Permalink
Fetching contributors…
Cannot retrieve contributors at this time
2500 lines (2051 sloc) 73 KB

3.6.7 / 2018-03-06

  • deps: finalhandler@1.1.1
    • Fix 404 output for bad / missing pathnames
    • deps: encodeurl@~1.0.2
    • deps: statuses@~1.4.0

3.6.6 / 2018-02-14

  • deps: finalhandler@1.1.0
    • Use res.headersSent when available
  • perf: remove array read-past-end

3.6.5 / 2017-09-22

  • deps: debug@2.6.9
  • deps: finalhandler@1.0.6
    • deps: debug@2.6.9

3.6.4 / 2017-09-20

  • deps: finalhandler@1.0.5
    • deps: parseurl@~1.3.2
  • deps: parseurl@~1.3.2
    • perf: reduce overhead for full URLs
    • perf: unroll the "fast-path" RegExp
  • deps: utils-merge@1.0.1

3.6.3 / 2017-08-03

  • deps: debug@2.6.8
  • deps: finalhandler@1.0.4
    • deps: debug@2.6.8

3.6.2 / 2017-05-16

  • deps: finalhandler@1.0.3
    • deps: debug@2.6.7
  • deps: debug@2.6.7
    • deps: ms@2.0.0

3.6.1 / 2017-04-19

  • deps: debug@2.6.3
    • Fix DEBUG_MAX_ARRAY_LENGTH
  • deps: finalhandler@1.0.1
    • Fix missing </html> in HTML document
    • deps: debug@2.6.3

3.6.0 / 2017-02-17

  • deps: debug@2.6.1
    • Allow colors in workers
    • Deprecated DEBUG_FD environment variable set to 3 or higher
    • Fix error when running under React Native
    • Use same color for same namespace
    • deps: ms@0.7.2
  • deps: finalhandler@1.0.0
    • Fix exception when err cannot be converted to a string
    • Fully URL-encode the pathname in the 404
    • Only include the pathname in the 404 message
    • Send complete HTML document
    • Set Content-Security-Policy: default-src 'self' header
    • deps: debug@2.6.1

3.5.1 / 2017-02-12

  • deps: finalhandler@0.5.1
    • Fix exception when err.headers is not an object
    • deps: statuses@~1.3.1
    • perf: hoist regular expressions
    • perf: remove duplicate validation path

3.5.0 / 2016-09-09

  • deps: finalhandler@0.5.0
    • Change invalid or non-numeric status code to 500
    • Overwrite status message to match set status code
    • Prefer err.statusCode if err.status is invalid
    • Set response headers from err.headers object
    • Use statuses instead of http module for status messages

3.4.1 / 2016-01-23

  • deps: finalhandler@0.4.1
    • deps: escape-html@~1.0.3
  • deps: parseurl@~1.3.1
    • perf: enable strict mode

3.4.0 / 2015-06-18

  • deps: debug@~2.2.0
    • deps: ms@0.7.1
  • deps: finalhandler@0.4.0
    • Fix a false-positive when unpiping in Node.js 0.8
    • Support statusCode property on Error objects
    • Use unpipe module for unpiping requests
    • deps: debug@~2.2.0
    • deps: escape-html@1.0.2
    • deps: on-finished@~2.3.0
    • perf: enable strict mode
    • perf: remove argument reassignment
  • perf: enable strict mode
  • perf: remove argument reassignments

3.3.5 / 2015-03-16

  • deps: debug@~2.1.3
    • Fix high intensity foreground color for bold
    • deps: ms@0.7.0
  • deps: finalhandler@0.3.4
    • deps: debug@~2.1.3

3.3.4 / 2015-01-07

  • deps: debug@~2.1.1
  • deps: finalhandler@0.3.3
    • deps: debug@~2.1.1
    • deps: on-finished@~2.2.0

3.3.3 / 2014-11-09

  • Correctly invoke async callback asynchronously

3.3.2 / 2014-10-28

  • Fix handling of URLs containing :// in the path

3.3.1 / 2014-10-22

  • deps: finalhandler@0.3.2
    • deps: on-finished@~2.1.1

3.3.0 / 2014-10-17

  • deps: debug@~2.1.0
    • Implement DEBUG_FD env variable support
  • deps: finalhandler@0.3.1
    • Terminate in progress response only on error
    • Use on-finished to determine request status
    • deps: debug@~2.1.0

3.2.0 / 2014-09-08

  • deps: debug@~2.0.0
  • deps: finalhandler@0.2.0
    • Set X-Content-Type-Options: nosniff header
    • deps: debug@~2.0.0

3.1.1 / 2014-08-10

  • deps: parseurl@~1.3.0

3.1.0 / 2014-07-22

  • deps: debug@1.0.4
  • deps: finalhandler@0.1.0
    • Respond after request fully read
    • deps: debug@1.0.4
  • deps: parseurl@~1.2.0
    • Cache URLs based on original value
    • Remove no-longer-needed URL mis-parse work-around
    • Simplify the "fast-path" RegExp
  • perf: reduce executed logic in routing
  • perf: refactor location of try block

3.0.2 / 2014-07-10

  • deps: debug@1.0.3
    • Add support for multiple wildcards in namespaces
  • deps: parseurl@~1.1.3
    • faster parsing of href-only URLs

3.0.1 / 2014-06-19

  • use finalhandler for final response handling
  • deps: debug@1.0.2

3.0.0 / 2014-05-29

  • No changes

3.0.0-rc.2 / 2014-05-04

  • Call error stack even when response has been sent
  • Prevent default 404 handler after response sent
  • dep: debug@0.8.1
  • encode stack in HTML for default error handler
  • remove proto export

3.0.0-rc.1 / 2014-03-06

  • move middleware to separate repos
  • remove docs
  • remove node patches
  • remove connect(middleware...)
  • remove the old connect.createServer() method
  • remove various private connect.utils functions
  • drop node.js 0.8 support

2.30.2 / 2015-07-31

  • deps: body-parser@~1.13.3
    • deps: type-is@~1.6.6
  • deps: compression@~1.5.2
    • deps: accepts@~1.2.12
    • deps: compressible@~2.0.5
    • deps: vary@~1.0.1
  • deps: errorhandler@~1.4.2
    • deps: accepts@~1.2.12
  • deps: method-override@~2.3.5
    • deps: vary@~1.0.1
    • perf: enable strict mode
  • deps: serve-index@~1.7.2
    • deps: accepts@~1.2.12
    • deps: mime-types@~2.1.4
  • deps: type-is@~1.6.6
    • deps: mime-types@~2.1.4
  • deps: vhost@~3.0.1
    • perf: enable strict mode

2.30.1 / 2015-07-05

  • deps: body-parser@~1.13.2
    • deps: iconv-lite@0.4.11
    • deps: qs@4.0.0
    • deps: raw-body@~2.1.2
    • deps: type-is@~1.6.4
  • deps: compression@~1.5.1
    • deps: accepts@~1.2.10
    • deps: compressible@~2.0.4
  • deps: errorhandler@~1.4.1
    • deps: accepts@~1.2.10
  • deps: qs@4.0.0
    • Fix dropping parameters like hasOwnProperty
    • Fix various parsing edge cases
  • deps: morgan@~1.6.1
    • deps: basic-auth@~1.0.3
  • deps: pause@0.1.0
    • Re-emit events with all original arguments
    • Refactor internals
    • perf: enable strict mode
  • deps: serve-index@~1.7.1
    • deps: accepts@~1.2.10
    • deps: mime-types@~2.1.2
  • deps: type-is@~1.6.4
    • deps: mime-types@~2.1.2
    • perf: enable strict mode
    • perf: remove argument reassignment

2.30.0 / 2015-06-18

  • deps: body-parser@~1.13.1
    • Add statusCode property on Errors, in addition to status
    • Change type default to application/json for JSON parser
    • Change type default to application/x-www-form-urlencoded for urlencoded parser
    • Provide static require analysis
    • Use the http-errors module to generate errors
    • deps: bytes@2.1.0
    • deps: iconv-lite@0.4.10
    • deps: on-finished@~2.3.0
    • deps: raw-body@~2.1.1
    • deps: type-is@~1.6.3
    • perf: enable strict mode
    • perf: remove argument reassignment
    • perf: remove delete call
  • deps: bytes@2.1.0
    • Slight optimizations
    • Units no longer case sensitive when parsing
  • deps: compression@~1.5.0
    • Fix return value from .end and .write after end
    • Improve detection of zero-length body without Content-Length
    • deps: accepts@~1.2.9
    • deps: bytes@2.1.0
    • deps: compressible@~2.0.3
    • perf: enable strict mode
    • perf: remove flush reassignment
    • perf: simplify threshold detection
  • deps: cookie@0.1.3
    • Slight optimizations
  • deps: cookie-parser@~1.3.5
    • deps: cookie@0.1.3
  • deps: csurf@~1.8.3
    • Add sessionKey option
    • deps: cookie@0.1.3
    • deps: csrf@~3.0.0
  • deps: errorhandler@~1.4.0
    • Add charset to the Content-Type header
    • Support statusCode property on Error objects
    • deps: accepts@~1.2.9
    • deps: escape-html@1.0.2
  • deps: express-session@~1.11.3
    • Support an array in secret option for key rotation
    • deps: cookie@0.1.3
    • deps: crc@3.3.0
    • deps: debug@~2.2.0
    • deps: depd@~1.0.1
    • deps: uid-safe@~2.0.0
  • deps: finalhandler@0.4.0
    • Fix a false-positive when unpiping in Node.js 0.8
    • Support statusCode property on Error objects
    • Use unpipe module for unpiping requests
    • deps: escape-html@1.0.2
    • deps: on-finished@~2.3.0
    • perf: enable strict mode
    • perf: remove argument reassignment
  • deps: fresh@0.3.0
    • Add weak ETag matching support
  • deps: morgan@~1.6.0
    • Add morgan.compile(format) export
    • Do not color 1xx status codes in dev format
    • Fix response-time token to not include response latency
    • Fix status token incorrectly displaying before response in dev format
    • Fix token return values to be undefined or a string
    • Improve representation of multiple headers in req and res tokens
    • Use res.getHeader in res token
    • deps: basic-auth@~1.0.2
    • deps: on-finished@~2.3.0
    • pref: enable strict mode
    • pref: reduce function closure scopes
    • pref: remove dynamic compile on every request for dev format
    • pref: remove an argument reassignment
    • pref: skip function call without skip option
  • deps: serve-favicon@~2.3.0
    • Send non-chunked response for OPTIONS
    • deps: etag@~1.7.0
    • deps: fresh@0.3.0
    • perf: enable strict mode
    • perf: remove argument reassignment
    • perf: remove bitwise operations
  • deps: serve-index@~1.7.0
    • Accept function value for template option
    • Send non-chunked response for OPTIONS
    • Stat parent directory when necessary
    • Use Date.prototype.toLocaleDateString to format date
    • deps: accepts@~1.2.9
    • deps: escape-html@1.0.2
    • deps: mime-types@~2.1.1
    • perf: enable strict mode
    • perf: remove argument reassignment
  • deps: serve-static@~1.10.0
    • Add fallthrough option
    • Fix reading options from options prototype
    • Improve the default redirect response headers
    • Malformed URLs now next() instead of 400
    • deps: escape-html@1.0.2
    • deps: send@0.13.0
    • perf: enable strict mode
    • perf: remove argument reassignment
  • deps: type-is@~1.6.3
    • deps: mime-types@~2.1.1
    • perf: reduce try block size
    • perf: remove bitwise operations

2.29.2 / 2015-05-14

  • deps: body-parser@~1.12.4
    • Slight efficiency improvement when not debugging
    • deps: debug@~2.2.0
    • deps: depd@~1.0.1
    • deps: iconv-lite@0.4.8
    • deps: on-finished@~2.2.1
    • deps: qs@2.4.2
    • deps: raw-body@~2.0.1
    • deps: type-is@~1.6.2
  • deps: compression@~1.4.4
    • deps: accepts@~1.2.7
    • deps: debug@~2.2.0
  • deps: connect-timeout@~1.6.2
    • deps: debug@~2.2.0
    • deps: ms@0.7.1
  • deps: debug@~2.2.0
    • deps: ms@0.7.1
  • deps: depd@~1.0.1
  • deps: errorhandler@~1.3.6
    • deps: accepts@~1.2.7
  • deps: finalhandler@0.3.6
    • deps: debug@~2.2.0
    • deps: on-finished@~2.2.1
  • deps: method-override@~2.3.3
    • deps: debug@~2.2.0
  • deps: morgan@~1.5.3
    • deps: basic-auth@~1.0.1
    • deps: debug@~2.2.0
    • deps: depd@~1.0.1
    • deps: on-finished@~2.2.1
  • deps: qs@2.4.2
  • Fix allowing parameters like constructor
  • deps: response-time@~2.3.1
    • deps: depd@~1.0.1
  • deps: serve-favicon@~2.2.1
    • deps: etag@~1.6.0
    • deps: ms@0.7.1
  • deps: serve-index@~1.6.4
    • deps: accepts@~1.2.7
    • deps: debug@~2.2.0
    • deps: mime-types@~2.0.11
  • deps: serve-static@~1.9.3
    • deps: send@0.12.3
  • deps: type-is@~1.6.2
    • deps: mime-types@~2.0.11

2.29.1 / 2015-03-16

  • deps: body-parser@~1.12.2
    • deps: debug@~2.1.3
    • deps: qs@2.4.1
    • deps: type-is@~1.6.1
  • deps: compression@~1.4.3
    • Fix error when code calls res.end(str, encoding)
    • deps: accepts@~1.2.5
    • deps: debug@~2.1.3
  • deps: connect-timeout@~1.6.1
    • deps: debug@~2.1.3
  • deps: debug@~2.1.3
    • Fix high intensity foreground color for bold
    • deps: ms@0.7.0
  • deps: errorhandler@~1.3.5
    • deps: accepts@~1.2.5
  • deps: express-session@~1.10.4
    • deps: debug@~2.1.3
  • deps: finalhandler@0.3.4
    • deps: debug@~2.1.3
  • deps: method-override@~2.3.2
    • deps: debug@~2.1.3
  • deps: morgan@~1.5.2
    • deps: debug@~2.1.3
  • deps: qs@2.4.1
    • Fix error when parameter hasOwnProperty is present
  • deps: serve-index@~1.6.3
    • Properly escape file names in HTML
    • deps: accepts@~1.2.5
    • deps: debug@~2.1.3
    • deps: escape-html@1.0.1
    • deps: mime-types@~2.0.10
  • deps: serve-static@~1.9.2
    • deps: send@0.12.2
  • deps: type-is@~1.6.1
    • deps: mime-types@~2.0.10

2.29.0 / 2015-02-17

  • Use content-type to parse Content-Type headers
  • deps: body-parser@~1.12.0
    • add debug messages
    • accept a function for the type option
    • make internal extended: true depth limit infinity
    • use content-type to parse Content-Type headers
    • deps: iconv-lite@0.4.7
    • deps: raw-body@1.3.3
    • deps: type-is@~1.6.0
  • deps: compression@~1.4.1
    • Prefer gzip over deflate on the server
    • deps: accepts@~1.2.4
  • deps: connect-timeout@~1.6.0
    • deps: http-errors@~1.3.1
  • deps: cookie-parser@~1.3.4
    • deps: cookie-signature@1.0.6
  • deps: cookie-signature@1.0.6
  • deps: csurf@~1.7.0
    • Accept CSRF-Token and XSRF-Token request headers
    • Default cookie.path to '/', if using cookies
    • deps: cookie-signature@1.0.6
    • deps: csrf@~2.0.6
    • deps: http-errors@~1.3.1
  • deps: errorhandler@~1.3.4
    • deps: accepts@~1.2.4
  • deps: express-session@~1.10.3
    • deps: cookie-signature@1.0.6
    • deps: uid-safe@1.1.0
  • deps: http-errors@~1.3.1
    • Construct errors using defined constructors from createError
    • Fix error names that are not identifiers
    • Set a meaningful name property on constructed errors
  • deps: response-time@~2.3.0
    • Add function argument to support recording of response time
  • deps: serve-index@~1.6.2
    • deps: accepts@~1.2.4
    • deps: http-errors@~1.3.1
    • deps: mime-types@~2.0.9
  • deps: serve-static@~1.9.1
    • deps: send@0.12.1
  • deps: type-is@~1.6.0
    • fix argument reassignment
    • fix false-positives in hasBody Transfer-Encoding check
    • support wildcard for both type and subtype (*/*)
    • deps: mime-types@~2.0.9

2.28.3 / 2015-01-31

  • deps: compression@~1.3.1
    • deps: accepts@~1.2.3
    • deps: compressible@~2.0.2
  • deps: csurf@~1.6.6
    • deps: csrf@~2.0.5
  • deps: errorhandler@~1.3.3
    • deps: accepts@~1.2.3
  • deps: express-session@~1.10.2
    • deps: uid-safe@1.0.3
  • deps: serve-index@~1.6.1
    • deps: accepts@~1.2.3
    • deps: mime-types@~2.0.8
  • deps: type-is@~1.5.6
    • deps: mime-types@~2.0.8

2.28.2 / 2015-01-20

  • deps: body-parser@~1.10.2
    • deps: iconv-lite@0.4.6
    • deps: raw-body@1.3.2
  • deps: serve-static@~1.8.1
    • Fix redirect loop in Node.js 0.11.14
    • Fix root path disclosure
    • deps: send@0.11.1

2.28.1 / 2015-01-08

  • deps: csurf@~1.6.5
    • deps: csrf@~2.0.4
  • deps: express-session@~1.10.1
    • deps: uid-safe@~1.0.2

2.28.0 / 2015-01-05

  • deps: body-parser@~1.10.1
    • Make internal extended: true array limit dynamic
    • deps: on-finished@~2.2.0
    • deps: type-is@~1.5.5
  • deps: compression@~1.3.0
    • Export the default filter function for wrapping
    • deps: accepts@~1.2.2
    • deps: debug@~2.1.1
  • deps: connect-timeout@~1.5.0
    • deps: debug@~2.1.1
    • deps: http-errors@~1.2.8
    • deps: ms@0.7.0
  • deps: csurf@~1.6.4
    • deps: csrf@~2.0.3
    • deps: http-errors@~1.2.8
  • deps: debug@~2.1.1
  • deps: errorhandler@~1.3.2
    • Add log option
    • Fix heading content to not include stack
    • deps: accepts@~1.2.2
  • deps: express-session@~1.10.0
    • Add store.touch interface for session stores
    • Fix MemoryStore expiration with resave: false
    • deps: debug@~2.1.1
  • deps: finalhandler@0.3.3
    • deps: debug@~2.1.1
    • deps: on-finished@~2.2.0
  • deps: method-override@~2.3.1
    • deps: debug@~2.1.1
    • deps: methods@~1.1.1
  • deps: morgan@~1.5.1
    • Add multiple date formats clf, iso, and web
    • Deprecate buffer option
    • Fix date format in common and combined formats
    • Fix token arguments to accept values with "
    • deps: debug@~2.1.1
    • deps: on-finished@~2.2.0
  • deps: serve-favicon@~2.2.0
    • Support query string in the URL
    • deps: etag@~1.5.1
    • deps: ms@0.7.0
  • deps: serve-index@~1.6.0
    • Add link to root directory
    • deps: accepts@~1.2.2
    • deps: batch@0.5.2
    • deps: debug@~2.1.1
    • deps: mime-types@~2.0.7
  • deps: serve-static@~1.8.0
    • Fix potential open redirect when mounted at root
    • deps: send@0.11.0
  • deps: type-is@~1.5.5
    • deps: mime-types@~2.0.7

2.27.6 / 2014-12-10

  • deps: serve-index@~1.5.3
    • deps: accepts@~1.1.4
    • deps: http-errors@~1.2.8
    • deps: mime-types@~2.0.4

2.27.5 / 2014-12-10

  • deps: compression@~1.2.2
    • Fix .end to only proxy to .end
    • deps: accepts@~1.1.4
  • deps: express-session@~1.9.3
    • Fix error when req.sessionID contains a non-string value
  • deps: http-errors@~1.2.8
    • Fix stack trace from exported function
    • Remove arguments.callee usage
  • deps: serve-index@~1.5.2
    • Fix icon name background alignment on mobile view
  • deps: type-is@~1.5.4
    • deps: mime-types@~2.0.4

2.27.4 / 2014-11-23

  • deps: body-parser@~1.9.3
    • deps: iconv-lite@0.4.5
    • deps: qs@2.3.3
    • deps: raw-body@1.3.1
    • deps: type-is@~1.5.3
  • deps: compression@~1.2.1
    • deps: accepts@~1.1.3
  • deps: errorhandler@~1.2.3
    • deps: accepts@~1.1.3
  • deps: express-session@~1.9.2
    • deps: crc@3.2.1
  • deps: qs@2.3.3
    • Fix arrayLimit behavior
  • deps: serve-favicon@~2.1.7
    • Avoid errors from enumerables on Object.prototype
  • deps: serve-index@~1.5.1
    • deps: accepts@~1.1.3
    • deps: mime-types@~2.0.3
  • deps: type-is@~1.5.3
    • deps: mime-types@~2.0.3

2.27.3 / 2014-11-09

  • Correctly invoke async callback asynchronously
  • deps: csurf@~1.6.3
    • bump csrf
    • bump http-errors

2.27.2 / 2014-10-28

  • Fix handling of URLs containing :// in the path
  • deps: body-parser@~1.9.2
    • deps: qs@2.3.2
  • deps: qs@2.3.2
    • Fix parsing of mixed objects and values

2.27.1 / 2014-10-22

  • deps: body-parser@~1.9.1
    • deps: on-finished@~2.1.1
    • deps: qs@2.3.0
    • deps: type-is@~1.5.2
  • deps: express-session@~1.9.1
    • Remove unnecessary empty write call
  • deps: finalhandler@0.3.2
    • deps: on-finished@~2.1.1
  • deps: morgan@~1.4.1
    • deps: on-finished@~2.1.1
  • deps: qs@2.3.0
    • Fix parsing of mixed implicit and explicit arrays
  • deps: serve-static@~1.7.1
    • deps: send@0.10.1

2.27.0 / 2014-10-16

  • Use http-errors module for creating errors
  • Use utils-merge module for merging objects
  • deps: body-parser@~1.9.0
    • include the charset in "unsupported charset" error message
    • include the encoding in "unsupported content encoding" error message
    • deps: depd@~1.0.0
  • deps: compression@~1.2.0
    • deps: debug@~2.1.0
  • deps: connect-timeout@~1.4.0
    • Create errors with http-errors
    • deps: debug@~2.1.0
  • deps: debug@~2.1.0
    • Implement DEBUG_FD env variable support
  • deps: depd@~1.0.0
  • deps: express-session@~1.9.0
    • deps: debug@~2.1.0
    • deps: depd@~1.0.0
  • deps: finalhandler@0.3.1
    • Terminate in progress response only on error
    • Use on-finished to determine request status
    • deps: debug@~2.1.0
  • deps: method-override@~2.3.0
    • deps: debug@~2.1.0
  • deps: morgan@~1.4.0
    • Add debug messages
    • deps: depd@~1.0.0
  • deps: response-time@~2.2.0
    • Add header option for custom header name
    • Add suffix option
    • Change digits argument to an options argument
    • deps: depd@~1.0.0
  • deps: serve-favicon@~2.1.6
    • deps: etag@~1.5.0
  • deps: serve-index@~1.5.0
    • Add dir argument to filter function
    • Add icon for mkv files
    • Create errors with http-errors
    • Fix incorrect 403 on Windows and Node.js 0.11
    • Lookup icon by mime type for greater icon support
    • Support using tokens multiple times
    • deps: accepts@~1.1.2
    • deps: debug@~2.1.0
    • deps: mime-types@~2.0.2
  • deps: serve-static@~1.7.0
    • deps: send@0.10.0

2.26.6 / 2014-10-15

  • deps: compression@~1.1.2
    • deps: accepts@~1.1.2
    • deps: compressible@~2.0.1
  • deps: csurf@~1.6.2
    • bump http-errors
    • fix cookie name when using cookie: true
  • deps: errorhandler@~1.2.2
    • deps: accepts@~1.1.2

2.26.5 / 2014-10-08

  • Fix accepting non-object arguments to logger
  • deps: serve-static@~1.6.4
    • Fix redirect loop when index file serving disabled

2.26.4 / 2014-10-02

  • deps: morgan@~1.3.2
    • Fix req.ip integration when immediate: false
  • deps: type-is@~1.5.2
    • deps: mime-types@~2.0.2

2.26.3 / 2014-09-24

  • deps: body-parser@~1.8.4
    • fix content encoding to be case-insensitive
  • deps: serve-favicon@~2.1.5
    • deps: etag@~1.4.0
  • deps: serve-static@~1.6.3
    • deps: send@0.9.3

2.26.2 / 2014-09-19

  • deps: body-parser@~1.8.3
    • deps: qs@2.2.4
  • deps: qs@2.2.4
    • Fix issue with object keys starting with numbers truncated

2.26.1 / 2014-09-15

  • deps: body-parser@~1.8.2
    • deps: depd@0.4.5
  • deps: depd@0.4.5
  • deps: express-session@~1.8.2
    • Use crc instead of buffer-crc32 for speed
    • deps: depd@0.4.5
  • deps: morgan@~1.3.1
    • Remove un-used bytes dependency
    • deps: depd@0.4.5
  • deps: serve-favicon@~2.1.4
    • Fix content headers being sent in 304 response
    • deps: etag@~1.3.1
  • deps: serve-static@~1.6.2
    • deps: send@0.9.2

2.26.0 / 2014-09-08

  • deps: body-parser@~1.8.1
    • add parameterLimit option to urlencoded parser
    • change urlencoded extended array limit to 100
    • make empty-body-handling consistent between chunked requests
    • respond with 415 when over parameterLimit in urlencoded
    • deps: media-typer@0.3.0
    • deps: qs@2.2.3
    • deps: type-is@~1.5.1
  • deps: compression@~1.1.0
    • deps: accepts@~1.1.0
    • deps: compressible@~2.0.0
    • deps: debug@~2.0.0
  • deps: connect-timeout@~1.3.0
    • deps: debug@~2.0.0
  • deps: cookie-parser@~1.3.3
    • deps: cookie-signature@1.0.5
  • deps: cookie-signature@1.0.5
  • deps: csurf@~1.6.1
    • add ignoreMethods option
    • bump cookie-signature
    • csrf-tokens -> csrf
    • set code property on CSRF token errors
  • deps: debug@~2.0.0
  • deps: errorhandler@~1.2.0
    • Display error using util.inspect if no other representation
    • deps: accepts@~1.1.0
  • deps: express-session@~1.8.1
    • Do not resave already-saved session at end of request
    • Prevent session prototype methods from being overwritten
    • deps: cookie-signature@1.0.5
    • deps: debug@~2.0.0
  • deps: finalhandler@0.2.0
    • Set X-Content-Type-Options: nosniff header
    • deps: debug@~2.0.0
  • deps: fresh@0.2.4
  • deps: media-typer@0.3.0
    • Throw error when parameter format invalid on parse
  • deps: method-override@~2.2.0
    • deps: debug@~2.0.0
  • deps: morgan@~1.3.0
    • Assert if format is not a function or string
  • deps: qs@2.2.3
    • Fix issue where first empty value in array is discarded
  • deps: serve-favicon@~2.1.3
    • Accept string for maxAge (converted by ms)
    • Use etag to generate ETag header
    • deps: fresh@0.2.4
  • deps: serve-index@~1.2.1
    • Add debug messages
    • Resolve relative paths at middleware setup
    • deps: accepts@~1.1.0
  • deps: serve-static@~1.6.1
    • Add lastModified option
    • deps: send@0.9.1
  • deps: type-is@~1.5.1
    • fix hasbody to be true for content-length: 0
    • deps: media-typer@0.3.0
    • deps: mime-types@~2.0.1
  • deps: vhost@~3.0.0

2.25.10 / 2014-09-04

  • deps: serve-static@~1.5.4
    • deps: send@0.8.5

2.25.9 / 2014-08-29

  • deps: body-parser@~1.6.7
    • deps: qs@2.2.2
  • deps: qs@2.2.2

2.25.8 / 2014-08-27

  • deps: body-parser@~1.6.6
    • deps: qs@2.2.0
  • deps: csurf@~1.4.1
  • deps: qs@2.2.0
    • Array parsing fix
    • Performance improvements

2.25.7 / 2014-08-18

  • deps: body-parser@~1.6.5
    • deps: on-finished@2.1.0
  • deps: express-session@~1.7.6
    • Fix exception on res.end(null) calls
  • deps: morgan@~1.2.3
    • deps: on-finished@2.1.0
  • deps: serve-static@~1.5.3
    • deps: send@0.8.3

2.25.6 / 2014-08-14

  • deps: body-parser@~1.6.4
    • deps: qs@1.2.2
  • deps: qs@1.2.2
  • deps: serve-static@~1.5.2
    • deps: send@0.8.2

2.25.5 / 2014-08-11

  • Fix backwards compatibility in logger

2.25.4 / 2014-08-10

  • Fix query middleware breaking with argument
    • It never really took one in the first place
  • deps: body-parser@~1.6.3
    • deps: qs@1.2.1
  • deps: compression@~1.0.11
    • deps: on-headers@~1.0.0
    • deps: parseurl@~1.3.0
  • deps: connect-timeout@~1.2.2
    • deps: on-headers@~1.0.0
  • deps: express-session@~1.7.5
    • Fix parsing original URL
    • deps: on-headers@~1.0.0
    • deps: parseurl@~1.3.0
  • deps: method-override@~2.1.3
  • deps: on-headers@~1.0.0
  • deps: parseurl@~1.3.0
  • deps: qs@1.2.1
  • deps: response-time@~2.0.1
    • deps: on-headers@~1.0.0
  • deps: serve-index@~1.1.6
    • Fix URL parsing
  • deps: serve-static@~1.5.1
    • Fix parsing of weird req.originalUrl values
    • deps: parseurl@~1.3.0 = deps: utils-merge@1.0.0

2.25.3 / 2014-08-07

  • deps: multiparty@3.3.2
    • Fix potential double-callback

2.25.2 / 2014-08-07

  • deps: body-parser@~1.6.2
    • deps: qs@1.2.0
  • deps: qs@1.2.0
    • Fix parsing array of objects

2.25.1 / 2014-08-06

  • deps: body-parser@~1.6.1
    • deps: qs@1.1.0
  • deps: qs@1.1.0
    • Accept urlencoded square brackets
    • Accept empty values in implicit array notation

2.25.0 / 2014-08-05

  • deps: body-parser@~1.6.0
    • deps: qs@1.0.2
  • deps: compression@~1.0.10
    • Fix upper-case Content-Type characters prevent compression
    • deps: compressible@~1.1.1
  • deps: csurf@~1.4.0
    • Support changing req.session after csurf middleware
    • Calling res.csrfToken() after req.session.destroy() will now work
  • deps: express-session@~1.7.4
    • Fix res.end patch to call correct upstream res.write
    • Fix response end delay for non-chunked responses
  • deps: qs@1.0.2
    • Complete rewrite
    • Limits array length to 20
    • Limits object depth to 5
    • Limits parameters to 1,000
  • deps: serve-static@~1.5.0
    • Add extensions option
    • deps: send@0.8.1

2.24.3 / 2014-08-04

  • deps: serve-index@~1.1.5
    • Fix Content-Length calculation for multi-byte file names
    • deps: accepts@~1.0.7
  • deps: serve-static@~1.4.4
    • Fix incorrect 403 on Windows and Node.js 0.11
    • deps: send@0.7.4

2.24.2 / 2014-07-27

  • deps: body-parser@~1.5.2
  • deps: depd@0.4.4
    • Work-around v8 generating empty stack traces
  • deps: express-session@~1.7.2
  • deps: morgan@~1.2.2
  • deps: serve-static@~1.4.2

2.24.1 / 2014-07-26

  • deps: body-parser@~1.5.1
  • deps: depd@0.4.3
    • Fix exception when global Error.stackTraceLimit is too low
  • deps: express-session@~1.7.1
  • deps: morgan@~1.2.1
  • deps: serve-index@~1.1.4
  • deps: serve-static@~1.4.1

2.24.0 / 2014-07-22

  • deps: body-parser@~1.5.0
    • deps: depd@0.4.2
    • deps: iconv-lite@0.4.4
    • deps: raw-body@1.3.0
    • deps: type-is@~1.3.2
  • deps: compression@~1.0.9
    • Add debug messages
    • deps: accepts@~1.0.7
  • deps: connect-timeout@~1.2.1
    • Accept string for time (converted by ms)
    • deps: debug@1.0.4
  • deps: debug@1.0.4
  • deps: depd@0.4.2
    • Add TRACE_DEPRECATION environment variable
    • Remove non-standard grey color from color output
    • Support --no-deprecation argument
    • Support --trace-deprecation argument
  • deps: express-session@~1.7.0
    • Improve session-ending error handling
    • deps: debug@1.0.4
    • deps: depd@0.4.2
  • deps: finalhandler@0.1.0
    • Respond after request fully read
    • deps: debug@1.0.4
  • deps: method-override@~2.1.2
    • deps: debug@1.0.4
    • deps: parseurl@~1.2.0
  • deps: morgan@~1.2.0
    • Add :remote-user token
    • Add combined log format
    • Add common log format
    • Remove non-standard grey color from dev format
  • deps: multiparty@3.3.1
  • deps: parseurl@~1.2.0
    • Cache URLs based on original value
    • Remove no-longer-needed URL mis-parse work-around
    • Simplify the "fast-path" RegExp
  • deps: serve-static@~1.4.0
    • Add dotfiles option
    • deps: parseurl@~1.2.0
    • deps: send@0.7.0

2.23.0 / 2014-07-10

  • deps: debug@1.0.3
    • Add support for multiple wildcards in namespaces
  • deps: express-session@~1.6.4
  • deps: method-override@~2.1.0
    • add simple debug output
    • deps: methods@1.1.0
    • deps: parseurl@~1.1.3
  • deps: parseurl@~1.1.3
    • faster parsing of href-only URLs
  • deps: serve-static@~1.3.1
    • deps: parseurl@~1.1.3

2.22.0 / 2014-07-03

  • deps: csurf@~1.3.0
    • Fix cookie.signed option to actually sign cookie
  • deps: express-session@~1.6.1
    • Fix res.end patch to return correct value
    • Fix res.end patch to handle multiple res.end calls
    • Reject cookies with missing signatures
  • deps: multiparty@3.3.0
    • Always emit close after all parts ended
    • Fix callback hang in node.js 0.8 on errors
  • deps: serve-static@~1.3.0
    • Accept string for maxAge (converted by ms)
    • Add setHeaders option
    • Include HTML link in redirect response
    • deps: send@0.5.0

2.21.1 / 2014-06-26

  • deps: cookie-parser@1.3.2
    • deps: cookie-signature@1.0.4
  • deps: cookie-signature@1.0.4
    • fix for timing attacks
  • deps: express-session@~1.5.2
    • deps: cookie-signature@1.0.4
  • deps: type-is@~1.3.2
    • more mime types

2.21.0 / 2014-06-20

  • deprecate connect(middleware) -- use app.use(middleware) instead
  • deprecate connect.createServer() -- use connect() instead
  • fix res.setHeader() patch to work with get -> append -> set pattern
  • deps: compression@~1.0.8
  • deps: errorhandler@~1.1.1
  • deps: express-session@~1.5.0
    • Deprecate integration with cookie-parser middleware
    • Deprecate looking for secret in req.secret
    • Directly read cookies; cookie-parser no longer required
    • Directly set cookies; res.cookie no longer required
    • Generate session IDs with uid-safe, faster and even less collisions
  • deps: serve-index@~1.1.3

2.20.2 / 2014-06-19

  • deps: body-parser@1.4.3
    • deps: type-is@1.3.1

2.20.1 / 2014-06-19

  • deps: type-is@1.3.1
    • fix global variable leak

2.20.0 / 2014-06-19

  • deprecate verify option to json -- use body-parser npm module instead
  • deprecate verify option to urlencoded -- use body-parser npm module instead
  • deprecate things with depd module
  • use finalhandler for final response handling
  • use media-typer to parse content-type for charset
  • deps: body-parser@1.4.2
    • check accepted charset in content-type (accepts utf-8)
    • check accepted encoding in content-encoding (accepts identity)
    • deprecate urlencoded() without provided extended option
    • lazy-load urlencoded parsers
    • support gzip and deflate bodies
    • set inflate: false to turn off
    • deps: raw-body@1.2.2
    • deps: type-is@1.3.0
    • Support all encodings from iconv-lite
  • deps: connect-timeout@1.1.1
    • deps: debug@1.0.2
  • deps: cookie-parser@1.3.1
    • export parsing functions
    • req.cookies and req.signedCookies are now plain objects
    • slightly faster parsing of many cookies
  • deps: csurf@1.2.2
  • deps: errorhandler@1.1.0
    • Display error on console formatted like throw
    • Escape HTML in stack trace
    • Escape HTML in title
    • Fix up edge cases with error sent in response
    • Set X-Content-Type-Options: nosniff header
    • Use accepts for negotiation
  • deps: express-session@1.4.0
    • Add genid option to generate custom session IDs
    • Add saveUninitialized option to control saving uninitialized sessions
    • Add unset option to control unsetting req.session
    • Generate session IDs with rand-token by default; reduce collisions
    • Integrate with express "trust proxy" by default
    • deps: buffer-crc32@0.2.3
    • deps: debug@1.0.2
  • deps: multiparty@3.2.9
  • deps: serve-index@1.1.2
    • deps: batch@0.5.1
  • deps: type-is@1.3.0
    • improve type parsing
  • deps: vhost@2.0.0
    • Accept RegExp object for hostname
    • Provide req.vhost object
    • Support IPv6 literal in Host header

2.19.6 / 2014-06-11

  • deps: body-parser@1.3.1
    • deps: type-is@1.2.1
  • deps: compression@1.0.7
    • use vary module for better Vary behavior
    • deps: accepts@1.0.3
    • deps: compressible@1.1.0
  • deps: debug@1.0.2
  • deps: serve-index@1.1.1
    • deps: accepts@1.0.3
  • deps: serve-static@1.2.3
    • Do not throw un-catchable error on file open race condition
    • deps: send@0.4.3

2.19.5 / 2014-06-09

  • deps: csurf@1.2.1
    • refactor to use csrf-tokens@~1.0.2
  • deps: debug@1.0.1
  • deps: serve-static@1.2.2
    • fix "event emitter leak" warnings
    • deps: send@0.4.2
  • deps: type-is@1.2.1
    • Switch dependency from mime to mime-types@1.0.0

2.19.4 / 2014-06-05

  • deps: errorhandler@1.0.2
    • Pass on errors from reading error files
  • deps: method-override@2.0.2
    • use vary module for better Vary behavior
  • deps: serve-favicon@2.0.1
    • Reduce byte size of ETag header

2.19.3 / 2014-06-03

  • deps: compression@1.0.6
    • fix listeners for delayed stream creation
    • fix regression for certain stream.pipe(res) situations
    • fix regression when negotiation fails

2.19.2 / 2014-06-03

  • deps: compression@1.0.4
    • fix adding Vary when value stored as array
    • fix back-pressure behavior
    • fix length check for res.end

2.19.1 / 2014-06-02

  • fix deprecated utils.escape

2.19.0 / 2014-06-02

  • deprecate methodOverride() -- use method-override npm module instead
  • deps: body-parser@1.3.0
    • add extended option to urlencoded parser
  • deps: method-override@2.0.1
    • set Vary header
    • deps: methods@1.0.1
  • deps: multiparty@3.2.8
  • deps: response-time@2.0.0
    • add digits argument
    • do not override existing X-Response-Time header
    • timer not subject to clock drift
    • timer resolution down to nanoseconds
  • deps: serve-static@1.2.1
    • send max-age in Cache-Control in correct format
    • use escape-html for escaping
    • deps: send@0.4.1

2.18.0 / 2014-05-29

  • deps: compression@1.0.3
  • deps: serve-index@1.1.0
    • Fix content negotiation when no Accept header
    • Properly support all HTTP methods
    • Support vanilla node.js http servers
    • Treat ENAMETOOLONG as code 414
    • Use accepts for negotiation
  • deps: serve-static@1.2.0
    • Calculate ETag with md5 for reduced collisions
    • Fix wrong behavior when index file matches directory
    • Ignore stream errors after request ends
    • Skip directories in index file search
    • deps: send@0.4.0

2.17.3 / 2014-05-27

  • deps: express-session@1.2.1
    • Fix resave such that resave: true works

2.17.2 / 2014-05-27

  • deps: body-parser@1.2.2
    • invoke next(err) after request fully read
    • deps: raw-body@1.1.6
  • deps: method-override@1.0.2
    • Handle req.body key referencing array or object
    • Handle multiple HTTP headers

2.17.1 / 2014-05-21

  • fix res.charset appending charset when content-type has one

2.17.0 / 2014-05-20

  • deps: express-session@1.2.0
    • Add resave option to control saving unmodified sessions
  • deps: morgan@1.1.1
    • "dev" format will use same tokens as other formats
    • :response-time token is now empty when immediate used
    • :response-time token is now monotonic
    • :response-time token has precision to 1 μs
    • fix :status + immediate output in node.js 0.8
    • improve buffer option to prevent indefinite event loop holding
    • simplify method to get remote address
    • deps: bytes@1.0.0
  • deps: serve-index@1.0.3
    • Fix error from non-statable files in HTML view

2.16.2 / 2014-05-18

  • fix edge-case in res.appendHeader that would append in wrong order
  • deps: method-override@1.0.1

2.16.1 / 2014-05-17

  • remove usages of res.headerSent from core

2.16.0 / 2014-05-17

  • deprecate res.headerSent -- use res.headersSent
  • deprecate res.on("header") -- use on-headers module instead
  • fix connect.version to reflect the actual version
  • json: use body-parser
    • add type option
    • fix repeated limit parsing with every request
    • improve parser speed
  • urlencoded: use body-parser
    • add type option
    • fix repeated limit parsing with every request
  • dep: bytes@1.0.0
    • add negative support
  • dep: cookie-parser@1.1.0
    • deps: cookie@0.1.2
  • dep: csurf@1.2.0
    • add support for double-submit cookie
  • dep: express-session@1.1.0
    • Add name option; replacement for key option
    • Use setImmediate in MemoryStore for node.js >= 0.10

2.15.0 / 2014-05-04

  • Add simple res.cookie support
  • Add res.appendHeader
  • Call error stack even when response has been sent
  • Patch res.headerSent to return Boolean
  • Patch res.headersSent for node.js 0.8
  • Prevent default 404 handler after response sent
  • dep: compression@1.0.2
    • support headers given to res.writeHead
    • deps: bytes@0.3.0
    • deps: negotiator@0.4.3
  • dep: connect-timeout@1.1.0
    • Add req.timedout property
    • Add respond option to constructor
    • Clear timer on socket destroy
    • deps: debug@0.8.1
  • dep: debug@^0.8.0
    • add enable() method
    • change from stderr to stdout
  • dep: errorhandler@1.0.1
    • Clean up error CSS
    • Do not respond after headers sent
  • dep: express-session@1.0.4
    • Remove import of setImmediate
    • Use res.cookie() instead of res.setHeader()
    • deps: cookie@0.1.2
    • deps: debug@0.8.1
  • dep: morgan@1.0.1
    • Make buffer unique per morgan instance
    • deps: bytes@0.3.0
  • dep: serve-favicon@2.0.0
    • Accept Buffer of icon as first argument
    • Non-GET and HEAD requests are denied
    • Send valid max-age value
    • Support conditional requests
    • Support max-age=0
    • Support OPTIONS method
    • Throw if path argument is directory
  • dep: serve-index@1.0.2
    • Add stylesheet option
    • deps: negotiator@0.4.3

2.14.5 / 2014-04-24

  • dep: raw-body@1.1.4
    • allow true as an option
    • deps: bytes@0.3.0
  • dep: serve-static@1.1.0
    • Accept options directly to send module
    • deps: send@0.3.0

2.14.4 / 2014-04-07

  • dep: bytes@0.3.0
    • added terabyte support
  • dep: csurf@1.1.0
    • add constant-time string compare
  • dep: serve-static@1.0.4
    • Resolve relative paths at middleware setup
    • Use parseurl to parse the URL from request
  • fix node.js 0.8 compatibility with memory session

2.14.3 / 2014-03-18

  • dep: static-favicon@1.0.2
    • Fixed content of default icon

2.14.2 / 2014-03-11

  • dep: static-favicon@1.0.1
    • Fixed path to default icon

2.14.1 / 2014-03-06

  • dep: fresh@0.2.2
    • no real changes
  • dep: serve-index@1.0.1
    • deps: negotiator@0.4.2
  • dep: serve-static@1.0.2
    • deps: send@0.2.0

2.14.0 / 2014-03-05

  • basicAuth: use basic-auth-connect
  • cookieParser: use cookie-parser
  • compress: use compression
  • csrf: use csurf
  • dep: cookie-signature@1.0.3
  • directory: use serve-index
  • errorHandler: use errorhandler
  • favicon: use static-favicon
  • logger: use morgan
  • methodOverride: use method-override
  • responseTime: use response-time
  • session: use express-session
  • static: use serve-static
  • timeout: use connect-timeout
  • vhost: use vhost

2.13.1 / 2014-03-05

  • cookieSession: compare full value rather than crc32
  • deps: raw-body@1.1.3

2.13.0 / 2014-02-14

  • fix typo in memory store warning #974 @rvagg
  • compress: use compressible
  • directory: add template option #990 @gottaloveit @Earl-Brown
  • csrf: prevent deprecated warning with old sessions

2.12.0 / 2013-12-10

  • bump qs
  • directory: sort folders before files
  • directory: add folder icons
  • directory: de-duplicate icons, details/mobile views #968 @simov
  • errorHandler: end default 404 handler with a newline #972 @rlidwka
  • session: remove long cookie expire check #870 @undoZen

2.11.2 / 2013-12-01

  • bump raw-body

2.11.1 / 2013-11-27

  • bump raw-body
  • errorHandler: use res.setHeader() instead of res.writeHead() #949 @lo1tuma

2.11.0 / 2013-10-29

  • update bytes
  • update uid2
  • update negotiator
  • sessions: add rolling session option #944 @ilmeo
  • sessions: property set cookies when given FQDN
  • cookieSessions: properly set cookies when given FQDN #948 @bmancini55
  • proto: fix FQDN mounting when multiple handlers #945 @bmancini55

2.10.1 / 2013-10-23

  • fixed; fixed a bug with static middleware at root and trailing slashes #942 (@dougwilson)

2.10.0 / 2013-10-22

  • fixed: set headers written by writeHead before emitting 'header'
  • fixed: mounted path should ignore querystrings on FQDNs #940 (@dougwilson)
  • fixed: parsing protocol-relative URLs with @ as pathnames #938 (@dougwilson)
  • fixed: fix static directory redirect for mount's root #937 (@dougwilson)
  • fixed: setting set-cookie header when mixing arrays and strings #893 (@anuj123)
  • bodyParser: optional verify function for urlencoded and json parsers for signing request bodies
  • compress: compress checks content-length to check threshold
  • compress: expose res.flush() for flushing responses
  • cookieParser: pass options into node-cookie #803 (@cauldrath)
  • errorHandler: replace \ns with <br/>s in error handler

2.9.2 / 2013-10-18

  • warn about multiparty and limit middleware deprecation for v3
  • fix fully qualified domain name mounting. #920 (@dougwilson)
  • directory: Fix potential security issue with serving files outside the root. #929 (@dougwilson)
  • logger: store IP at beginning in case socket prematurely closes #930 (@dougwilson)

2.9.1 / 2013-10-15

  • update multiparty
  • compress: Set vary header only if Content-Type passes filter #904
  • directory: Fix directory middleware URI escaping #917 (@dougwilson)
  • directory: Fix directory seperators for Windows #914 (@dougwilson)
  • directory: Keep query string intact during directory redirect #913 (@dougwilson)
  • directory: Fix paths in links #730 (@JacksonTian)
  • errorHandler: Don't escape text/plain as HTML #875 (@johan)
  • logger: Write '0' instead of '-' when response time is zero #910 (@dougwilson)
  • logger: Log even when connections are aborted #760 (@dylanahsmith)
  • methodOverride: Check req.body is an object #907 (@kbjr)
  • multipart: Add .type back to file parts for backwards compatibility #912 (@dougwilson)
  • multipart: Allow passing options to the Multiparty constructor #902 (@niftylettuce)

2.9.0 / 2013-09-07

  • multipart: add docs regarding tmpfiles
  • multipart: add .name back to file parts
  • multipart: use multiparty instead of formidable

2.8.8 / 2013-09-02

  • csrf: change to math.random() salt and remove csrfToken() callback

2.8.7 / 2013-08-28

  • csrf: prevent salt generation on every request, and add async req.csrfToken(fn)

2.8.6 / 2013-08-28

  • csrf: refactor to use HMAC tokens (BREACH attack)
  • compress: add compression of SVG and common font files by default.

2.8.5 / 2013-08-11

  • add: compress Dart source files by default
  • update fresh

2.8.4 / 2013-07-08

  • update send

2.8.3 / 2013-07-04

  • add a name back to static middleware ("staticMiddleware")
  • fix .hasBody() utility to require transfer-encoding or content-length

2.8.2 / 2013-07-03

  • update send
  • update cookie dep.
  • add better debug() for middleware
  • add whitelisting of supported methods to methodOverride()

2.8.1 / 2013-06-27

  • fix: escape req.method in 404 response

2.8.0 / 2013-06-26

  • add threshold option to compress() to prevent compression of small responses
  • add support for vendor JSON mime types in json()
  • add X-Forwarded-Proto initial https proxy support
  • change static redirect to 303
  • change octal escape sequences for strict mode
  • change: replace utils.uid() with uid2 lib
  • remove other "static" function name. Fixes #794
  • fix: hasBody() should return false if Content-Length: 0

2.7.11 / 2013-06-02

  • update send

2.7.10 / 2013-05-21

  • update qs
  • update formidable
  • fix: write/end to noop() when request aborted

2.7.9 / 2013-05-07

  • update qs
  • drop support for node < v0.8

2.7.8 / 2013-05-03

  • update qs

2.7.7 / 2013-04-29

  • update qs dependency
  • remove "static" function name. Closes #794
  • update node-formidable
  • update buffer-crc32

2.7.6 / 2013-04-15

  • revert cookie signature which was creating session race conditions

2.7.5 / 2013-04-12

  • update cookie-signature
  • limit: do not consume request in node 0.10.x

2.7.4 / 2013-04-01

  • session: add long expires check and prevent excess set-cookie
  • session: add console.error() of session#save() errors

2.7.3 / 2013-02-19

  • add name to compress middleware
  • add appending Accept-Encoding to Vary when set but missing
  • add tests for csrf middleware
  • add 'next' support for connect() server handler
  • change utils.uid() to return url-safe chars. Closes #753
  • fix treating '.' as a regexp in vhost()
  • fix duplicate bytes dep in package.json. Closes #743
  • fix #733 - parse x-forwarded-proto in a more generally compatibly way
  • revert "add support for next(status[, msg])"; makes composition hard

2.7.2 / 2013-01-04

  • add support for next(status[, msg]) back
  • add utf-8 meta tag to support foreign characters in filenames/directories
  • change timeout() 408 to 503
  • replace 'node-crc' with 'buffer-crc32', fixes licensing
  • fix directory.html IE support

2.7.1 / 2012-12-05

  • add directory() tests
  • add support for bodyParser to ignore Content-Type if no body is present (jquery primarily does this poorely)
  • fix errorHandler signature

2.7.0 / 2012-11-13

  • add support for leading JSON whitespace
  • add logging of req.ip when present
  • add basicAuth support for :-delimited string
  • update cookie module. Closes #688

2.6.2 / 2012-11-01

  • add debug() for disconnected session store
  • fix session regeneration bug. Closes #681

2.6.1 / 2012-10-25

  • add passing of connect.timeout() errors to next()
  • replace signature utils with cookie-signature module

2.6.0 / 2012-10-09

  • add defer option to multipart() [Blake Miner]
  • fix mount path case sensitivity. Closes #663
  • fix default of ascii encoding from logger(), now utf8. Closes #293

2.5.0 / 2012-09-27

  • add err.status = 400 to multipart() errors
  • add double-encoding protection to compress(). Closes #659
  • add graceful handling cookie parsing errors [shtylman]
  • fix typo X-Response-time to X-Response-Time

2.4.6 / 2012-09-18

  • update qs

2.4.5 / 2012-09-03

  • add session store "connect" / "disconnect" support [louischatriot]
  • fix :url log token

2.4.4 / 2012-08-21

  • fix static() pause regression from "send" integration

2.4.3 / 2012-08-07

  • fix .write() encoding for zlib inconstancy. Closes #561

2.4.2 / 2012-07-25

  • remove limit default from urlencoded()
  • remove limit default from json()
  • remove limit default from multipart()
  • fix cookieSession() clear cookie path / domain bug. Closes #636

2.4.1 / 2012-07-24

  • fix options mutation in static()

2.4.0 / 2012-07-23

  • add connect.timeout()
  • add GET / HEAD check to directory(). Closes #634
  • add "pause" util dep
  • update send dep for normalization bug

2.3.9 / 2012-07-16

  • add more descriptive invalid json error message
  • update send dep for root normalization regression
  • fix staticCache fresh dep

2.3.8 / 2012-07-12

  • fix connect.static() 404 regression, pass next(). Closes #629

2.3.7 / 2012-07-05

  • add json() utf-8 illustration test. Closes #621
  • add "send" dependency
  • change connect.static() internals to use "send"
  • fix session() req.session generation with pathname mismatch
  • fix cookieSession() req.session generation with pathname mismatch
  • fix mime export. Closes #618

2.3.6 / 2012-07-03

  • Fixed cookieSession() with cookieParser() secret regression. Closes #602
  • Fixed set-cookie header fields on cookie.path mismatch. Closes #615

2.3.5 / 2012-06-28

  • Remove logger() mount check
  • Fixed staticCache() dont cache responses with set-cookie. Closes #607
  • Fixed staticCache() when Cookie is present

2.3.4 / 2012-06-22

  • Added err.buf to urlencoded() and json()
  • Update cookie to 0.0.4. Closes #604
  • Fixed: only send 304 if original response in 2xx or 304 [timkuijsten]

2.3.3 / 2012-06-11

  • Added ETags back to static() [timkuijsten]
  • Replaced utils.parseRange() with range-parser module
  • Replaced utils.parseBytes() with bytes module
  • Replaced utils.modified() with fresh module
  • Fixed cookieSession() regression with invalid cookie signing [shtylman]

2.3.2 / 2012-06-08

  • expose mime module
  • Update crc dep (which bundled nodeunit)

2.3.1 / 2012-06-06

  • Added secret option to cookieSession middleware [shtylman]
  • Added secret option to session middleware [shtylman]
  • Added req.remoteUser back to basicAuth() as alias of req.user
  • Performance: improve signed cookie parsing
  • Update cookie dependency [shtylman]

2.3.0 / 2012-05-20

  • Added limit option to json()
  • Added limit option to urlencoded()
  • Added limit option to multipart()
  • Fixed: remove socket error event listener on callback
  • Fixed ENOTDIR error on static middleware

2.2.2 / 2012-05-07

  • Added support to csrf middle for pre-flight CORS requests
  • Updated engines to allow newer version of node
  • Removed duplicate repo prop. Closes #560

2.2.1 / 2012-04-28

  • Fixed static() redirect when mounted. Closes #554

2.2.0 / 2012-04-25

  • Added make benchmark
  • Perf: memoize url parsing (~20% increase)
  • Fixed connect(fn, fn2, ...). Closes #549

2.1.3 / 2012-04-20

  • Added optional json() reviver function to be passed to JSON.parse [jed]
  • Fixed: emit drain in compress middleware [nsabovic]

2.1.2 / 2012-04-11

  • Fixed cookieParser() req.cookies regression

2.1.1 / 2012-04-11

  • Fixed session() browser-session length cookies & examples
  • Fixed: make query() "self-aware" [jed]

2.1.0 / 2012-04-05

  • Added debug() calls to .use() (DEBUG=connect:displatcher)
  • Added urlencoded() support for GET
  • Added json() support for GET. Closes #497
  • Added strict option to json()
  • Changed: session() only set-cookie when modified
  • Removed Session#lastAccess property. Closes #399

2.0.3 / 2012-03-20

  • Added: cookieSession() only sets cookie on change. Closes #442
  • Added connect:dispatcher debug() probes

2.0.2 / 2012-03-04

  • Added test for ENAMETOOLONG now that node is fixed
  • Fixed static() index "/" check on windows. Closes #498
  • Fixed Content-Range behaviour to match RFC2616 [matthiasdg / visionmedia]

2.0.1 / 2012-02-29

  • Added test coverage for vhost() middleware
  • Changed cookieParser() signed cookie support to use SHA-2 [senotrusov]
  • Fixed static() Range: respond with 416 when unsatisfiable
  • Fixed vhost() middleware. Closes #494

2.0.0 / 2011-10-05

  • Added cookieSession() middleware for cookie-only sessions
  • Added compress() middleware for gzip / deflate support
  • Added session() "proxy" setting to trust X-Forwarded-Proto
  • Added json() middleware to parse "application/json"
  • Added urlencoded() middleware to parse "application/x-www-form-urlencoded"
  • Added multipart() middleware to parse "multipart/form-data"
  • Added cookieParser(secret) support so anything using this middleware may access signed cookies
  • Added signed cookie support to cookieParser()
  • Added support for JSON-serialized cookies to cookieParser()
  • Added err.status support in Connect's default end-point
  • Added X-Cache MISS / HIT to staticCache()
  • Added public res.headerSent checking nodes res._headerSent until node does
  • Changed basicAuth() req.remoteUser to req.user
  • Changed: default session() to a browser-session cookie. Closes #475
  • Changed: no longer lowercase cookie names
  • Changed bodyParser() to use json(), urlencoded(), and multipart()
  • Changed: errorHandler() is now a development-only middleware
  • Changed middleware to next() errors when possible so applications can unify logging / handling
  • Removed http[s].Server inheritance, now just a function, making it easy to have an app providing both http and https
  • Removed .createServer() (use connect())
  • Removed secret option from session(), use cookieParser(secret)
  • Removed connect.session.ignore array support
  • Removed router() middleware. Closes #262
  • Fixed: set-cookie only once for browser-session cookies
  • Fixed FQDN support. dont add leading "/"
  • Fixed 404 XSS attack vector. Closes #473
  • Fixed HEAD support for 404s and 500s generated by Connect's end-point

1.8.5 / 2011-12-22

  • Fixed: actually allow empty body for json

1.8.4 / 2011-12-22

  • Changed: allow empty body for json/urlencoded requests. Backport for #443

1.8.3 / 2011-12-16

  • Fixed static() index.html support on windows

1.8.2 / 2011-12-03

  • Fixed potential security issue, store files in req.files. Closes #431 [reported by dobesv]

1.8.1 / 2011-11-21

  • Added nesting support for multipart/form-data [jackyz]

1.8.0 / 2011-11-17

  • Added multipart/form-data support to bodyParser() using formidable

1.7.3 / 2011-11-11

  • Fixed req.body, always default to {}
  • Fixed HEAD support for 404s and 500s

1.7.2 / 2011-10-24

  • "node": ">= 0.4.1 < 0.7.0"
  • Added static() redirect option. Closes #398
  • Changed limit(): respond with 413 when content-length exceeds the limit
  • Removed socket error listener in static(). Closes #389
  • Fixed staticCache() Age header field
  • Fixed race condition causing errors reported in #329.

1.7.1 / 2011-09-12

  • Added: make Store inherit from EventEmitter
  • Added session Store#load(sess, fn) to fetch a Session instance
  • Added backpressure support to staticCache()
  • Changed res.socket.destroy() to req.socket.destroy()

1.7.0 / 2011-08-31

  • Added staticCache() middleware, a memory cache for static()
  • Added public res.headerSent checking nodes res._headerSent (remove when node adds this)
  • Changed: ignore error handling middleware when header is sent
  • Changed: dispatcher errors after header is sent destroy the sock

1.6.4 / 2011-08-26

  • Revert "Added double-next reporting"

1.6.3 / 2011-08-26

  • Added double-next() reporting
  • Added immediate option to logger(). Closes #321
  • Dependency qs >= 0.3.1

1.6.2 / 2011-08-11

  • Fixed connect.static() null byte vulnerability
  • Fixed connect.directory() null byte vulnerability
  • Changed: 301 redirect in static() to postfix "/" on directory. Closes #289

1.6.1 / 2011-08-03

  • Added: allow retval == null from logger callback to ignore line
  • Added getOnly option to connect.static.send()
  • Added response "header" event allowing augmentation
  • Added X-CSRF-Token header field check
  • Changed dep qs >= 0.3.0
  • Changed: persist csrf token. Closes #322
  • Changed: sort directory middleware files alphabetically

1.6.0 / 2011-07-10

  • Added :response-time to "dev" logger format
  • Added simple csrf() middleware. Closes #315
  • Fixed res._headers logger regression. Closes #318
  • Removed support for multiple middleware being passed to .use()

1.5.2 / 2011-07-06

  • Added filter function option to directory() [David Rio Deiros]
  • Changed: re-write of the logger() middleware, with extensible tokens and formats
  • Changed: static.send() ".." in path without root considered malicious
  • Fixed quotes in docs. Closes #312
  • Fixed urls when mounting directory(), use originalUrl [Daniel Dickison]

1.5.1 / 2011-06-20

  • Added malicious path check to directory() middleware
  • Added utils.forbidden(res)
  • Added connect.query() middleware

1.5.0 / 2011-06-20

  • Added connect.directory() middleware for serving directory listings

1.4.6 / 2011-06-18

  • Fixed connect.static() root with ..
  • Fixed connect.static() EBADF

1.4.5 / 2011-06-17

  • Fixed EBADF in connect.static(). Closes #297

1.4.4 / 2011-06-16

  • Changed connect.static() to check resolved dirname. Closes #294

1.4.3 / 2011-06-06

  • Fixed fd leak in connect.static() when the socket is closed
  • Fixed; bodyParser() ignoring GET/HEAD. Closes #285

1.4.2 / 2011-05-27

  • Changed to devDependencies
  • Fixed stream creation on static() HEAD request. [Andreas Lind Petersen]
  • Fixed Win32 support for static()
  • Fixed monkey-patch issue. Closes #261

1.4.1 / 2011-05-08

  • Added "hidden" option to static(). ignores hidden files by default. Closes * Added; expose connect.static.mime.define(). Closes #251
  • Fixed errorHandler middleware for missing stack traces. [aseemk] #274

1.4.0 / 2011-04-25

  • Added route-middleware next('route') support to jump passed the route itself
  • Added Content-Length support to limit()
  • Added route-specific middleware support (used to be in express)
  • Changed; refactored duplicate session logic
  • Changed; prevent redefining store.generate per request
  • Fixed; static() does not set Content-Type when explicitly set [nateps]
  • Fixed escape errorHandler() {error} contents
  • NOTE: router will be removed in 2.0

1.3.0 / 2011-04-06

  • Added router.remove(path[, method]) to remove a route

1.2.3 / 2011-04-05

  • Fixed basicAuth realm issue when passing strings. Closes #253

1.2.2 / 2011-04-05

  • Added basicAuth(username, password) support
  • Added errorHandler.title defaulting to "Connect"
  • Changed errorHandler css

1.2.1 / 2011-03-30

  • Fixed logger() https remoteAddress logging [Alexander Simmerl]

1.2.0 / 2011-03-30

  • Added router.lookup(path[, method])
  • Added router.match(url[, method])
  • Added basicAuth async support. Closes #223

1.1.5 / 2011-03-27

  • Added; allow logger() callback function to return an empty string to ignore logging
  • Fixed; utilizing mime.charsets.lookup() for static(). Closes 245

1.1.4 / 2011-03-23

  • Added logger() support for format function
  • Fixed logger() to support mess of writeHead()/progressive api for node 0.4.x

1.1.3 / 2011-03-21

  • Changed; limit() now calls req.destroy()

1.1.2 / 2011-03-21

  • Added request "limit" event to limit() middleware
  • Changed; limit() middleware will next(err) on failure

1.1.1 / 2011-03-18

  • Fixed session middleware for HTTPS. Closes #241 [reported by mt502]

1.1.0 / 2011-03-17

  • Added Session#reload(fn)

1.0.6 / 2011-03-09

  • Fixed res.setHeader() patch, preserve casing

1.0.5 / 2011-03-09

  • Fixed; logger() using req.originalUrl instead of req.url

1.0.4 / 2011-03-09

  • Added res.charset
  • Added conditional sessions example
  • Added support for session.ignore to be replaced. Closes #227
  • Fixed Cache-Control delimiters. Closes #228

1.0.3 / 2011-03-03

  • Fixed; static.send() invokes callback with connection error

1.0.2 / 2011-03-02

  • Fixed exported connect function
  • Fixed package.json; node ">= 0.4.1 < 0.5.0"

1.0.1 / 2011-03-02

  • Added Session#save(fn). Closes #213
  • Added callback support to connect.static.send() for express
  • Added connect.static.send() "path" option
  • Fixed content-type in static() for index.html

1.0.0 / 2011-03-01

  • Added stack, message, and dump errorHandler option aliases
  • Added req.originalMethod to methodOverride
  • Added favicon() maxAge option support
  • Added connect() alternative to connect.createServer()
  • Added new documentation
  • Added Range support to static()
  • Added HTTPS support
  • Rewrote session middleware. The session API now allows for session-specific cookies, so you may alter each individually. Click to view the new session api.
  • Added middleware self-awareness. This helps prevent middleware breakage when used within mounted servers. For example cookieParser() will not parse cookies more than once even when within a mounted server.
  • Added new examples in the ./examples directory
  • Added limit() middleware
  • Added profiler() middleware
  • Added responseTime() middleware
  • Renamed staticProvider to static
  • Renamed bodyDecoder to bodyParser
  • Renamed cookieDecoder to cookieParser
  • Fixed ETag quotes. [reported by papandreou]
  • Fixed If-None-Match comma-delimited ETag support. [reported by papandreou]
  • Fixed; only set req.originalUrl once. Closes #124
  • Fixed symlink support for static(). Closes #123

0.5.10 / 2011-02-14

  • Fixed SID space issue. Closes #196
  • Fixed; proxy res.end() to commit session data
  • Fixed directory traversal attack in staticProvider. Closes #198

0.5.9 / 2011-02-09

  • qs >= 0.0.4

0.5.8 / 2011-02-04

  • Added qs dependency
  • Fixed router race-condition causing possible failure when next()ing to one or more routes with parallel requests

0.5.7 / 2011-02-01

  • Added onvhost() call so Express (and others) can know when they are
  • Revert "Added stylus support" (use the middleware which ships with stylus)
  • Removed custom Server#listen() to allow regular http.Server#listen() args to work properly
  • Fixed long standing router issue (#83) that causes '.' to be disallowed within named placeholders in routes [Andreas Lind Petersen]
  • Fixed utils.uid() length error [Jxck] mounted

0.5.6 / 2011-01-23

  • Added stylus support to compiler
  • favicon.js cleanup
  • compiler.js cleanup
  • bodyDecoder.js cleanup

0.5.5 / 2011-01-13

  • Changed; using sha256 HMAC instead of md5. [Paul Querna]
  • Changed; generated a longer random UID, without time influence. [Paul Querna]
  • Fixed; session middleware throws when secret is not present. [Paul Querna]

0.5.4 / 2011-01-07

  • Added; throw when router path or callback is missing
  • Fixed; next(err) on cookie parse exception instead of ignoring
  • Revert "Added utils.pathname(), memoized url.parse(str).pathname"

0.5.3 / 2011-01-05

  • Added docs/api.html
  • Added utils.pathname(), memoized url.parse(str).pathname
  • Fixed session.id issue. Closes #183
  • Changed; Defaulting staticProvider maxAge to 0 not 1 year. Closes #179
  • Removed bad outdated docs, we need something new / automated eventually

0.5.2 / 2010-12-28

  • Added default OPTIONS support to router middleware

0.5.1 / 2010-12-28

  • Added req.session.id mirroring req.sessionID
  • Refactored router, exposing connect.router.methods
  • Exclude non-lib files from npm
  • Removed imposed headers X-Powered-By, Server, etc

0.5.0 / 2010-12-06

  • Added ./index.js
  • Added route segment precondition support and example
  • Added named capture group support to router

0.4.0 / 2010-11-29

  • Added basicAuth middleware
  • Added more HTTP methods to the router middleware

0.3.0 / 2010-07-21

  • Added staticGzip middleware
  • Added connect.utils to expose utils
  • Added connect.session.Session
  • Added connect.session.Store
  • Added connect.session.MemoryStore
  • Added connect.middleware to expose the middleware getters
  • Added buffer option to logger for performance increase
  • Added favicon middleware for serving your own favicon or the connect default
  • Added option support to staticProvider, can now pass root and lifetime.
  • Added; mounted Server instances now have the route property exposed for reflection
  • Added support for callback as first arg to Server#use()
  • Added support for next(true) in router to bypass match attempts
  • Added Server#listen() host support
  • Added Server#route when Server#use() is called with a route on a Server instance
  • Added methodOverride X-HTTP-Method-Override support
  • Refactored session internals, adds secret option
  • Renamed lifetime option to maxAge in staticProvider
  • Removed connect(1), it is now spark(1)
  • Removed connect(1) dependency on examples, they can all now run with node(1)
  • Remove a typo that was leaking a global.
  • Removed Object.prototype forEach() and map() methods
  • Removed a few utils not used
  • Removed connect.createApp()
  • Removed res.simpleBody()
  • Removed format middleware
  • Removed flash middleware
  • Removed redirect middleware
  • Removed jsonrpc middleware, use visionmedia/connect-jsonrpc
  • Removed pubsub middleware
  • Removed need for params.{captures,splat} in router middleware, params is an array
  • Changed; compiler no longer 404s
  • Changed; router signature now matches connect middleware signature
  • Fixed a require in session for default MemoryStore
  • Fixed nasty request body bug in router. Closes #54
  • Fixed less support in compiler
  • Fixed bug preventing proper bubbling of exceptions in mounted servers
  • Fixed bug in Server#use() preventing Server instances as the first arg
  • Fixed ENOENT special case, is now treated as any other exception
  • Fixed spark env support

0.2.1 / 2010-07-09

  • Added support for router next() to continue calling matched routes
  • Added mime type for cache.manifest files.
  • Changed compiler middleware to use async require
  • Changed session api, stores now only require #get(), and #set()
  • Fixed cacheManifest by adding utils.find() back

0.2.0 / 2010-07-01

  • Added calls to Session() casts the given object as a Session instance
  • Added passing of next() to router callbacks. Closes #46
  • Changed; MemoryStore#destroy() removes req.session
  • Changed res.redirect("back") to default to "/" when Referr?er is not present
  • Fixed staticProvider urlencoded paths issue. Closes #47
  • Fixed staticProvider middleware responding to GET requests
  • Fixed jsonrpc middleware Accept header check. Closes #43
  • Fixed logger format option
  • Fixed typo in compiler middleware preventing the dest option from working

0.1.0 / 2010-06-25

  • Revamped the api, view the Connect documentation for more info (hover on the right for menu)
  • Added extended api docs
  • Added docs for several more middleware layers
  • Added connect.Server#use()
  • Added compiler middleware which provides arbitrary static compilation
  • Added req.originalUrl
  • Removed blog example
  • Removed sass middleware (use compiler)
  • Removed less middleware (use compiler)
  • Renamed middleware to be camelcase, body-decoder is now bodyDecoder etc.
  • Fixed req.url mutation bug when matching connect.Server#use() routes
  • Fixed mkdir -p implementation used in bin/connect. Closes #39
  • Fixed bug in bodyDecoder throwing exceptions on request empty bodies
  • make install installing lib to $LIB_PREFIX aka $HOME/.node_libraries

0.0.6 / 2010-06-22

  • Added static middleware usage example
  • Added support for regular expressions as paths for router
  • Added util.merge()
  • Increased performance of static by ~ 200 rps
  • Renamed the rest middleware to router
  • Changed rest api to accept a callback function
  • Removed router middleware
  • Removed proto.js, only Object#forEach() remains

0.0.5 / 2010-06-21

  • Added Server#use() which contains the Layer normalization logic
  • Added documentation for several middleware
  • Added several new examples
  • Added less middleware
  • Added repl middleware
  • Added vhost middleware
  • Added flash middleware
  • Added cookie middleware
  • Added session middleware
  • Added utils.htmlEscape()
  • Added utils.base64Decode()
  • Added utils.base64Encode()
  • Added utils.uid()
  • Added bin/connect app path and --config path support for .js suffix, although optional. Closes #26
  • Moved mime code to utils.mime, ex utils.mime.types, and utils.mime.type()
  • Renamed req.redirect() to res.redirect(). Closes #29
  • Fixed sass 404 on ENOENT
  • Fixed +new Date duplication. Closes #24

0.0.4 / 2010-06-16

  • Added workerPidfile() to bin/connect
  • Added --workers support to bin/connect stop and status commands
  • Added redirect middleware
  • Added better --config support to bin/connect. All flags can be utilized
  • Added auto-detection of ./config.js
  • Added config example
  • Added net.Server support to bin/connect
  • Writing worker pids relative to env.pidfile
  • s/parseQuery/parse/g
  • Fixed npm support

0.0.3 / 2010-06-16

  • Fixed node dependency in package.json, now ">= 0.1.98-0" to support HEAD

0.0.2 / 2010-06-15

  • Added -V, --version to bin/connect
  • Added utils.parseCookie()
  • Added utils.serializeCookie()
  • Added utils.toBoolean()
  • Added sass middleware
  • Added cookie middleware
  • Added format middleware
  • Added lint middleware
  • Added rest middleware
  • Added ./package.json (npm install connect)
  • Added handleError() support
  • Added process.connectEnv
  • Added custom log format support to log middleware
  • Added arbitrary env variable support to bin/connect (ext: --logFormat ":method :url")
  • Added -w, --workers to bin/connect
  • Added bin/connect support for --user NAME and --group NAME
  • Fixed url re-writing support

0.0.1 / 2010-06-03

  • Initial release