Recent Releases
4.19.226 Mar 2024 10:25
minor bugfix:
Improved for open redirect allow list bypass.
4.19.121 Mar 2024 23:25
minor feature:
Allow passing non-strings to res.location with new encoding handling checks.
4.18.301 Mar 2024 06:45
minor bugfix:
Routing requests without method.
Deps: body-parser@1.20.2.
Strict json error message on Node.js 19+.
Deps: content-type@ 1.0.5.
Deps: raw-body@2.5.2.
4.18.209 Oct 2022 11:45
minor bugfix:
Regression routing a large stack in a single route.
Deps: body-parser@1.20.1.
Deps: qs@6.11.0.
Perf: remove unnecessary object clone.
Deps: qs@6.11.0.
4.18.130 Apr 2022 03:17
minor bugfix:
Hanging on large stack of sync routes.
4.18.026 Apr 2022 10:45
major bugfix:
Add "root" option to `res.download`.
Allow `options` without `filename` in `res.download`.
Deprecate string and non-integer arguments to `res.status`.
Behavior of `null`/`undefined` as `maxAge` in `res.cookie`.
Handling very large stacks of sync middleware.
Ignore `Object.prototype` values in settings through `app.set`/`app.get`.
Invoke `default` with same arguments as types in `res.format`.
Support proper 205 responses using `res.send`.
Use `http-errors` for `res.format` error.
Deps: body-parser@1.20.0.
Error message for json parse whitespace in `strict`.
Internal error when inflated body exceeds limit.
- Prevent loss of async hooks context.
- Prevent hanging when request already read.
Deps: depd@2.0.0.
Deps: http-errors@2.0.0.
Deps: on-finished@2.4.1.
Deps: qs@6.10.3.
Deps: raw-body@2.5.1.
Deps: cookie@0.5.0.
- Add `priority` option.
- `expires` option to reject invalid dates.
Deps: depd@2.0.0.
- Replace internal `eval` usage with `Function` constructor.
- Use instance methods on `process` to check for listeners.
Deps: finalhandler@1.2.0.
- Remove set content headers that break response.
Deps: on-finished@2.4.1.
Deps: statuses@2.0.1.
Deps: on-finished@2.4.1.
- Prevent loss of async hooks context.
Deps: qs@6.10.3.
Deps: send@0.18.0.
Emitted 416 error missing headers property.
- Limit the headers removed for 304 response.
Deps: depd@2.0.0.
Deps: destroy@1.2.0.
Deps: http-errors@2.0.0.
Deps: on-finished@2.4.1.
Deps: statuses@2.0.1.
Deps: serve-static@1.15.0.
Deps: send@0.18.0.
Deps: statuses@2.0.1.
- Remove code 306.
- Rename `425 Unordered Collection` to standard `425 Too Early`.
4.17.317 Feb 2022 03:16
minor bugfix:
Deps: accepts@ 1.3.8.
Deps: mime-types@ 2.1.34.
Deps: negotiator@0.6.3.
Deps: body-parser@1.19.2.
Deps: bytes@3.1.2.
Deps: qs@6.9.7.
Deps: raw-body@2.4.3.
Deps: cookie@0.4.2.
Deps: qs@6.9.7.
Handling of `__proto__` keys.
Pref: remove unnecessary regexp for trust proxy.
4.17.218 Dec 2021 03:25
minor bugfix:
Handling of `undefined` in `res.jsonp`.
Handling of `undefined` when `"json escape"` is enabled.
Incorrect middleware execution with unanchored `RegExp`s.
`res.jsonp(obj, status)` deprecation message.
Typo in `res.is` JSDoc.
Deps: body-parser@1.19.1.
Deps: bytes@3.1.1.
Deps: http-errors@1.8.1.
Deps: qs@6.9.6.
Deps: raw-body@2.4.2.
Deps: safe-buffer@5.2.1.
Deps: type-is@ 1.6.18.
Deps: content-disposition@0.5.4.
Deps: safe-buffer@5.2.1.
Deps: cookie@0.4.1.
- `maxAge` option to reject invalid values.
Deps: proxy-addr@ 2.0.7.
- Use `req.socket` over deprecated `req.connection`.
Deps: forwarded@0.2.0.
Deps: ipaddr.js@1.9.1.
Deps: qs@6.9.6.
Deps: safe-buffer@5.2.1.
Deps: send@0.17.2.
Deps: http-errors@1.8.1.
Deps: ms@2.1.3.
Pref: ignore empty http tokens.
Deps: serve-static@1.14.2.
Deps: send@0.17.2.
Deps: setprototypeof@1.2.0.
4.17.127 May 2019 09:45
minor bugfix:
Revert "Improve error message for `null`/`undefined` to `res.status`".
4.17.017 May 2019 03:17
major feature:
Add `express.raw` to parse bodies into `Buffer`.
Add `express.text` to parse bodies into string.
Improve error message for non-strings to `res.sendFile`.
Improve error message for `null`/`undefined` to `res.status`.
Support multiple hosts in `X-Forwarded-Host`.
Deps: accepts@ 1.3.7.
Deps: body-parser@1.19.0.
- Add encoding MIK.
- Add petabyte (`pb`) support.
Parsing array brackets after index.
Deps: bytes@3.1.0.
Deps: http-errors@1.7.2.
Deps: iconv-lite@0.4.24.
Deps: qs@6.7.0.
Deps: raw-body@2.4.0.
Deps: type-is@ 1.6.17.
Deps: content-disposition@0.5.3.
Deps: cookie@0.4.0.
- Add `SameSite=None` support.
Deps: finalhandler@ 1.1.2.
- Set stricter `Content-Security-Policy` header.
Deps: parseurl@ 1.3.3.
Deps: statuses@ 1.5.0.
Deps: parseurl@ 1.3.3.
Deps: proxy-addr@ 2.0.5.
Deps: ipaddr.js@1.9.0.
Deps: qs@6.7.0.
Parsing array brackets after index.
Deps: range-parser@ 1.2.1.
Deps: send@0.17.1.
- Set stricter CSP header in redirect error responses.
Deps: http-errors@ 1.7.2.
Deps: mime@1.6.0.
Deps: ms@2.1.1.
Deps: range-parser@ 1.2.1.
Deps: statuses@ 1.5.0.
Perf: remove redundant `path.normalize` call.
Deps: serve-static@1.14.1.
- Set stricter CSP header in redirect response.
Deps: parseurl@ 1.3.3.
Deps: send@0.17.1.
Deps: setprototypeof@1.1.1.
Deps: statuses@ 1.5.0.
- Add `103 Early Hints`.
Deps: type-is@ 1.6.18.
Deps: mime-types@ 2.1.24.
Perf: prevent internal `throw` on invalid type.
4.16.412 Oct 2018 21:05
minor bugfix:
Where `"Request aborted"` may be logged in `res.sendfile`.
JSDoc for `Router` constructor.
Deps: body-parser@1.18.3.
Deprecation warnings on Node.js 10+.
Stack trace for strict json parse error.
Deps: depd@ 1.1.2.
Deps: http-errors@ 1.6.3.
Deps: iconv-lite@0.4.23.
Deps: qs@6.5.2.
Deps: raw-body@2.3.3.
Deps: type-is@ 1.6.16.
Deps: proxy-addr@ 2.0.4.
Deps: ipaddr.js@1.8.0.
Deps: qs@6.5.2.
Deps: safe-buffer@5.1.2.
4.16.313 Mar 2018 14:45
minor bugfix:
Deps: accepts@ 1.3.5.
Deps: mime-types@ 2.1.18.
Deps: depd@ 1.1.2.
Perf: remove argument reassignment.
Deps: encodeurl@ 1.0.2.
Encoding ` ` as last character.
Deps: finalhandler@1.1.1.
Output for bad / missing pathnames.
Deps: encodeurl@ 1.0.2.
Deps: statuses@ 1.4.0.
Deps: proxy-addr@ 2.0.3.
Deps: ipaddr.js@1.6.0.
Deps: send@0.16.2.
Incorrect end tag in default error redirects.
Deps: depd@ 1.1.2.
Deps: encodeurl@ 1.0.2.
Deps: statuses@ 1.4.0.
Deps: serve-static@1.13.2.
Incorrect end tag in redirects.
Deps: encodeurl@ 1.0.2.
Deps: send@0.16.2.
Deps: statuses@ 1.4.0.
Deps: type-is@ 1.6.16.
Deps: mime-types@ 2.1.18.
4.16.210 Oct 2017 12:25
minor bugfix:
`TypeError` in `res.send` when given `Buffer` and `ETag` header set.
Perf: skip parsing of entire `X-Forwarded-Proto` header.
4.16.102 Oct 2017 00:25
minor bugfix:
Deps: send@0.16.1.
Deps: serve-static@1.13.1.
Regression when `root` is incorrectly set to a file.
Deps: send@0.16.1.
4.15.526 Sep 2017 13:25
minor bugfix:
Deps: de@2.6.9.
Deps: finalhandler@ 1.0.6.
Deps: de@2.6.9.
Deps: parseurl@ 1.3.2.
Deps: fresh@0.5.2.
Handling of modified headers with invalid dates.
Perf: improve ETag match loop.
Perf: improve `If-None-Match` token parsing.
Deps: send@0.15.6.
Handling of modified headers with invalid dates.
Deps: de@2.6.9.
Deps: etag@ 1.8.1.
Deps: fresh@0.5.2.
Perf: improve `If-Match` token parsing.
Deps: serve-static@1.12.6.
Deps: parseurl@ 1.3.2.
Deps: send@0.15.6.
Perf: improve slash collapsing.
4.15.408 Aug 2017 02:25
minor bugfix:
Deps: de@2.6.8.
Deps: depd@ 1.1.1.
- Remove unnecessary `Buffer` loading.
Deps: finalhandler@ 1.0.4.
Deps: de@2.6.8.
Deps: proxy-addr@ 1.1.5.
Array argument being altered.
Deps: ipaddr.js@1.4.0.
Deps: qs@6.5.0.
Deps: send@0.15.4.
Deps: de@2.6.8.
Deps: depd@ 1.1.1.
Deps: http-errors@ 1.6.2.
Deps: serve-static@1.12.4.
Deps: send@0.15.4.
4.15.318 May 2017 19:45
minor bugfix:
Error when `res.set` cannot add charset to `Content-Type`.
Deps: de@2.6.7.
- `DE_MAX_ARRAY_LENGTH`.
Deps: ms@2.0.0.
Deps: finalhandler@ 1.0.3.
Missing `` in HTML document.
Deps: de@2.6.7.
Deps: proxy-addr@ 1.1.4.
Deps: ipaddr.js@1.3.0.
Deps: send@0.15.3.
Deps: de@2.6.7.
Deps: ms@2.0.0.
Deps: serve-static@1.12.3.
Deps: send@0.15.3.
Deps: type-is@ 1.6.15.
Deps: mime-types@ 2.1.15.
Deps: vary@ 1.1.1.
Perf: hoist regular expression.
4.15.207 Mar 2017 13:25
minor bugfix:
Deps: qs@6.4.0.
Regression parsing keys starting with ` `.
4.15.002 Mar 2017 13:45
major bugfix:
Add demessage when loading view engine.
Add `next("router")` to exit from router.
Case where `router.use` skipped requests routes did not.
Remove usage of `res._headers` private field.
- Improves compatibility with Node.js 8 nightly.
Skip routing when `req.url` is not set.
Use ` o` in path deto tell types apart.
Use `Object.create` to setup request response prototypes.
Use `setprototypeof` module to replace `__proto__` setting.
Use `statuses` instead of `http` module for status messages.
Deps: de@2.6.1.
- Allow colors in workers.
- Deprecated `DE_FD` environment variable set to `3` or higher.
Error when running under React Native.
- Use same color for same namespace.
Deps: ms@0.7.2.
Deps: etag@ 1.8.0.
- Use SHA1 instead of MD5 for ETag hashing.
- Works with FIPS 140-2 OpenSSL configuration.
Deps: finalhandler@ 1.0.0.
Exception when `err` cannot be converted to a string.
- Fully URL-encode the pathname in the 404.
- Only include the pathname in the 404 message.
- Send complete HTML document.
- Set `Content-Security-Policy: default-src 'self'` header.
Deps: de@2.6.1.
Deps: fresh@0.5.0.
False detection of `no-cache` request directive.
Incorrect result when `If-None-Match` has both `*` and ETags.
Weak `ETag` matching to match spec.
Perf: delay reading header values until needed.
Perf: enable strict mode.
Perf: hoist regular expressions.
Perf: remove duplicate conditional.
Perf: remove unnecessary boolean coercions.
Perf: skip checking modified time if ETag check failed.
Perf: skip parsing `If-None-Match` when no `ETag` header.
Perf: use `Date.parse` instead of `new Date`.
Deps: qs@6.3.1.
Array parsing from skipping empty values.
Compacting nested arrays.
Deps: send@0.15.0.
False detection of `no-cache` request directive.
Incorrect result when `If-None-Match` has both `*` and ETags.
Weak `ETag` matching to match spec.
- Remove usage of `res._headers` private field.
- Support `If-Match` and `If-Unmodified-Since` headers.
- Use `res.getHeaderNa
4.14.130 Jan 2017 00:05
minor bugfix:
Deps: content-disposition@0.5.2.
Deps: finalhandler@0.5.1.
Exception when `err.headers` is not an object.
Deps: statuses@ 1.3.1.
Perf: hoist regular expressions.
Perf: remove duplicate validation path.
Deps: proxy-addr@ 1.1.3.
Deps: ipaddr.js@1.2.0.
Deps: send@0.14.2.
Deps: http-errors@ 1.5.1.
Deps: ms@0.7.2.
Deps: statuses@ 1.3.1.
Deps: serve-static@ 1.11.2.
Deps: send@0.14.2.
Deps: type-is@ 1.6.14.
Deps: mime-types@ 2.1.13.
4.14.017 Jun 2016 07:45
major bugfix:
Add `acceptRanges` option to `res.sendFile`/`res.sendfile`.
Add `cacheControl` option to `res.sendFile`/`res.sendfile`.
Add `options` argument to `req.range`.
- Includes the `combine` option.
Encode URL in `res.location`/`res.redirect` if not already encoded.
Some redirect handling in `res.sendFile`/`res.sendfile`.
Windows absolute path check using forward slashes.
Improve error with invalid arguments to `req.get()`.
Improve performance for `res.json`/`res.jsonp` in most cases.
Improve `Range` header handling in `res.sendFile`/`res.sendfile`.
Deps: accepts@ 1.3.3.
Including type extensions in parameters in `Accept` parsing.
Parsing `Accept` parameters with quoted equals.
Parsing `Accept` parameters with quoted semicolons.
- Many performance improvments.
Deps: mime-types@ 2.1.11.
Deps: negotiator@0.6.1.
Deps: content-type@ 1.0.2.
Perf: enable strict mode.
Deps: cookie@0.3.1.
- Add `sameSite` option.
Cookie `Max-Age` to never be a floating point number.
- Improve error message when `encode` is not a function.
- Improve error message when `expires` is not a `Date`.
- Throw better error for invalid argument to parse.
- Throw on invalid values provided to `serialize`.
Perf: enable strict mode.
Perf: hoist regular expression.
Perf: use for loop in parse.
Perf: use string concatination for serialization.
Deps: finalhandler@0.5.0.
- Change invalid or non-numeric status code to 500.
- Overwrite status message to match set status code.
- Prefer `err.statusCode` if `err.status` is invalid.
- Set response headers from `err.headers` object.
- Use `statuses` instead of `http` module for status messages.
Deps: proxy-addr@ 1.1.2.
Accepting various invalid netmasks.
- IPv6-mapped IPv4 validation edge cases.
- IPv4 netmasks must be contingous.
- IPv6 addresses cannot be used as a netmask.
Deps: ipaddr.js@1.1.1.
Deps: qs@6.2.0.
- Add `decoder` option in `parse` function.
Deps: range-parser@ 1.2.0.
- Add `combine` option to combine overlapping ranges.
Incorrectly
4.13.411 Feb 2016 09:45
minor feature:
Deps: content-disposition@0.5.1.
Perf: enable strict mode.
Deps: cookie@0.1.5.
- Throw on invalid values provided to `serialize`.
Deps: depd@ 1.1.0.
- Support web browser loading.
Perf: enable strict mode.
Deps: escape-html@ 1.0.3.
Perf: enable strict mode.
Perf: optimize string replacement.
Perf: use faster string coercion.
Deps: finalhandler@0.4.1.
Deps: escape-html@ 1.0.3.
Deps: merge-descriptors@1.0.1.
Perf: enable strict mode.
Deps: methods@ 1.1.2.
Perf: enable strict mode.
Deps: parseurl@ 1.3.1.
Perf: enable strict mode.
Deps: proxy-addr@ 1.0.10.
Deps: ipaddr.js@1.0.5.
Perf: enable strict mode.
Deps: range-parser@ 1.0.3.
Perf: enable strict mode.
Deps: send@0.13.1.
Deps: depd@ 1.1.0.
Deps: destroy@ 1.0.4.
Deps: escape-html@ 1.0.3.
Deps: range-parser@ 1.0.3.
Deps: serve-static@ 1.10.2.
Deps: escape-html@ 1.0.3.
Deps: parseurl@ 1.3.0.
Deps: send@0.13.1.
4.13.305 Aug 2015 11:25
minor feature:
Fix infinite loop condition using `mergeParams: true`.
Fix inner numeric indices incorrectly altering parent `req.params`.
4.13.201 Aug 2015 20:25
minor feature:
deps: accepts@ 1.2.12.
- deps: mime-types@ 2.1.4.
deps: array-flatten@1.1.1.
- perf: enable strict mode.
deps: path-to-regexp@0.1.7.
- Fix regression with escaped round brackets and matching groups.
deps: type-is@ 1.6.6.
- deps: mime-types@ 2.1.4.
4.13.107 Jul 2015 18:45
minor feature:
deps: accepts@ 1.2.10.
- deps: mime-types@ 2.1.2.
deps: qs@4.0.0.
- Fix dropping parameters like `hasOwnProperty`.
- Fix various parsing edge cases.
deps: type-is@ 1.6.4.
- deps: mime-types@ 2.1.2.
- perf: enable strict mode.
- perf: remove argument reassignment.
4.13.022 Jun 2015 03:45
minor feature:
Add settings to debug output.
Fix `res.format` error when only `default` provided.
Fix issue where `next('route')` in `app.param` would incorrectly skip values.
Fix hiding platform issues with `decodeURIComponent`.
- Only `URIError`s are a 400.
Fix using `*` before params in routes.
Fix using capture groups before params in routes.
Simplify `res.cookie` to call `res.append`.
Use `array-flatten` module for flattening arrays.
deps: accepts@ 1.2.9.
- deps: mime-types@ 2.1.1.
- perf: avoid argument reassignment argument slice.
- perf: avoid negotiator recursive construction.
- perf: enable strict mode.
- perf: remove unnecessary bitwise operator.
deps: cookie@0.1.3.
- perf: deduce the scope of try-catch deopt.
- perf: remove argument reassignments.
deps: escape-html@1.0.2.
deps: etag@ 1.7.0.
- Always include entity length in ETags for hash length extensions.
- Generate non-Stats ETags using MD5 only (no longer CRC32).
- Improve stat performance by removing hashing.
- Improve support for JXcore.
- Remove base64 padding in ETags to shorten.
- Support "fake" stats objects in environments without fs.
- Use MD5 instead of MD4 in weak ETags over 1KB.
deps: finalhandler@0.4.0.
- Fix a false-positive when unpiping in Node.js 0.8.
- Support `statusCode` property on `Error` objects.
- Use `unpipe` module for unpiping requests.
- deps: escape-html@1.0.2.
- deps: on-finished@ 2.3.0.
- perf: enable strict mode.
- perf: remove argument reassignment.
deps: fresh@0.3.0.
- Add weak `ETag` matching support.
deps: on-finished@ 2.3.0.
- Add defined behavior for HTTP `CONNECT` requests.
- Add defined behavior for HTTP `Upgrade` requests.
- deps: ee-first@1.1.1.
deps: path-to-regexp@0.1.6.
deps: send@0.13.0.
- Allow Node.js HTTP server to set `Date` response header.
- Fix incorrectly removing `Content-Location` on 304 response.
- Improve the default redirect response headers.
- Send appropriate headers on default error response.
- Use `http-errors` for standard emitted errors.
- Use `statu
4.12.419 May 2015 03:16
minor feature:
deps: accepts@ 1.2.7.
- deps: mime-types@ 2.0.11.
- deps: negotiator@0.5.3.
* deps: debug@ 2.2.0.
- deps: ms@0.7.1.
* deps: depd@ 1.0.1.
* deps: etag@ 1.6.0.
- Improve support for JXcore.
- Support "fake" stats objects in environments without `fs`.
* deps: finalhandler@0.3.6.
- deps: debug@ 2.2.0.
- deps: on-finished@ 2.2.1.
* deps: on-finished@ 2.2.1.
- Fix `isFinished(req)` when data buffered.
* deps: proxy-addr@ 1.0.8.
- deps: ipaddr.js@1.0.1.
* deps: qs@2.4.2.
- Fix allowing parameters like `constructor`.
* deps: send@0.12.3.
- deps: debug@ 2.2.0.
- deps: depd@ 1.0.1.
- deps: etag@ 1.6.0.
- deps: ms@0.7.1.
- deps: on-finished@ 2.2.1.
* deps: serve-static@ 1.9.3.
- deps: send@0.12.3.
* deps: type-is@ 1.6.2.
- deps: mime-types@ 2.0.11.
4.12.318 Mar 2015 08:45
minor feature:
deps: accepts@ 1.2.5.
deps: mime-types@ 2.0.10.
deps: debug@ 2.1.3.
Fix high intensity foreground color for bold.
deps: ms@0.7.0.
deps: finalhandler@0.3.4.
deps: debug@ 2.1.3.
deps: proxy-addr@ 1.0.7.
deps: ipaddr.js@0.1.9.
deps: qs@2.4.1.
Fix error when parameter `hasOwnProperty` is present.
deps: send@0.12.2.
Throw errors early for invalid `extensions` or `index` options.
deps: debug@ 2.1.3.
deps: serve-static@ 1.9.2.
deps: send@0.12.2.
deps: type-is@ 1.6.1.
deps: mime-types@ 2.0.10.
4.12.206 Mar 2015 11:05
minor feature:
Fix regression where `"Request aborted"` is logged using `res.sendFile`
4.12.102 Mar 2015 13:45
minor feature:
Fix constructing application with non-configurable prototype properties
Fix `ECONNRESET` errors from `res.sendFile` usage
Fix `req.host` when using "trust proxy" hops count
Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
Fix wrong `code` on aborted connections from `res.sendFile`
deps: merge-descriptors@1.0.0
4.12.024 Feb 2015 08:25
minor feature:
Fix `"trust proxy"` setting to inherit when app is mounted.
Generate `ETag`s for all request responses.
No longer restricted to only responses for `GET` and `HEAD` requests.
Use `content-type` to parse `Content-Type` headers.
deps: accepts@ 1.2.4.
Fix preference sorting to be stable for long acceptable lists.
deps: mime-types@ 2.0.9.
deps: negotiator@0.5.1.
deps: cookie-signature@1.0.6.
deps: send@0.12.1.
Always read the stat size from the file.
Fix mutating passed-in `options`.
deps: mime@1.3.4.
deps: serve-static@ 1.9.1.
deps: send@0.12.1.
deps: type-is@ 1.6.0.
fix argument reassignment.
fix false-positives in `hasBody` `Transfer-Encoding` check.
support wildcard for both type and subtype .
deps: mime-types@ 2.0.9.
4.11.203 Feb 2015 17:05
minor feature:
Fix `res.redirect` double-calling `res.end` for `HEAD` requests
deps: accepts@ 1.2.3
deps: mime-types@ 2.0.8
deps: proxy-addr@ 1.0.6
deps: ipaddr.js@0.1.8
deps: type-is@ 1.5.6
deps: mime-types@ 2.0.8
4.11.122 Jan 2015 10:45
minor feature:
deps: send@0.11.1
Fix root path disclosure
deps: serve-static@ 1.8.1
Fix redirect loop in Node.js 0.11.14
Fix root path disclosure
deps: send@0.11.1
4.11.018 Jan 2015 07:45
minor feature:
Add `res.append` to append headers
Deprecate leading `:` in `name` for `app.param`
Deprecate `req.param` -- use `req.params`, `req.body`, or `req.query` instead
Deprecate `app.param`
Fix `OPTIONS` responses to include the `HEAD` method properly
Fix `res.sendFile` not always detecting aborted connection
Match routes iteratively to prevent stack overflows
deps: accepts@ 1.2.2
deps: mime-types@ 2.0.7
deps: negotiator@0.5.0
deps: send@0.11.0
deps: debug@ 2.1.1
deps: etag@ 1.5.1
deps: ms@0.7.0
deps: on-finished@ 2.2.0
deps: serve-static@ 1.8.0
deps: send@0.11.0
4.10.814 Jan 2015 18:05
minor feature:
Fix crash from error within `OPTIONS` response handler
deps: proxy-addr@ 1.0.5
deps: ipaddr.js@0.1.6
4.10.705 Jan 2015 05:55
minor feature:
Fix `Allow` header for `OPTIONS` to not contain duplicate methods
Fix incorrect "Request aborted" for `res.sendFile` when `HEAD` or 304
deps: debug@ 2.1.1
deps: finalhandler@0.3.3
deps: debug@ 2.1.1
deps: on-finished@ 2.2.0
deps: methods@ 1.1.1
deps: on-finished@ 2.2.0
deps: serve-static@ 1.7.2
Fix potential open redirect when mounted at root
deps: type-is@ 1.5.5
deps: mime-types@ 2.0.7
4.10.616 Dec 2014 14:05
minor feature:
Fix exception in `req.fresh`/`req.stale` without response headers
4.10.512 Dec 2014 07:45
minor feature:
Fix `res.send` double-calling `res.end` for `HEAD` requests
deps: accepts@ 1.1.4
deps: mime-types@ 2.0.4
deps: type-is@ 1.5.4
deps: mime-types@ 2.0.4
4.10.427 Nov 2014 20:45
minor feature:
Fix `res.sendfile` logging standard write errors
4.10.324 Nov 2014 03:16
minor feature:
Fix `res.sendFile` logging standard write errors
deps: etag@ 1.5.1
deps: proxy-addr@ 1.0.4
deps: ipaddr.js@0.1.5
deps: qs@2.3.3
Fix `arrayLimit` behavior
4.10.210 Nov 2014 03:19
minor feature:
Correctly invoke async router callback asynchronously
deps: accepts@ 1.1.3
deps: mime-types@ 2.0.3
deps: type-is@ 1.5.3
deps: mime-types@ 2.0.3
4.10.130 Oct 2014 16:05
minor bugfix:
Fix handling of URLs containing `://` in the path.
Fix parsing of mixed objects and values.