `app.locals(obj)`
2689 * Added `res.locals` object
2690 * Added `res.locals(obj)`
2691 * Added `res.format()` for content-negotiation
2692 * Added `app.engine()`
2693 * Added `res.cookie()` JSON cookie support
2694 * Added "trust proxy" setting
2695 * Added `req.subdomains`
2696 * Added `req.protocol`
2697 * Added `req.secure`
2702 * Added comma-delimited / array support for `req.accepts()`
2703 * Added debug instrumentation
2704 * Added `res.set(obj)`
2705 * Added `res.set(field, value)`
2706 * Added `res.get(field)`
2707 * Added `app.get(setting)`. Closes #842
2708 * Added `req.acceptsLanguage()`
2709 * Added `req.acceptsCharset()`
2710 * Added `req.accepted`
2711 * Added `req.acceptedLanguages`
2712 * Added `req.acceptedCharsets`
2713 * Added "json replacer" setting
2714 * Added "json spaces" setting
2715 * Added X-Forwarded-Proto support to `res.redirect()`. Closes #92
2716 * Added `--less` support to express(1)
2717 * Added `express.response` prototype
2718 * Added `express.request` prototype
2719 * Added `express.application` prototype
2720 * Added `app.path()`
2721 * Added `app.render()`
2722 * Added `res.type()` to replace `res.contentType()`
2723 * Changed: `res.redirect()` to add relative support
2724 * Changed: enable "jsonp callback" by default
2725 * Changed: renamed "case sensitive routes" to "case sensitive routing"
2726 * Rewrite of all tests with mocha
2727 * Removed "root" setting
2728 * Removed `res.redirect('home')` support
2729 * Removed `req.notify()`
2730 * Removed `app.register()`
2731 * Removed `app.redirect()`
2732 * Removed `app.is()`
2733 * Removed `app.helpers()`
2734 * Removed `app.dynamicHelpers()`
2735 * Fixed `res.sendfile()` with non-GET. Closes #723
2736 * Fixed express(1) public dir for windows. Closes #866
2741 * Added support for PURGE request method [pbuyle]
2742 * Fixed `express(1)` generated app `app.address()` before `listening` [mmalecki]
2747 * Update mkdirp dep. Closes #991
2752 * Fixed `app.all` duplicate DELETE requests [mscdex]
2757 * Updated hamljs dev dep. Closes #953
2762 * Fixed: set `filename` on cached templates [matthewleon]
2767 * Fixed `express(1)` eol on 0.4.x. Closes #947
2772 * Fixed `req.is()` when a charset is present
2777 * Fixed: express(1) LF -> CRLF for windows
2782 * Changed: updated connect to 1.8.x
2783 * Removed sass.js support from express(1)
2788 * Added ./routes dir for generated app by default
2789 * Added npm install reminder to express(1) app gen
2790 * Added 0.5.x support
2791 * Removed `make test-cov` since it wont work with node 0.5.x
2792 * Fixed express(1) public dir for windows. Closes #866
2797 * Added mkdirp to express(1). Closes #795
2798 * Added simple _json-config_ example
2799 * Added shorthand for the parsed request's pathname via `req.path`
2800 * Changed connect dep to 1.7.x to fix npm issue...
2801 * Fixed `res.redirect()` __HEAD__ support. [reported by xerox]
2802 * Fixed `req.flash()`, only escape args
2803 * Fixed absolute path checking on windows. Closes #829 [reported by andrewpmckenzie]
2808 * Fixed multiple param callback regression. Closes #824 [reported by TroyGoode]
2813 * Added support for routes to handle errors. Closes #809
2814 * Added `app.routes.all()`. Closes #803
2815 * Added "basepath" setting to work in conjunction with reverse proxies etc.
2816 * Refactored `Route` to use a single array of callbacks
2817 * Added support for multiple callbacks for `app.param()`. Closes #801
2819 * Changed: removed .call(self) for route callbacks
2820 * Dependency: `qs >= 0.3.1`
2821 * Fixed `res.redirect()` on windows due to `join()` usage. Closes #808
2826 * Fixed `res.header()` intention of a set, even when `undefined`
2827 * Fixed `*`, value no longer required
2828 * Fixed `res.send(204)` support. Closes #771
2833 * Added docs for `status` option special-case. Closes #739
2834 * Fixed `options.filename`, exposing the view path to template engines
2839 * Revert "removed jsonp stripping" for XSS
2844 * Added `res.json()` JSONP support. Closes #737
2845 * Added _extending-templates_ example. Closes #730
2846 * Added "strict routing" setting for trailing slashes
2847 * Added support for multiple envs in `app.configure()` calls. Closes #735
2848 * Changed: `res.send()` using `res.json()`
2849 * Changed: when cookie `path === null` don't default it
2850 * Changed; default cookie path to "home" setting. Closes #731
2851 * Removed _pids/logs_ creation from express(1)
2856 * Added chainable `res.status(code)`
2857 * Added `res.json()`, an explicit version of `res.send(obj)`
2858 * Added simple web-service example
2863 * \#express is now on freenode! come join!
2864 * Added `req.get(field, param)`
2865 * Added links to Japanese documentation, thanks @hideyukisaito!
2866 * Added; the `express(1)` generated app outputs the env
2867 * Added `content-negotiation` example
2868 * Dependency: connect >= 1.5.1 < 2.0.0
2869 * Fixed view layout bug. Closes #720
2870 * Fixed; ignore body on 304. Closes #701
2876 * Removed generation of dummy test file from `express(1)`
2877 * Fixed; `express(1)` adds express as a dep
2878 * Fixed; prune on `prepublish`
2883 * Added `req.route`, exposing the current route
2884 * Added _package.json_ generation support to `express(1)`
2885 * Fixed call to `app.param()` function for optional params. Closes #682
2890 * Fixed bug-ish with `../' in `res.partial()` calls
2895 * Fixed `app.options()`
2900 * Added route `Collection`, ex: `app.get('/user/:id').remove();`
2901 * Added support for `app.param(fn)` to define param logic
2902 * Removed `app.param()` support for callback with return value
2903 * Removed module.parent check from express(1) generated app. Closes #670
2904 * Refactored router. Closes #639
2909 * Changed; using devDependencies instead of git submodules
2910 * Fixed redis session example
2911 * Fixed markdown example
2912 * Fixed view caching, should not be enabled in development
2917 * Added export `.view` as alias for `.View`
2922 * Added `./examples/say`
2923 * Fixed `res.sendfile()` bug preventing the transfer of files with spaces
2928 * Added "case sensitive routes" option.
2929 * Changed; split methods supported per rfc [slaskis]
2930 * Fixed route-specific middleware when using the same callback function several times
2940 * Added `app.match()` as `app.match.all()`
2941 * Added `app.lookup()` as `app.lookup.all()`
2942 * Added `app.remove()` for `app.remove.all()`
2943 * Added `app.remove.VERB()`
2944 * Fixed template caching collision issue. Closes #644
2945 * Moved router over from connect and started refactor
2950 * Added options support to `res.clearCookie()`
2951 * Added `res.helpers()` as alias of `res.locals()`
2952 * Added; json defaults to UTF-8 with `res.send()`. Closes #632. [Daniel * Dependency `connect >= 1.4.0`
2953 * Changed; auto set Content-Type in res.attachement [Aaron Heckmann]
2954 * Renamed "cache views" to "view cache". Closes #628
2955 * Fixed caching of views when using several apps. Closes #637
2956 * Fixed gotcha invoking `app.param()` callbacks once per route middleware.
2958 * Fixed partial lookup precedence. Closes #631
2964 * Added second callback support for `res.download()` connection errors
2965 * Fixed `filename` option passing to template engine
2970 * Added `layout(path)` helper to change the layout within a view. Closes #610
2971 * Fixed `partial()` collection object support.
2972 Previously only anything with `.length` would work.
2973 When `.length` is present one must still be aware of holes,
2974 however now `{ collection: {foo: 'bar'}}` is valid, exposes
2975 `keyInCollection` and `keysInCollection`.
2977 * Performance improved with better view caching
2978 * Removed `request` and `response` locals
2979 * Changed; errorHandler page title is now `Express` instead of `Connect`
2984 * Added `app.lookup.VERB()`, ex `app.lookup.put('/user/:id')`. Closes #606
2985 * Added `app.match.VERB()`, ex `app.match.put('/user/12')`. Closes #606
2986 * Added `app.VERB(path)` as alias of `app.lookup.VERB()`.
2987 * Dependency `connect >= 1.2.0`
2992 * Added; expose `err.view` object when failing to locate a view
2993 * Fixed `res.partial()` call `next(err)` when no callback is given [reported by aheckmann]
2994 * Fixed; `res.send(undefined)` responds with 204 [aheckmann]
2999 * Added `<root>/_?<name>` partial lookup support. Closes #447
3000 * Added `request`, `response`, and `app` local variables
3001 * Added `settings` local variable, containing the app's settings
3002 * Added `req.flash()` exception if `req.session` is not available
3003 * Added `res.send(bool)` support (json response)
3004 * Fixed stylus example for latest version
3005 * Fixed; wrap try/catch around `res.render()`
3010 * Fixed up index view path alternative.
3011 * Changed; `res.locals()` without object returns the locals
3013 2.0.0rc3 / 2011-03-17
3016 * Added `res.locals(obj)` to compliment `res.local(key, val)`
3017 * Added `res.partial()` callback support
3018 * Fixed recursive error reporting issue in `res.render()`
3020 2.0.0rc2 / 2011-03-17
3023 * Changed; `partial()` "locals" are now optional
3024 * Fixed `SlowBuffer` support. Closes #584 [reported by tyrda01]
3025 * Fixed .filename view engine option [reported by drudge]
3026 * Fixed blog example
3027 * Fixed `{req,res}.app` reference when mounting [Ben Weaver]
3029 2.0.0rc / 2011-03-14
3032 * Fixed; expose `HTTPSServer` constructor
3033 * Fixed express(1) default test charset. Closes #579 [reported by secoif]
3034 * Fixed; default charset to utf-8 instead of utf8 for lame IE [reported by NickP]
3036 2.0.0beta3 / 2011-03-09
3039 * Added support for `res.contentType()` literal
3040 The original `res.contentType('.json')`,
3041 `res.contentType('application/json')`, and `res.contentType('json')`
3043 * Added `res.render()` status option support back
3044 * Added charset option for `res.render()`
3045 * Added `.charset` support (via connect 1.0.4)
3046 * Added view resolution hints when in development and a lookup fails
3047 * Added layout lookup support relative to the page view.
3048 For example while rendering `./views/user/index.jade` if you create
3049 `./views/user/layout.jade` it will be used in favour of the root layout.
3050 * Fixed `res.redirect()`. RFC states absolute url [reported by unlink]
3051 * Fixed; default `res.send()` string charset to utf8
3052 * Removed `Partial` constructor (not currently used)
3054 2.0.0beta2 / 2011-03-07
3057 * Added res.render() `.locals` support back to aid in migration process
3058 * Fixed flash example
3060 2.0.0beta / 2011-03-03
3063 * Added HTTPS support
3064 * Added `res.cookie()` maxAge support
3065 * Added `req.header()` _Referrer_ / _Referer_ special-case, either works
3066 * Added mount support for `res.redirect()`, now respects the mount-point
3067 * Added `union()` util, taking place of `merge(clone())` combo
3068 * Added stylus support to express(1) generated app
3069 * Added secret to session middleware used in examples and generated app
3070 * Added `res.local(name, val)` for progressive view locals
3071 * Added default param support to `req.param(name, default)`
3072 * Added `app.disabled()` and `app.enabled()`
3073 * Added `app.register()` support for omitting leading ".", either works
3074 * Added `res.partial()`, using the same interface as `partial()` within a view. Closes #539
3075 * Added `app.param()` to map route params to async/sync logic
3076 * Added; aliased `app.helpers()` as `app.locals()`. Closes #481
3077 * Added extname with no leading "." support to `res.contentType()`
3078 * Added `cache views` setting, defaulting to enabled in "production" env
3079 * Added index file partial resolution, eg: partial('user') may try _views/user/index.jade_.
3080 * Added `req.accepts()` support for extensions
3081 * Changed; `res.download()` and `res.sendfile()` now utilize Connect's
3082 static file server `connect.static.send()`.
3083 * Changed; replaced `connect.utils.mime()` with npm _mime_ module
3084 * Changed; allow `req.query` to be pre-defined (via middleware or other parent
3085 * Changed view partial resolution, now relative to parent view
3086 * Changed view engine signature. no longer `engine.render(str, options, callback)`, now `engine.compile(str, options) -> Function`, the returned function accepts `fn(locals)`.
3087 * Fixed `req.param()` bug returning Array.prototype methods. Closes #552
3088 * Fixed; using `Stream#pipe()` instead of `sys.pump()` in `res.sendfile()`
3089 * Fixed; using _qs_ module instead of _querystring_
3090 * Fixed; strip unsafe chars from jsonp callbacks
3091 * Removed "stream threshold" setting
3096 * Allow `req.query` to be pre-defined (via middleware or other parent app)
3097 * "connect": ">= 0.5.0 < 1.0.0". Closes #547
3098 * Removed the long deprecated __EXPRESS_ENV__ support
3103 * Fixed `render()` setting inheritance.
3104 Mounted apps would not inherit "view engine"
3109 * Fixed `view engine` setting bug when period is in dirname
3114 * Added secret to generated app `session()` call
3119 * Added `qs` dependency to _package.json_
3120 * Fixed namespaced `require()`s for latest connect support
3125 * Remove unsafe characters from JSONP callback names [Ryan Grove]
3130 * Removed nested require, using `connect.router`
3135 * Fixed for middleware stacked via `createServer()`
3136 previously the `foo` middleware passed to `createServer(foo)`
3137 would not have access to Express methods such as `res.send()`
3138 or props like `req.query` etc.
3143 * Added; deduce partial object names from the last segment.
3144 For example by default `partial('forum/post', postObject)` will
3145 give you the _post_ object, providing a meaningful default.
3146 * Added http status code string representation to `res.redirect()` body
3147 * Added; `res.redirect()` supporting _text/plain_ and _text/html_ via __Accept__.
3148 * Added `req.is()` to aid in content negotiation
3149 * Added partial local inheritance [suggested by masylum]. Closes #102
3150 providing access to parent template locals.
3151 * Added _-s, --session[s]_ flag to express(1) to add session related middleware
3152 * Added _--template_ flag to express(1) to specify the
3153 template engine to use.
3154 * Added _--css_ flag to express(1) to specify the
3155 stylesheet engine to use (or just plain css by default).
3156 * Added `app.all()` support [thanks aheckmann]
3157 * Added partial direct object support.
3158 You may now `partial('user', user)` providing the "user" local,
3159 vs previously `partial('user', { object: user })`.
3160 * Added _route-separation_ example since many people question ways
3161 to do this with CommonJS modules. Also view the _blog_ example for
3163 * Performance; caching view path derived partial object names
3164 * Fixed partial local inheritance precedence. [reported by Nick Poulden] Closes #454
3165 * Fixed jsonp support; _text/javascript_ as per mailinglist discussion
3167 1.0.0rc4 / 2010-10-14
3170 * Added _NODE_ENV_ support, _EXPRESS_ENV_ is deprecated and will be removed in 1.0.0
3171 * Added route-middleware support (very helpful, see the [docs](http://expressjs.com/guide.html#Route-Middleware))
3172 * Added _jsonp callback_ setting to enable/disable jsonp autowrapping [Dav Glass]
3173 * Added callback query check on response.send to autowrap JSON objects for simple webservice implementations [Dav Glass]
3174 * Added `partial()` support for array-like collections. Closes #434
3175 * Added support for swappable querystring parsers
3176 * Added session usage docs. Closes #443
3177 * Added dynamic helper caching. Closes #439 [suggested by maritz]
3178 * Added authentication example
3179 * Added basic Range support to `res.sendfile()` (and `res.download()` etc)
3180 * Changed; `express(1)` generated app using 2 spaces instead of 4
3181 * Default env to "development" again [aheckmann]
3182 * Removed _context_ option is no more, use "scope"
3183 * Fixed; exposing _./support_ libs to examples so they can run without installs
3186 1.0.0rc3 / 2010-09-20
3189 * Added confirmation for `express(1)` app generation. Closes #391
3190 * Added extending of flash formatters via `app.flashFormatters`
3191 * Added flash formatter support. Closes #411
3192 * Added streaming support to `res.sendfile()` using `sys.pump()` when >= "stream threshold"
3193 * Added _stream threshold_ setting for `res.sendfile()`
3194 * Added `res.send()` __HEAD__ support
3195 * Added `res.clearCookie()`
3196 * Added `res.cookie()`
3197 * Added `res.render()` headers option
3198 * Added `res.redirect()` response bodies
3199 * Added `res.render()` status option support. Closes #425 [thanks aheckmann]
3200 * Fixed `res.sendfile()` responding with 403 on malicious path
3201 * Fixed `res.download()` bug; when an error occurs remove _Content-Disposition_
3202 * Fixed; mounted apps settings now inherit from parent app [aheckmann]
3203 * Fixed; stripping Content-Length / Content-Type when 204
3204 * Fixed `res.send()` 204. Closes #419
3205 * Fixed multiple _Set-Cookie_ headers via `res.header()`. Closes #402
3206 * Fixed bug messing with error handlers when `listenFD()` is called instead of `listen()`. [thanks guillermo]
3209 1.0.0rc2 / 2010-08-17
3212 * Added `app.register()` for template engine mapping. Closes #390
3213 * Added `res.render()` callback support as second argument (no options)
3214 * Added callback support to `res.download()`
3215 * Added callback support for `res.sendfile()`
3216 * Added support for middleware access via `express.middlewareName()` vs `connect.middlewareName()`
3217 * Added "partials" setting to docs
3218 * Added default expresso tests to `express(1)` generated app. Closes #384
3219 * Fixed `res.sendfile()` error handling, defer via `next()`
3220 * Fixed `res.render()` callback when a layout is used [thanks guillermo]
3221 * Fixed; `make install` creating ~/.node_libraries when not present
3222 * Fixed issue preventing error handlers from being defined anywhere. Closes #387
3224 1.0.0rc / 2010-07-28
3227 * Added mounted hook. Closes #369
3228 * Added connect dependency to _package.json_
3230 * Removed "reload views" setting and support code
3231 development env never caches, production always caches.
3233 * Removed _param_ in route callbacks, signature is now
3234 simply (req, res, next), previously (req, res, params, next).
3235 Use _req.params_ for path captures, _req.query_ for GET params.
3237 * Fixed "home" setting
3238 * Fixed middleware/router precedence issue. Closes #366
3239 * Fixed; _configure()_ callbacks called immediately. Closes #368
3241 1.0.0beta2 / 2010-07-23
3244 * Added more examples
3245 * Added; exporting `Server` constructor
3246 * Added `Server#helpers()` for view locals
3247 * Added `Server#dynamicHelpers()` for dynamic view locals. Closes #349
3248 * Added support for absolute view paths
3249 * Added; _home_ setting defaults to `Server#route` for mounted apps. Closes #363
3250 * Added Guillermo Rauch to the contributor list
3251 * Added support for "as" for non-collection partials. Closes #341
3252 * Fixed _install.sh_, ensuring _~/.node_libraries_ exists. Closes #362 [thanks jf]
3253 * Fixed `res.render()` exceptions, now passed to `next()` when no callback is given [thanks guillermo]
3254 * Fixed instanceof `Array` checks, now `Array.isArray()`
3255 * Fixed express(1) expansion of public dirs. Closes #348
3256 * Fixed middleware precedence. Closes #345
3257 * Fixed view watcher, now async [thanks aheckmann]
3259 1.0.0beta / 2010-07-15
3265 - Check [ExpressJS.com](http://expressjs.com) for migration guide and updated docs
3270 * Utilize relative requires
3271 * Added Static bufferSize option [aheckmann]
3272 * Fixed caching of view and partial subdirectories [aheckmann]
3273 * Fixed mime.type() comments now that ".ext" is not supported
3274 * Updated haml submodule
3275 * Updated class submodule
3276 * Removed bin/express
3281 * Added node v0.1.97 compatibility
3282 * Added support for deleting cookies via Request#cookie('key', null)
3283 * Updated haml submodule
3284 * Fixed not-found page, now using using charset utf-8
3285 * Fixed show-exceptions page, now using using charset utf-8
3286 * Fixed view support due to fs.readFile Buffers
3287 * Changed; mime.type() no longer accepts ".type" due to node extname() changes
3292 * Added node v0.1.96 compatibility
3293 * Added view `helpers` export which act as additional local variables
3294 * Updated haml submodule
3295 * Changed ETag; removed inode, modified time only
3296 * Fixed LF to CRLF for setting multiple cookies
3297 * Fixed cookie compilation; values are now urlencoded
3298 * Fixed cookies parsing; accepts quoted values and url escaped cookies
3303 * Added support for layouts using different engines
3304 - this.render('page.html.haml', { layout: 'super-cool-layout.html.ejs' })
3305 - this.render('page.html.haml', { layout: 'foo' }) // assumes 'foo.html.haml'
3306 - this.render('page.html.haml', { layout: false }) // no layout
3307 * Updated ext submodule
3308 * Updated haml submodule
3309 * Fixed EJS partial support by passing along the context. Issue #307
3314 * Fixed binary uploads.
3319 * Added charset support via Request#charset (automatically assigned to 'UTF-8' when respond()'s
3320 encoding is set to 'utf8' or 'utf-8'.
3321 * Added "encoding" option to Request#render(). Closes #299
3322 * Added "dump exceptions" setting, which is enabled by default.
3323 * Added simple ejs template engine support
3324 * Added error response support for text/plain, application/json. Closes #297
3325 * Added callback function param to Request#error()
3326 * Added Request#sendHead()
3327 * Added Request#stream()
3328 * Added support for Request#respond(304, null) for empty response bodies
3329 * Added ETag support to Request#sendfile()
3330 * Added options to Request#sendfile(), passed to fs.createReadStream()
3331 * Added filename arg to Request#download()
3332 * Performance enhanced due to pre-reversing plugins so that plugins.reverse() is not called on each request
3333 * Performance enhanced by preventing several calls to toLowerCase() in Router#match()
3334 * Changed; Request#sendfile() now streams
3335 * Changed; Renamed Request#halt() to Request#respond(). Closes #289
3336 * Changed; Using sys.inspect() instead of JSON.encode() for error output
3337 * Changed; run() returns the http.Server instance. Closes #298
3338 * Changed; Defaulting Server#host to null (INADDR_ANY)
3339 * Changed; Logger "common" format scale of 0.4f
3340 * Removed Logger "request" format
3341 * Fixed; Catching ENOENT in view caching, preventing error when "views/partials" is not found
3342 * Fixed several issues with http client
3343 * Fixed Logger Content-Length output
3344 * Fixed bug preventing Opera from retaining the generated session id. Closes #292
3349 * Added DSL level error() route support
3350 * Added DSL level notFound() route support
3351 * Added Request#error()
3352 * Added Request#notFound()
3353 * Added Request#render() callback function. Closes #258
3354 * Added "max upload size" setting
3355 * Added "magic" variables to collection partials (\_\_index\_\_, \_\_length\_\_, \_\_isFirst\_\_, \_\_isLast\_\_). Closes #254
3356 * Added [haml.js](http://github.com/visionmedia/haml.js) submodule; removed haml-js
3357 * Added callback function support to Request#halt() as 3rd/4th arg
3358 * Added preprocessing of route param wildcards using param(). Closes #251
3359 * Added view partial support (with collections etc)
3360 * Fixed bug preventing falsey params (such as ?page=0). Closes #286
3361 * Fixed setting of multiple cookies. Closes #199
3362 * Changed; view naming convention is now NAME.TYPE.ENGINE (for example page.html.haml)
3363 * Changed; session cookie is now httpOnly
3364 * Changed; Request is no longer global
3365 * Changed; Event is no longer global
3366 * Changed; "sys" module is no longer global
3367 * Changed; moved Request#download to Static plugin where it belongs
3368 * Changed; Request instance created before body parsing. Closes #262
3369 * Changed; Pre-caching views in memory when "cache view contents" is enabled. Closes #253
3370 * Changed; Pre-caching view partials in memory when "cache view partials" is enabled
3371 * Updated support to node --version 0.1.90
3372 * Updated dependencies
3373 * Removed set("session cookie") in favour of use(Session, { cookie: { ... }})
3374 * Removed utils.mixin(); use Object#mergeDeep()
3379 * Added coffeescript example app. Closes #242
3380 * Changed; cache api now async friendly. Closes #240
3381 * Removed deprecated 'express/static' support. Use 'express/plugins/static'
3386 * Added Request#isXHR. Closes #229
3387 * Added `make install` (for the executable)
3388 * Added `express` executable for setting up simple app templates
3389 * Added "GET /public/*" to Static plugin, defaulting to <root>/public
3390 * Added Static plugin
3391 * Fixed; Request#render() only calls cache.get() once
3392 * Fixed; Namespacing View caches with "view:"
3393 * Fixed; Namespacing Static caches with "static:"
3394 * Fixed; Both example apps now use the Static plugin
3395 * Fixed set("views"). Closes #239
3396 * Fixed missing space for combined log format
3397 * Deprecated Request#sendfile() and 'express/static'
3398 * Removed Server#running
3403 * Added Request#flash() support without args, now returns all flashes
3404 * Updated ext submodule
3409 * Fixed session reaper
3410 * Changed; class.js replacing js-oo Class implementation (quite a bit faster, no browser cruft)
3415 * Added package.json
3416 * Fixed requiring of haml / sass due to kiwi removal
3421 * Fixed GIT submodules (HAH!)
3426 * Changed; Express now using submodules again until a PM is adopted
3427 * Changed; chat example using millisecond conversions from ext
3432 * Added Request#pass() support (finds the next matching route, or the given path)
3433 * Added Logger plugin (default "common" format replaces CommonLogger)
3434 * Removed Profiler plugin
3435 * Removed CommonLogger plugin
3440 * Added seed.yml for kiwi package management support
3441 * Added HTTP client query string support when method is GET. Closes #205
3443 * Added support for arbitrary view engines.
3444 For example "foo.engine.html" will now require('engine'),
3445 the exports from this module are cached after the first require().
3447 * Added async plugin support
3449 * Removed usage of RESTful route funcs as http client
3450 get() etc, use http.get() and friends
3452 * Removed custom exceptions
3457 * Added ext dependency (library of js extensions)
3458 * Removed extname() / basename() utils. Use path module
3459 * Removed toArray() util. Use arguments.values
3460 * Removed escapeRegexp() util. Use RegExp.escape()
3461 * Removed process.mixin() dependency. Use utils.mixin()
3462 * Removed Collection
3463 * Removed ElementCollection
3464 * Shameless self promotion of ebook "Advanced JavaScript" (http://dev-mag.com) ;)
3469 * Added flash() example to sample upload app
3470 * Added high level restful http client module (express/http)
3471 * Changed; RESTful route functions double as HTTP clients. Closes #69
3472 * Changed; throwing error when routes are added at runtime
3473 * Changed; defaulting render() context to the current Request. Closes #197
3474 * Updated haml submodule
3479 * Updated haml / sass submodules. Closes #200
3480 * Added flash message support. Closes #64
3481 * Added accepts() now allows multiple args. fixes #117
3482 * Added support for plugins to halt. Closes #189
3483 * Added alternate layout support. Closes #119
3484 * Removed Route#run(). Closes #188
3485 * Fixed broken specs due to use(Cookie) missing
3490 * Added "plot" format option for Profiler (for gnuplot processing)
3491 * Added request number to Profiler plugin
3492 * Fixed binary encoding for multipart file uploads, was previously defaulting to UTF8
3493 * Fixed issue with routes not firing when not files are present. Closes #184
3494 * Fixed process.Promise -> events.Promise
3499 * Added parseParam() support for name[] etc. (allows for file inputs with "multiple" attr) Closes #180
3500 * Added Both Cache and Session option "reapInterval" may be "reapEvery". Closes #174
3501 * Added expiration support to cache api with reaper. Closes #133
3502 * Added cache Store.Memory#reap()
3503 * Added Cache; cache api now uses first class Cache instances
3504 * Added abstract session Store. Closes #172
3505 * Changed; cache Memory.Store#get() utilizing Collection
3506 * Renamed MemoryStore -> Store.Memory
3507 * Fixed use() of the same plugin several time will always use latest options. Closes #176
3512 * Changed; Hooks (before / after) pass request as arg as well as evaluated in their context
3513 * Updated node support to 0.1.27 Closes #169
3514 * Updated dirname(__filename) -> __dirname
3515 * Updated libxmljs support to v0.2.0
3516 * Added session support with memory store / reaping
3517 * Added quick uid() helper
3518 * Added multi-part upload support
3519 * Added Sass.js support / submodule
3520 * Added production env caching view contents and static files
3521 * Added static file caching. Closes #136
3522 * Added cache plugin with memory stores
3523 * Added support to StaticFile so that it works with non-textual files.
3524 * Removed dirname() helper
3525 * Removed several globals (now their modules must be required)
3530 * Added view benchmarks; currently haml vs ejs
3531 * Added Request#attachment() specs. Closes #116
3532 * Added use of node's parseQuery() util. Closes #123
3533 * Added `make init` for submodules
3535 * Updated sample chat app to show messages on load
3536 * Updated libxmljs parseString -> parseHtmlString
3537 * Fixed `make init` to work with older versions of git
3538 * Fixed specs can now run independent specs for those who can't build deps. Closes #127
3539 * Fixed issues introduced by the node url module changes. Closes 126.
3540 * Fixed two assertions failing due to Collection#keys() returning strings
3541 * Fixed faulty Collection#toArray() spec due to keys() returning strings
3542 * Fixed `make test` now builds libxmljs.node before testing