Skip to content
Compare
Choose a tag to compare
  • Fix hanging on large stack of sync routes
Compare
Choose a tag to compare
  • Add "root" option to res.download
  • Allow options without filename in res.download
  • Deprecate string and non-integer arguments to res.status
  • Fix behavior of null/undefined as maxAge in res.cookie
  • Fix handling very large stacks of sync middleware
  • Ignore Object.prototype values in settings through app.set/app.get
  • Invoke default with same arguments as types in res.format
  • Support proper 205 responses using res.send
  • Use http-errors for res.format error
  • deps: body-parser@1.20.0
    • Fix error message for json parse whitespace in strict
    • Fix internal error when inflated body exceeds limit
    • Prevent loss of async hooks context
    • Prevent hanging when request already read
    • deps: depd@2.0.0
    • deps: http-errors@2.0.0
    • deps: on-finished@2.4.1
    • deps: qs@6.10.3
    • deps: raw-body@2.5.1
  • deps: cookie@0.5.0
    • Add priority option
    • Fix expires option to reject invalid dates
  • deps: depd@2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: finalhandler@1.2.0
    • Remove set content headers that break response
    • deps: on-finished@2.4.1
    • deps: statuses@2.0.1
  • deps: on-finished@2.4.1
    • Prevent loss of async hooks context
  • deps: qs@6.10.3
  • deps: send@0.18.0
    • Fix emitted 416 error missing headers property
    • Limit the headers removed for 304 response
    • deps: depd@2.0.0
    • deps: destroy@1.2.0
    • deps: http-errors@2.0.0
    • deps: on-finished@2.4.1
    • deps: statuses@2.0.1
  • deps: serve-static@1.15.0
    • deps: send@0.18.0
  • deps: statuses@2.0.1
    • Remove code 306
    • Rename 425 Unordered Collection to standard 425 Too Early
Compare
Choose a tag to compare
  • deps: accepts@~1.3.8
    • deps: mime-types@~2.1.34
    • deps: negotiator@0.6.3
  • deps: body-parser@1.19.2
    • deps: bytes@3.1.2
    • deps: qs@6.9.7
    • deps: raw-body@2.4.3
  • deps: cookie@0.4.2
  • deps: qs@6.9.7
    • Fix handling of __proto__ keys
  • pref: remove unnecessary regexp for trust proxy
Compare
Choose a tag to compare

5.0.0-beta.1

Pre-release
Pre-release

This is the first Express 5.0 beta release, based off 4.17.2 and includes
changes from 5.0.0-alpha.8.

  • change:
    • Default "query parser" setting to 'simple'
    • Requires Node.js 4+
    • Use mime-types for file to content type mapping
  • deps: array-flatten@3.0.0
  • deps: body-parser@2.0.0-beta.1
    • req.body is no longer always initialized to {}
    • urlencoded parser now defaults extended to false
    • Use on-finished to determine when body read
  • deps: router@2.0.0-beta.1
    • Add new ?, *, and + parameter modifiers
    • Internalize private router.process_params method
    • Matching group expressions are only RegExp syntax
    • Named matching groups no longer available by position in req.params
    • Regular expressions can only be used in a matching group
    • Remove debug dependency
    • Special * path segment behavior removed
    • deps: array-flatten@3.0.0
    • deps: parseurl@~1.3.3
    • deps: path-to-regexp@3.2.0
    • deps: setprototypeof@1.2.0
  • deps: send@1.0.0-beta.1
    • Change dotfiles option default to 'ignore'
    • Remove hidden option; use dotfiles option instead
    • Use mime-types for file to content type mapping
    • deps: debug@3.1.0
  • deps: serve-static@2.0.0-beta.1
    • Change dotfiles option default to 'ignore'
    • Remove hidden option; use dotfiles option instead
    • Use mime-types for file to content type mapping
    • deps: send@1.0.0-beta.1
Compare
Choose a tag to compare
  • Fix handling of undefined in res.jsonp
  • Fix handling of undefined when "json escape" is enabled
  • Fix incorrect middleware execution with unanchored RegExps
  • Fix res.jsonp(obj, status) deprecation message
  • Fix typo in res.is JSDoc
  • deps: body-parser@1.19.1
    • deps: bytes@3.1.1
    • deps: http-errors@1.8.1
    • deps: qs@6.9.6
    • deps: raw-body@2.4.2
    • deps: safe-buffer@5.2.1
    • deps: type-is@~1.6.18
  • deps: content-disposition@0.5.4
    • deps: safe-buffer@5.2.1
  • deps: cookie@0.4.1
    • Fix maxAge option to reject invalid values
  • deps: proxy-addr@~2.0.7
    • Use req.socket over deprecated req.connection
    • deps: forwarded@0.2.0
    • deps: ipaddr.js@1.9.1
  • deps: qs@6.9.6
  • deps: safe-buffer@5.2.1
  • deps: send@0.17.2
    • deps: http-errors@1.8.1
    • deps: ms@2.1.3
    • pref: ignore empty http tokens
  • deps: serve-static@1.14.2
    • deps: send@0.17.2
  • deps: setprototypeof@1.2.0
Compare
Choose a tag to compare

5.0.0-alpha.8

Pre-release
Pre-release

This is the sixth Express 5.0 alpha release, based off 4.17.1 and includes
changes from 5.0.0-alpha.7.

Compare
Choose a tag to compare
  • Revert "Improve error message for null/undefined to res.status"
Compare
Choose a tag to compare
  • Add express.raw to parse bodies into Buffer
  • Add express.text to parse bodies into string
  • Improve error message for non-strings to res.sendFile
  • Improve error message for null/undefined to res.status
  • Support multiple hosts in X-Forwarded-Host
  • deps: accepts@~1.3.7
  • deps: body-parser@1.19.0
    • Add encoding MIK
    • Add petabyte (pb) support
    • Fix parsing array brackets after index
    • deps: bytes@3.1.0
    • deps: http-errors@1.7.2
    • deps: iconv-lite@0.4.24
    • deps: qs@6.7.0
    • deps: raw-body@2.4.0
    • deps: type-is@~1.6.17
  • deps: content-disposition@0.5.3
  • deps: cookie@0.4.0
    • Add SameSite=None support
  • deps: finalhandler@~1.1.2
    • Set stricter Content-Security-Policy header
    • deps: parseurl@~1.3.3
    • deps: statuses@~1.5.0
  • deps: parseurl@~1.3.3
  • deps: proxy-addr@~2.0.5
    • deps: ipaddr.js@1.9.0
  • deps: qs@6.7.0
    • Fix parsing array brackets after index
  • deps: range-parser@~1.2.1
  • deps: send@0.17.1
    • Set stricter CSP header in redirect & error responses
    • deps: http-errors@~1.7.2
    • deps: mime@1.6.0
    • deps: ms@2.1.1
    • deps: range-parser@~1.2.1
    • deps: statuses@~1.5.0
    • perf: remove redundant path.normalize call
  • deps: serve-static@1.14.1
    • Set stricter CSP header in redirect response
    • deps: parseurl@~1.3.3
    • deps: send@0.17.1
  • deps: setprototypeof@1.1.1
  • deps: statuses@~1.5.0
    • Add 103 Early Hints
  • deps: type-is@~1.6.18
    • deps: mime-types@~2.1.24
    • perf: prevent internal throw on invalid type
Compare
Choose a tag to compare

5.0.0-alpha.7

Pre-release
Pre-release

This is the seventh Express 5.0 alpha release, based off 4.16.4 and includes
changes from 5.0.0-alpha.6.

The major change with this alpha is the basic support for returned, rejected
Promises in the router.

  • remove:
    • path-to-regexp dependency
  • deps: debug@3.1.0
    • Add DEBUG_HIDE_DATE environment variable
    • Change timer to per-namespace instead of global
    • Change non-TTY date format
    • Remove DEBUG_FD environment variable support
    • Support 256 namespace colors
  • deps: router@2.0.0-alpha.1
    • Add basic support for returned, rejected Promises
    • Fix JSDoc for Router constructor
    • deps: debug@3.1.0
    • deps: parseurl@~1.3.2
    • deps: setprototypeof@1.1.0
    • deps: utils-merge@1.0.1
Compare
Choose a tag to compare
  • Fix issue where "Request aborted" may be logged in res.sendfile
  • Fix JSDoc for Router constructor
  • deps: body-parser@1.18.3
    • Fix deprecation warnings on Node.js 10+
    • Fix stack trace for strict json parse error
    • deps: depd@~1.1.2
    • deps: http-errors@~1.6.3
    • deps: iconv-lite@0.4.23
    • deps: qs@6.5.2
    • deps: raw-body@2.3.3
    • deps: type-is@~1.6.16
  • deps: proxy-addr@~2.0.4
    • deps: ipaddr.js@1.8.0
  • deps: qs@6.5.2
  • deps: safe-buffer@5.1.2