编辑 | blame | 历史 | 原始文档

3.6.6 / 2018-02-14

deps: finalhandler@1.1.0
- Use res.headersSent when available
perf: remove array read-past-end

3.6.5 / 2017-09-22

deps: debug@2.6.9
deps: finalhandler@1.0.6
- deps: debug@2.6.9

3.6.4 / 2017-09-20

deps: finalhandler@1.0.5
- deps: parseurl@~1.3.2
deps: parseurl@~1.3.2
- perf: reduce overhead for full URLs
- perf: unroll the "fast-path" RegExp
deps: utils-merge@1.0.1

3.6.3 / 2017-08-03

deps: debug@2.6.8
deps: finalhandler@1.0.4
- deps: debug@2.6.8

3.6.2 / 2017-05-16

deps: finalhandler@1.0.3
- deps: debug@2.6.7
deps: debug@2.6.7
- deps: ms@2.0.0

3.6.1 / 2017-04-19

deps: debug@2.6.3
- Fix DEBUG_MAX_ARRAY_LENGTH
deps: finalhandler@1.0.1
- Fix missing </html> in HTML document
- deps: debug@2.6.3

3.6.0 / 2017-02-17

deps: debug@2.6.1
- Allow colors in workers
- Deprecated DEBUG_FD environment variable set to 3 or higher
- Fix error when running under React Native
- Use same color for same namespace
- deps: ms@0.7.2
deps: finalhandler@1.0.0
- Fix exception when err cannot be converted to a string
- Fully URL-encode the pathname in the 404
- Only include the pathname in the 404 message
- Send complete HTML document
- Set Content-Security-Policy: default-src 'self' header
- deps: debug@2.6.1

3.5.1 / 2017-02-12

deps: finalhandler@0.5.1
- Fix exception when err.headers is not an object
- deps: statuses@~1.3.1
- perf: hoist regular expressions
- perf: remove duplicate validation path

3.5.0 / 2016-09-09

deps: finalhandler@0.5.0
- Change invalid or non-numeric status code to 500
- Overwrite status message to match set status code
- Prefer err.statusCode if err.status is invalid
- Set response headers from err.headers object
- Use statuses instead of http module for status messages

3.4.1 / 2016-01-23

deps: finalhandler@0.4.1
- deps: escape-html@~1.0.3
deps: parseurl@~1.3.1
- perf: enable strict mode

3.4.0 / 2015-06-18

deps: debug@~2.2.0
- deps: ms@0.7.1
deps: finalhandler@0.4.0
- Fix a false-positive when unpiping in Node.js 0.8
- Support statusCode property on Error objects
- Use unpipe module for unpiping requests
- deps: debug@~2.2.0
- deps: escape-html@1.0.2
- deps: on-finished@~2.3.0
- perf: enable strict mode
- perf: remove argument reassignment
perf: enable strict mode
perf: remove argument reassignments

3.3.5 / 2015-03-16

deps: debug@~2.1.3
- Fix high intensity foreground color for bold
- deps: ms@0.7.0
deps: finalhandler@0.3.4
- deps: debug@~2.1.3

3.3.4 / 2015-01-07

deps: debug@~2.1.1
deps: finalhandler@0.3.3
- deps: debug@~2.1.1
- deps: on-finished@~2.2.0

3.3.3 / 2014-11-09

Correctly invoke async callback asynchronously

3.3.2 / 2014-10-28

Fix handling of URLs containing :// in the path

3.3.1 / 2014-10-22

deps: finalhandler@0.3.2
- deps: on-finished@~2.1.1

3.3.0 / 2014-10-17

deps: debug@~2.1.0
- Implement DEBUG_FD env variable support
deps: finalhandler@0.3.1
- Terminate in progress response only on error
- Use on-finished to determine request status
- deps: debug@~2.1.0

3.2.0 / 2014-09-08

deps: debug@~2.0.0
deps: finalhandler@0.2.0
- Set X-Content-Type-Options: nosniff header
- deps: debug@~2.0.0

3.1.1 / 2014-08-10

deps: parseurl@~1.3.0

3.1.0 / 2014-07-22

deps: debug@1.0.4
deps: finalhandler@0.1.0
- Respond after request fully read
- deps: debug@1.0.4
deps: parseurl@~1.2.0
- Cache URLs based on original value
- Remove no-longer-needed URL mis-parse work-around
- Simplify the "fast-path" RegExp
perf: reduce executed logic in routing
perf: refactor location of try block

3.0.2 / 2014-07-10

deps: debug@1.0.3
- Add support for multiple wildcards in namespaces
deps: parseurl@~1.1.3
- faster parsing of href-only URLs

3.0.1 / 2014-06-19

use finalhandler for final response handling
deps: debug@1.0.2

3.0.0 / 2014-05-29

No changes

3.0.0-rc.2 / 2014-05-04

Call error stack even when response has been sent
Prevent default 404 handler after response sent
dep: debug@0.8.1
encode stack in HTML for default error handler
remove proto export

3.0.0-rc.1 / 2014-03-06

move middleware to separate repos
remove docs
remove node patches
remove connect(middleware...)
remove the old connect.createServer() method
remove various private connect.utils functions
drop node.js 0.8 support

2.30.2 / 2015-07-31

deps: body-parser@~1.13.3
- deps: type-is@~1.6.6
deps: compression@~1.5.2
- deps: accepts@~1.2.12
- deps: compressible@~2.0.5
- deps: vary@~1.0.1
deps: errorhandler@~1.4.2
- deps: accepts@~1.2.12
deps: method-override@~2.3.5
- deps: vary@~1.0.1
- perf: enable strict mode
deps: serve-index@~1.7.2
- deps: accepts@~1.2.12
- deps: mime-types@~2.1.4
deps: type-is@~1.6.6
- deps: mime-types@~2.1.4
deps: vhost@~3.0.1
- perf: enable strict mode

2.30.1 / 2015-07-05

deps: body-parser@~1.13.2
- deps: iconv-lite@0.4.11
- deps: qs@4.0.0
- deps: raw-body@~2.1.2
- deps: type-is@~1.6.4
deps: compression@~1.5.1
- deps: accepts@~1.2.10
- deps: compressible@~2.0.4
deps: errorhandler@~1.4.1
- deps: accepts@~1.2.10
deps: qs@4.0.0
- Fix dropping parameters like hasOwnProperty
- Fix various parsing edge cases
deps: morgan@~1.6.1
- deps: basic-auth@~1.0.3
deps: pause@0.1.0
- Re-emit events with all original arguments
- Refactor internals
- perf: enable strict mode
deps: serve-index@~1.7.1
- deps: accepts@~1.2.10
- deps: mime-types@~2.1.2
deps: type-is@~1.6.4
- deps: mime-types@~2.1.2
- perf: enable strict mode
- perf: remove argument reassignment

2.30.0 / 2015-06-18

deps: body-parser@~1.13.1
- Add statusCode property on Errors, in addition to status
- Change type default to application/json for JSON parser
- Change type default to application/x-www-form-urlencoded for urlencoded parser
- Provide static require analysis
- Use the http-errors module to generate errors
- deps: bytes@2.1.0
- deps: iconv-lite@0.4.10
- deps: on-finished@~2.3.0
- deps: raw-body@~2.1.1
- deps: type-is@~1.6.3
- perf: enable strict mode
- perf: remove argument reassignment
- perf: remove delete call
deps: bytes@2.1.0
- Slight optimizations
- Units no longer case sensitive when parsing
deps: compression@~1.5.0
- Fix return value from .end and .write after end
- Improve detection of zero-length body without Content-Length
- deps: accepts@~1.2.9
- deps: bytes@2.1.0
- deps: compressible@~2.0.3
- perf: enable strict mode
- perf: remove flush reassignment
- perf: simplify threshold detection
deps: cookie@0.1.3
- Slight optimizations
deps: cookie-parser@~1.3.5
- deps: cookie@0.1.3
deps: csurf@~1.8.3
- Add sessionKey option
- deps: cookie@0.1.3
- deps: csrf@~3.0.0
deps: errorhandler@~1.4.0
- Add charset to the Content-Type header
- Support statusCode property on Error objects
- deps: accepts@~1.2.9
- deps: escape-html@1.0.2
deps: express-session@~1.11.3
- Support an array in secret option for key rotation
- deps: cookie@0.1.3
- deps: crc@3.3.0
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: uid-safe@~2.0.0
deps: finalhandler@0.4.0
- Fix a false-positive when unpiping in Node.js 0.8
- Support statusCode property on Error objects
- Use unpipe module for unpiping requests
- deps: escape-html@1.0.2
- deps: on-finished@~2.3.0
- perf: enable strict mode
- perf: remove argument reassignment
deps: fresh@0.3.0
- Add weak ETag matching support
deps: morgan@~1.6.0
- Add morgan.compile(format) export
- Do not color 1xx status codes in dev format
- Fix response-time token to not include response latency
- Fix status token incorrectly displaying before response in dev format
- Fix token return values to be undefined or a string
- Improve representation of multiple headers in req and res tokens
- Use res.getHeader in res token
- deps: basic-auth@~1.0.2
- deps: on-finished@~2.3.0
- pref: enable strict mode
- pref: reduce function closure scopes
- pref: remove dynamic compile on every request for dev format
- pref: remove an argument reassignment
- pref: skip function call without skip option
deps: serve-favicon@~2.3.0
- Send non-chunked response for OPTIONS
- deps: etag@~1.7.0
- deps: fresh@0.3.0
- perf: enable strict mode
- perf: remove argument reassignment
- perf: remove bitwise operations
deps: serve-index@~1.7.0
- Accept function value for template option
- Send non-chunked response for OPTIONS
- Stat parent directory when necessary
- Use Date.prototype.toLocaleDateString to format date
- deps: accepts@~1.2.9
- deps: escape-html@1.0.2
- deps: mime-types@~2.1.1
- perf: enable strict mode
- perf: remove argument reassignment
deps: serve-static@~1.10.0
- Add fallthrough option
- Fix reading options from options prototype
- Improve the default redirect response headers
- Malformed URLs now next() instead of 400
- deps: escape-html@1.0.2
- deps: send@0.13.0
- perf: enable strict mode
- perf: remove argument reassignment
deps: type-is@~1.6.3
- deps: mime-types@~2.1.1
- perf: reduce try block size
- perf: remove bitwise operations

2.29.2 / 2015-05-14

deps: body-parser@~1.12.4
- Slight efficiency improvement when not debugging
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: iconv-lite@0.4.8
- deps: on-finished@~2.2.1
- deps: qs@2.4.2
- deps: raw-body@~2.0.1
- deps: type-is@~1.6.2
deps: compression@~1.4.4
- deps: accepts@~1.2.7
- deps: debug@~2.2.0
deps: connect-timeout@~1.6.2
- deps: debug@~2.2.0
- deps: ms@0.7.1
deps: debug@~2.2.0
- deps: ms@0.7.1
deps: depd@~1.0.1
deps: errorhandler@~1.3.6
- deps: accepts@~1.2.7
deps: finalhandler@0.3.6
- deps: debug@~2.2.0
- deps: on-finished@~2.2.1
deps: method-override@~2.3.3
- deps: debug@~2.2.0
deps: morgan@~1.5.3
- deps: basic-auth@~1.0.1
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: on-finished@~2.2.1
deps: qs@2.4.2
Fix allowing parameters like constructor
deps: response-time@~2.3.1
- deps: depd@~1.0.1
deps: serve-favicon@~2.2.1
- deps: etag@~1.6.0
- deps: ms@0.7.1
deps: serve-index@~1.6.4
- deps: accepts@~1.2.7
- deps: debug@~2.2.0
- deps: mime-types@~2.0.11
deps: serve-static@~1.9.3
- deps: send@0.12.3
deps: type-is@~1.6.2
- deps: mime-types@~2.0.11

2.29.1 / 2015-03-16

deps: body-parser@~1.12.2
- deps: debug@~2.1.3
- deps: qs@2.4.1
- deps: type-is@~1.6.1
deps: compression@~1.4.3
- Fix error when code calls res.end(str, encoding)
- deps: accepts@~1.2.5
- deps: debug@~2.1.3
deps: connect-timeout@~1.6.1
- deps: debug@~2.1.3
deps: debug@~2.1.3
- Fix high intensity foreground color for bold
- deps: ms@0.7.0
deps: errorhandler@~1.3.5
- deps: accepts@~1.2.5
deps: express-session@~1.10.4
- deps: debug@~2.1.3
deps: finalhandler@0.3.4
- deps: debug@~2.1.3
deps: method-override@~2.3.2
- deps: debug@~2.1.3
deps: morgan@~1.5.2
- deps: debug@~2.1.3
deps: qs@2.4.1
- Fix error when parameter hasOwnProperty is present
deps: serve-index@~1.6.3
- Properly escape file names in HTML
- deps: accepts@~1.2.5
- deps: debug@~2.1.3
- deps: escape-html@1.0.1
- deps: mime-types@~2.0.10
deps: serve-static@~1.9.2
- deps: send@0.12.2
deps: type-is@~1.6.1
- deps: mime-types@~2.0.10

2.29.0 / 2015-02-17

Use content-type to parse Content-Type headers
deps: body-parser@~1.12.0
- add debug messages
- accept a function for the type option
- make internal extended: true depth limit infinity
- use content-type to parse Content-Type headers
- deps: iconv-lite@0.4.7
- deps: raw-body@1.3.3
- deps: type-is@~1.6.0
deps: compression@~1.4.1
- Prefer gzip over deflate on the server
- deps: accepts@~1.2.4
deps: connect-timeout@~1.6.0
- deps: http-errors@~1.3.1
deps: cookie-parser@~1.3.4
- deps: cookie-signature@1.0.6
deps: cookie-signature@1.0.6
deps: csurf@~1.7.0
- Accept CSRF-Token and XSRF-Token request headers
- Default cookie.path to '/', if using cookies
- deps: cookie-signature@1.0.6
- deps: csrf@~2.0.6
- deps: http-errors@~1.3.1
deps: errorhandler@~1.3.4
- deps: accepts@~1.2.4
deps: express-session@~1.10.3
- deps: cookie-signature@1.0.6
- deps: uid-safe@1.1.0
deps: http-errors@~1.3.1
- Construct errors using defined constructors from createError
- Fix error names that are not identifiers
- Set a meaningful name property on constructed errors
deps: response-time@~2.3.0
- Add function argument to support recording of response time
deps: serve-index@~1.6.2
- deps: accepts@~1.2.4
- deps: http-errors@~1.3.1
- deps: mime-types@~2.0.9
deps: serve-static@~1.9.1
- deps: send@0.12.1
deps: type-is@~1.6.0
- fix argument reassignment
- fix false-positives in hasBody Transfer-Encoding check
- support wildcard for both type and subtype (*/*)
- deps: mime-types@~2.0.9

2.28.3 / 2015-01-31

deps: compression@~1.3.1
- deps: accepts@~1.2.3
- deps: compressible@~2.0.2
deps: csurf@~1.6.6
- deps: csrf@~2.0.5
deps: errorhandler@~1.3.3
- deps: accepts@~1.2.3
deps: express-session@~1.10.2
- deps: uid-safe@1.0.3
deps: serve-index@~1.6.1
- deps: accepts@~1.2.3
- deps: mime-types@~2.0.8
deps: type-is@~1.5.6
- deps: mime-types@~2.0.8

2.28.2 / 2015-01-20

deps: body-parser@~1.10.2
- deps: iconv-lite@0.4.6
- deps: raw-body@1.3.2
deps: serve-static@~1.8.1
- Fix redirect loop in Node.js 0.11.14
- Fix root path disclosure
- deps: send@0.11.1

2.28.1 / 2015-01-08

deps: csurf@~1.6.5
- deps: csrf@~2.0.4
deps: express-session@~1.10.1
- deps: uid-safe@~1.0.2

2.28.0 / 2015-01-05

deps: body-parser@~1.10.1
- Make internal extended: true array limit dynamic
- deps: on-finished@~2.2.0
- deps: type-is@~1.5.5
deps: compression@~1.3.0
- Export the default filter function for wrapping
- deps: accepts@~1.2.2
- deps: debug@~2.1.1
deps: connect-timeout@~1.5.0
- deps: debug@~2.1.1
- deps: http-errors@~1.2.8
- deps: ms@0.7.0
deps: csurf@~1.6.4
- deps: csrf@~2.0.3
- deps: http-errors@~1.2.8
deps: debug@~2.1.1
deps: errorhandler@~1.3.2
- Add log option
- Fix heading content to not include stack
- deps: accepts@~1.2.2
deps: express-session@~1.10.0
- Add store.touch interface for session stores
- Fix MemoryStore expiration with resave: false
- deps: debug@~2.1.1
deps: finalhandler@0.3.3
- deps: debug@~2.1.1
- deps: on-finished@~2.2.0
deps: method-override@~2.3.1
- deps: debug@~2.1.1
- deps: methods@~1.1.1
deps: morgan@~1.5.1
- Add multiple date formats clf, iso, and web
- Deprecate buffer option
- Fix date format in common and combined formats
- Fix token arguments to accept values with "
- deps: debug@~2.1.1
- deps: on-finished@~2.2.0
deps: serve-favicon@~2.2.0
- Support query string in the URL
- deps: etag@~1.5.1
- deps: ms@0.7.0
deps: serve-index@~1.6.0
- Add link to root directory
- deps: accepts@~1.2.2
- deps: batch@0.5.2
- deps: debug@~2.1.1
- deps: mime-types@~2.0.7
deps: serve-static@~1.8.0
- Fix potential open redirect when mounted at root
- deps: send@0.11.0
deps: type-is@~1.5.5
- deps: mime-types@~2.0.7

2.27.6 / 2014-12-10

deps: serve-index@~1.5.3
- deps: accepts@~1.1.4
- deps: http-errors@~1.2.8
- deps: mime-types@~2.0.4

2.27.5 / 2014-12-10

deps: compression@~1.2.2
- Fix .end to only proxy to .end
- deps: accepts@~1.1.4
deps: express-session@~1.9.3
- Fix error when req.sessionID contains a non-string value
deps: http-errors@~1.2.8
- Fix stack trace from exported function
- Remove arguments.callee usage
deps: serve-index@~1.5.2
- Fix icon name background alignment on mobile view
deps: type-is@~1.5.4
- deps: mime-types@~2.0.4

2.27.4 / 2014-11-23

deps: body-parser@~1.9.3
- deps: iconv-lite@0.4.5
- deps: qs@2.3.3
- deps: raw-body@1.3.1
- deps: type-is@~1.5.3
deps: compression@~1.2.1
- deps: accepts@~1.1.3
deps: errorhandler@~1.2.3
- deps: accepts@~1.1.3
deps: express-session@~1.9.2
- deps: crc@3.2.1
deps: qs@2.3.3
- Fix arrayLimit behavior
deps: serve-favicon@~2.1.7
- Avoid errors from enumerables on Object.prototype
deps: serve-index@~1.5.1
- deps: accepts@~1.1.3
- deps: mime-types@~2.0.3
deps: type-is@~1.5.3
- deps: mime-types@~2.0.3

2.27.3 / 2014-11-09

Correctly invoke async callback asynchronously
deps: csurf@~1.6.3
- bump csrf
- bump http-errors

2.27.2 / 2014-10-28

Fix handling of URLs containing :// in the path
deps: body-parser@~1.9.2
- deps: qs@2.3.2
deps: qs@2.3.2
- Fix parsing of mixed objects and values

2.27.1 / 2014-10-22

deps: body-parser@~1.9.1
- deps: on-finished@~2.1.1
- deps: qs@2.3.0
- deps: type-is@~1.5.2
deps: express-session@~1.9.1
- Remove unnecessary empty write call
deps: finalhandler@0.3.2
- deps: on-finished@~2.1.1
deps: morgan@~1.4.1
- deps: on-finished@~2.1.1
deps: qs@2.3.0
- Fix parsing of mixed implicit and explicit arrays
deps: serve-static@~1.7.1
- deps: send@0.10.1

2.27.0 / 2014-10-16

Use http-errors module for creating errors
Use utils-merge module for merging objects
deps: body-parser@~1.9.0
- include the charset in "unsupported charset" error message
- include the encoding in "unsupported content encoding" error message
- deps: depd@~1.0.0
deps: compression@~1.2.0
- deps: debug@~2.1.0
deps: connect-timeout@~1.4.0
- Create errors with http-errors
- deps: debug@~2.1.0
deps: debug@~2.1.0
- Implement DEBUG_FD env variable support
deps: depd@~1.0.0
deps: express-session@~1.9.0
- deps: debug@~2.1.0
- deps: depd@~1.0.0
deps: finalhandler@0.3.1
- Terminate in progress response only on error
- Use on-finished to determine request status
- deps: debug@~2.1.0
deps: method-override@~2.3.0
- deps: debug@~2.1.0
deps: morgan@~1.4.0
- Add debug messages
- deps: depd@~1.0.0
deps: response-time@~2.2.0
- Add header option for custom header name
- Add suffix option
- Change digits argument to an options argument
- deps: depd@~1.0.0
deps: serve-favicon@~2.1.6
- deps: etag@~1.5.0
deps: serve-index@~1.5.0
- Add dir argument to filter function
- Add icon for mkv files
- Create errors with http-errors
- Fix incorrect 403 on Windows and Node.js 0.11
- Lookup icon by mime type for greater icon support
- Support using tokens multiple times
- deps: accepts@~1.1.2
- deps: debug@~2.1.0
- deps: mime-types@~2.0.2
deps: serve-static@~1.7.0
- deps: send@0.10.0

2.26.6 / 2014-10-15

deps: compression@~1.1.2
- deps: accepts@~1.1.2
- deps: compressible@~2.0.1
deps: csurf@~1.6.2
- bump http-errors
- fix cookie name when using cookie: true
deps: errorhandler@~1.2.2
- deps: accepts@~1.1.2

2.26.5 / 2014-10-08

Fix accepting non-object arguments to logger
deps: serve-static@~1.6.4
- Fix redirect loop when index file serving disabled

2.26.4 / 2014-10-02

deps: morgan@~1.3.2
- Fix req.ip integration when immediate: false
deps: type-is@~1.5.2
- deps: mime-types@~2.0.2

2.26.3 / 2014-09-24

deps: body-parser@~1.8.4
- fix content encoding to be case-insensitive
deps: serve-favicon@~2.1.5
- deps: etag@~1.4.0
deps: serve-static@~1.6.3
- deps: send@0.9.3

2.26.2 / 2014-09-19

deps: body-parser@~1.8.3
- deps: qs@2.2.4
deps: qs@2.2.4
- Fix issue with object keys starting with numbers truncated

2.26.1 / 2014-09-15

deps: body-parser@~1.8.2
- deps: depd@0.4.5
deps: depd@0.4.5
deps: express-session@~1.8.2
- Use crc instead of buffer-crc32 for speed
- deps: depd@0.4.5
deps: morgan@~1.3.1
- Remove un-used bytes dependency
- deps: depd@0.4.5
deps: serve-favicon@~2.1.4
- Fix content headers being sent in 304 response
- deps: etag@~1.3.1
deps: serve-static@~1.6.2
- deps: send@0.9.2

2.26.0 / 2014-09-08

deps: body-parser@~1.8.1
- add parameterLimit option to urlencoded parser
- change urlencoded extended array limit to 100
- make empty-body-handling consistent between chunked requests
- respond with 415 when over parameterLimit in urlencoded
- deps: media-typer@0.3.0
- deps: qs@2.2.3
- deps: type-is@~1.5.1
deps: compression@~1.1.0
- deps: accepts@~1.1.0
- deps: compressible@~2.0.0
- deps: debug@~2.0.0
deps: connect-timeout@~1.3.0
- deps: debug@~2.0.0
deps: cookie-parser@~1.3.3
- deps: cookie-signature@1.0.5
deps: cookie-signature@1.0.5
deps: csurf@~1.6.1
- add ignoreMethods option
- bump cookie-signature
- csrf-tokens -> csrf
- set code property on CSRF token errors
deps: debug@~2.0.0
deps: errorhandler@~1.2.0
- Display error using util.inspect if no other representation
- deps: accepts@~1.1.0
deps: express-session@~1.8.1
- Do not resave already-saved session at end of request
- Prevent session prototype methods from being overwritten
- deps: cookie-signature@1.0.5
- deps: debug@~2.0.0
deps: finalhandler@0.2.0
- Set X-Content-Type-Options: nosniff header
- deps: debug@~2.0.0
deps: fresh@0.2.4
deps: media-typer@0.3.0
- Throw error when parameter format invalid on parse
deps: method-override@~2.2.0
- deps: debug@~2.0.0
deps: morgan@~1.3.0
- Assert if format is not a function or string
deps: qs@2.2.3
- Fix issue where first empty value in array is discarded
deps: serve-favicon@~2.1.3
- Accept string for maxAge (converted by ms)
- Use etag to generate ETag header
- deps: fresh@0.2.4
deps: serve-index@~1.2.1
- Add debug messages
- Resolve relative paths at middleware setup
- deps: accepts@~1.1.0
deps: serve-static@~1.6.1
- Add lastModified option
- deps: send@0.9.1
deps: type-is@~1.5.1
- fix hasbody to be true for content-length: 0
- deps: media-typer@0.3.0
- deps: mime-types@~2.0.1
deps: vhost@~3.0.0

2.25.10 / 2014-09-04

deps: serve-static@~1.5.4
- deps: send@0.8.5

2.25.9 / 2014-08-29

deps: body-parser@~1.6.7
- deps: qs@2.2.2
deps: qs@2.2.2

2.25.8 / 2014-08-27

deps: body-parser@~1.6.6
- deps: qs@2.2.0
deps: csurf@~1.4.1
deps: qs@2.2.0
- Array parsing fix
- Performance improvements

2.25.7 / 2014-08-18

deps: body-parser@~1.6.5
- deps: on-finished@2.1.0
deps: express-session@~1.7.6
- Fix exception on res.end(null) calls
deps: morgan@~1.2.3
- deps: on-finished@2.1.0
deps: serve-static@~1.5.3
- deps: send@0.8.3

2.25.6 / 2014-08-14

deps: body-parser@~1.6.4
- deps: qs@1.2.2
deps: qs@1.2.2
deps: serve-static@~1.5.2
- deps: send@0.8.2

2.25.5 / 2014-08-11

Fix backwards compatibility in logger

2.25.4 / 2014-08-10

Fix query middleware breaking with argument
- It never really took one in the first place
deps: body-parser@~1.6.3
- deps: qs@1.2.1
deps: compression@~1.0.11
- deps: on-headers@~1.0.0
- deps: parseurl@~1.3.0
deps: connect-timeout@~1.2.2
- deps: on-headers@~1.0.0
deps: express-session@~1.7.5
- Fix parsing original URL
- deps: on-headers@~1.0.0
- deps: parseurl@~1.3.0
deps: method-override@~2.1.3
deps: on-headers@~1.0.0
deps: parseurl@~1.3.0
deps: qs@1.2.1
deps: response-time@~2.0.1
- deps: on-headers@~1.0.0
deps: serve-index@~1.1.6
- Fix URL parsing
deps: serve-static@~1.5.1
- Fix parsing of weird req.originalUrl values
- deps: parseurl@~1.3.0
  = deps: utils-merge@1.0.0

2.25.3 / 2014-08-07

deps: multiparty@3.3.2
- Fix potential double-callback

2.25.2 / 2014-08-07

deps: body-parser@~1.6.2
- deps: qs@1.2.0
deps: qs@1.2.0
- Fix parsing array of objects

2.25.1 / 2014-08-06

deps: body-parser@~1.6.1
- deps: qs@1.1.0
deps: qs@1.1.0
- Accept urlencoded square brackets
- Accept empty values in implicit array notation

2.25.0 / 2014-08-05

deps: body-parser@~1.6.0
- deps: qs@1.0.2
deps: compression@~1.0.10
- Fix upper-case Content-Type characters prevent compression
- deps: compressible@~1.1.1
deps: csurf@~1.4.0
- Support changing req.session after csurf middleware
- Calling res.csrfToken() after req.session.destroy() will now work
deps: express-session@~1.7.4
- Fix res.end patch to call correct upstream res.write
- Fix response end delay for non-chunked responses
deps: qs@1.0.2
- Complete rewrite
- Limits array length to 20
- Limits object depth to 5
- Limits parameters to 1,000
deps: serve-static@~1.5.0
- Add extensions option
- deps: send@0.8.1

2.24.3 / 2014-08-04

deps: serve-index@~1.1.5
- Fix Content-Length calculation for multi-byte file names
- deps: accepts@~1.0.7
deps: serve-static@~1.4.4
- Fix incorrect 403 on Windows and Node.js 0.11
- deps: send@0.7.4

2.24.2 / 2014-07-27

deps: body-parser@~1.5.2
deps: depd@0.4.4
- Work-around v8 generating empty stack traces
deps: express-session@~1.7.2
deps: morgan@~1.2.2
deps: serve-static@~1.4.2

2.24.1 / 2014-07-26

deps: body-parser@~1.5.1
deps: depd@0.4.3
- Fix exception when global Error.stackTraceLimit is too low
deps: express-session@~1.7.1
deps: morgan@~1.2.1
deps: serve-index@~1.1.4
deps: serve-static@~1.4.1

2.24.0 / 2014-07-22

deps: body-parser@~1.5.0
- deps: depd@0.4.2
- deps: iconv-lite@0.4.4
- deps: raw-body@1.3.0
- deps: type-is@~1.3.2
deps: compression@~1.0.9
- Add debug messages
- deps: accepts@~1.0.7
deps: connect-timeout@~1.2.1
- Accept string for time (converted by ms)
- deps: debug@1.0.4
deps: debug@1.0.4
deps: depd@0.4.2
- Add TRACE_DEPRECATION environment variable
- Remove non-standard grey color from color output
- Support --no-deprecation argument
- Support --trace-deprecation argument
deps: express-session@~1.7.0
- Improve session-ending error handling
- deps: debug@1.0.4
- deps: depd@0.4.2
deps: finalhandler@0.1.0
- Respond after request fully read
- deps: debug@1.0.4
deps: method-override@~2.1.2
- deps: debug@1.0.4
- deps: parseurl@~1.2.0
deps: morgan@~1.2.0
- Add :remote-user token
- Add combined log format
- Add common log format
- Remove non-standard grey color from dev format
deps: multiparty@3.3.1
deps: parseurl@~1.2.0
- Cache URLs based on original value
- Remove no-longer-needed URL mis-parse work-around
- Simplify the "fast-path" RegExp
deps: serve-static@~1.4.0
- Add dotfiles option
- deps: parseurl@~1.2.0
- deps: send@0.7.0

2.23.0 / 2014-07-10

deps: debug@1.0.3
- Add support for multiple wildcards in namespaces
deps: express-session@~1.6.4
deps: method-override@~2.1.0
- add simple debug output
- deps: methods@1.1.0
- deps: parseurl@~1.1.3
deps: parseurl@~1.1.3
- faster parsing of href-only URLs
deps: serve-static@~1.3.1
- deps: parseurl@~1.1.3

2.22.0 / 2014-07-03

deps: csurf@~1.3.0
- Fix cookie.signed option to actually sign cookie
deps: express-session@~1.6.1
- Fix res.end patch to return correct value
- Fix res.end patch to handle multiple res.end calls
- Reject cookies with missing signatures
deps: multiparty@3.3.0
- Always emit close after all parts ended
- Fix callback hang in node.js 0.8 on errors
deps: serve-static@~1.3.0
- Accept string for maxAge (converted by ms)
- Add setHeaders option
- Include HTML link in redirect response
- deps: send@0.5.0

2.21.1 / 2014-06-26

deps: cookie-parser@1.3.2
- deps: cookie-signature@1.0.4
deps: cookie-signature@1.0.4
- fix for timing attacks
deps: express-session@~1.5.2
- deps: cookie-signature@1.0.4
deps: type-is@~1.3.2
- more mime types

2.21.0 / 2014-06-20

deprecate connect(middleware) -- use app.use(middleware) instead
deprecate connect.createServer() -- use connect() instead
fix res.setHeader() patch to work with get -> append -> set pattern
deps: compression@~1.0.8
deps: errorhandler@~1.1.1
deps: express-session@~1.5.0
- Deprecate integration with cookie-parser middleware
- Deprecate looking for secret in req.secret
- Directly read cookies; cookie-parser no longer required
- Directly set cookies; res.cookie no longer required
- Generate session IDs with uid-safe, faster and even less collisions
deps: serve-index@~1.1.3

2.20.2 / 2014-06-19

deps: body-parser@1.4.3
- deps: type-is@1.3.1

2.20.1 / 2014-06-19

deps: type-is@1.3.1
- fix global variable leak

2.20.0 / 2014-06-19

deprecate verify option to json -- use body-parser npm module instead
deprecate verify option to urlencoded -- use body-parser npm module instead
deprecate things with depd module
use finalhandler for final response handling
use media-typer to parse content-type for charset
deps: body-parser@1.4.2
- check accepted charset in content-type (accepts utf-8)
- check accepted encoding in content-encoding (accepts identity)
- deprecate urlencoded() without provided extended option
- lazy-load urlencoded parsers
- support gzip and deflate bodies
- set inflate: false to turn off
- deps: raw-body@1.2.2
- deps: type-is@1.3.0
- Support all encodings from iconv-lite
deps: connect-timeout@1.1.1
- deps: debug@1.0.2
deps: cookie-parser@1.3.1
- export parsing functions
- req.cookies and req.signedCookies are now plain objects
- slightly faster parsing of many cookies
deps: csurf@1.2.2
deps: errorhandler@1.1.0
- Display error on console formatted like throw
- Escape HTML in stack trace
- Escape HTML in title
- Fix up edge cases with error sent in response
- Set X-Content-Type-Options: nosniff header
- Use accepts for negotiation
deps: express-session@1.4.0
- Add genid option to generate custom session IDs
- Add saveUninitialized option to control saving uninitialized sessions
- Add unset option to control unsetting req.session
- Generate session IDs with rand-token by default; reduce collisions
- Integrate with express "trust proxy" by default
- deps: buffer-crc32@0.2.3
- deps: debug@1.0.2
deps: multiparty@3.2.9
deps: serve-index@1.1.2
- deps: batch@0.5.1
deps: type-is@1.3.0
- improve type parsing
deps: vhost@2.0.0
- Accept RegExp object for hostname
- Provide req.vhost object
- Support IPv6 literal in Host header

2.19.6 / 2014-06-11

deps: body-parser@1.3.1
- deps: type-is@1.2.1
deps: compression@1.0.7
- use vary module for better Vary behavior
- deps: accepts@1.0.3
- deps: compressible@1.1.0
deps: debug@1.0.2
deps: serve-index@1.1.1
- deps: accepts@1.0.3
deps: serve-static@1.2.3
- Do not throw un-catchable error on file open race condition
- deps: send@0.4.3

2.19.5 / 2014-06-09

deps: csurf@1.2.1
- refactor to use csrf-tokens@~1.0.2
deps: debug@1.0.1
deps: serve-static@1.2.2
- fix "event emitter leak" warnings
- deps: send@0.4.2
deps: type-is@1.2.1
- Switch dependency from mime to mime-types@1.0.0

2.19.4 / 2014-06-05

deps: errorhandler@1.0.2
- Pass on errors from reading error files
deps: method-override@2.0.2
- use vary module for better Vary behavior
deps: serve-favicon@2.0.1
- Reduce byte size of ETag header

2.19.3 / 2014-06-03

deps: compression@1.0.6
- fix listeners for delayed stream creation
- fix regression for certain stream.pipe(res) situations
- fix regression when negotiation fails

2.19.2 / 2014-06-03

deps: compression@1.0.4
- fix adding Vary when value stored as array
- fix back-pressure behavior
- fix length check for res.end

2.19.1 / 2014-06-02

fix deprecated utils.escape

2.19.0 / 2014-06-02

deprecate methodOverride() -- use method-override npm module instead
deps: body-parser@1.3.0
- add extended option to urlencoded parser
deps: method-override@2.0.1
- set Vary header
- deps: methods@1.0.1
deps: multiparty@3.2.8
deps: response-time@2.0.0
- add digits argument
- do not override existing X-Response-Time header
- timer not subject to clock drift
- timer resolution down to nanoseconds
deps: serve-static@1.2.1
- send max-age in Cache-Control in correct format
- use escape-html for escaping
- deps: send@0.4.1

2.18.0 / 2014-05-29

deps: compression@1.0.3
deps: serve-index@1.1.0
- Fix content negotiation when no Accept header
- Properly support all HTTP methods
- Support vanilla node.js http servers
- Treat ENAMETOOLONG as code 414
- Use accepts for negotiation
deps: serve-static@1.2.0
- Calculate ETag with md5 for reduced collisions
- Fix wrong behavior when index file matches directory
- Ignore stream errors after request ends
- Skip directories in index file search
- deps: send@0.4.0

2.17.3 / 2014-05-27

deps: express-session@1.2.1
- Fix resave such that resave: true works

2.17.2 / 2014-05-27

deps: body-parser@1.2.2
- invoke next(err) after request fully read
- deps: raw-body@1.1.6
deps: method-override@1.0.2
- Handle req.body key referencing array or object
- Handle multiple HTTP headers

2.17.1 / 2014-05-21

fix res.charset appending charset when content-type has one

2.17.0 / 2014-05-20

deps: express-session@1.2.0
- Add resave option to control saving unmodified sessions
deps: morgan@1.1.1
- "dev" format will use same tokens as other formats
- :response-time token is now empty when immediate used
- :response-time token is now monotonic
- :response-time token has precision to 1 μs
- fix :status + immediate output in node.js 0.8
- improve buffer option to prevent indefinite event loop holding
- simplify method to get remote address
- deps: bytes@1.0.0
deps: serve-index@1.0.3
- Fix error from non-statable files in HTML view

2.16.2 / 2014-05-18

fix edge-case in res.appendHeader that would append in wrong order
deps: method-override@1.0.1

2.16.1 / 2014-05-17

remove usages of res.headerSent from core

2.16.0 / 2014-05-17

deprecate res.headerSent -- use res.headersSent
deprecate res.on("header") -- use on-headers module instead
fix connect.version to reflect the actual version
json: use body-parser
- add type option
- fix repeated limit parsing with every request
- improve parser speed
urlencoded: use body-parser
- add type option
- fix repeated limit parsing with every request
dep: bytes@1.0.0
- add negative support
dep: cookie-parser@1.1.0
- deps: cookie@0.1.2
dep: csurf@1.2.0
- add support for double-submit cookie
dep: express-session@1.1.0
- Add name option; replacement for key option
- Use setImmediate in MemoryStore for node.js >= 0.10

2.15.0 / 2014-05-04

Add simple res.cookie support
Add res.appendHeader
Call error stack even when response has been sent
Patch res.headerSent to return Boolean
Patch res.headersSent for node.js 0.8
Prevent default 404 handler after response sent
dep: compression@1.0.2
- support headers given to res.writeHead
- deps: bytes@0.3.0
- deps: negotiator@0.4.3
dep: connect-timeout@1.1.0
- Add req.timedout property
- Add respond option to constructor
- Clear timer on socket destroy
- deps: debug@0.8.1
dep: debug@^0.8.0
- add enable() method
- change from stderr to stdout
dep: errorhandler@1.0.1
- Clean up error CSS
- Do not respond after headers sent
dep: express-session@1.0.4
- Remove import of setImmediate
- Use res.cookie() instead of res.setHeader()
- deps: cookie@0.1.2
- deps: debug@0.8.1
dep: morgan@1.0.1
- Make buffer unique per morgan instance
- deps: bytes@0.3.0
dep: serve-favicon@2.0.0
- Accept Buffer of icon as first argument
- Non-GET and HEAD requests are denied
- Send valid max-age value
- Support conditional requests
- Support max-age=0
- Support OPTIONS method
- Throw if path argument is directory
dep: serve-index@1.0.2
- Add stylesheet option
- deps: negotiator@0.4.3

2.14.5 / 2014-04-24

dep: raw-body@1.1.4
- allow true as an option
- deps: bytes@0.3.0
dep: serve-static@1.1.0
- Accept options directly to send module
- deps: send@0.3.0

2.14.4 / 2014-04-07

dep: bytes@0.3.0
- added terabyte support
dep: csurf@1.1.0
- add constant-time string compare
dep: serve-static@1.0.4
- Resolve relative paths at middleware setup
- Use parseurl to parse the URL from request
fix node.js 0.8 compatibility with memory session

2.14.3 / 2014-03-18

dep: static-favicon@1.0.2
- Fixed content of default icon

2.14.2 / 2014-03-11

dep: static-favicon@1.0.1
- Fixed path to default icon

2.14.1 / 2014-03-06

dep: fresh@0.2.2
- no real changes
dep: serve-index@1.0.1
- deps: negotiator@0.4.2
dep: serve-static@1.0.2
- deps: send@0.2.0

2.14.0 / 2014-03-05

basicAuth: use basic-auth-connect
cookieParser: use cookie-parser
compress: use compression
csrf: use csurf
dep: cookie-signature@1.0.3
directory: use serve-index
errorHandler: use errorhandler
favicon: use static-favicon
logger: use morgan
methodOverride: use method-override
responseTime: use response-time
session: use express-session
static: use serve-static
timeout: use connect-timeout
vhost: use vhost

2.13.1 / 2014-03-05

cookieSession: compare full value rather than crc32
deps: raw-body@1.1.3

2.13.0 / 2014-02-14

fix typo in memory store warning #974 @rvagg
compress: use compressible
directory: add template option #990 @gottaloveit @Earl-Brown
csrf: prevent deprecated warning with old sessions

2.12.0 / 2013-12-10

bump qs
directory: sort folders before files
directory: add folder icons
directory: de-duplicate icons, details/mobile views #968 @simov
errorHandler: end default 404 handler with a newline #972 @rlidwka
session: remove long cookie expire check #870 @undoZen

2.11.2 / 2013-12-01

bump raw-body

2.11.1 / 2013-11-27

bump raw-body
errorHandler: use res.setHeader() instead of res.writeHead() #949 @lo1tuma

2.11.0 / 2013-10-29

update bytes
update uid2
update negotiator
sessions: add rolling session option #944 @ilmeo
sessions: property set cookies when given FQDN
cookieSessions: properly set cookies when given FQDN #948 @bmancini55
proto: fix FQDN mounting when multiple handlers #945 @bmancini55

2.10.1 / 2013-10-23

fixed; fixed a bug with static middleware at root and trailing slashes #942 (@dougwilson)

2.10.0 / 2013-10-22

fixed: set headers written by writeHead before emitting 'header'
fixed: mounted path should ignore querystrings on FQDNs #940 (@dougwilson)
fixed: parsing protocol-relative URLs with @ as pathnames #938 (@dougwilson)
fixed: fix static directory redirect for mount's root #937 (@dougwilson)
fixed: setting set-cookie header when mixing arrays and strings #893 (@anuj123)
bodyParser: optional verify function for urlencoded and json parsers for signing request bodies
compress: compress checks content-length to check threshold
compress: expose res.flush() for flushing responses
cookieParser: pass options into node-cookie #803 (@cauldrath)
errorHandler: replace \ns with <br/>s in error handler

2.9.2 / 2013-10-18

warn about multiparty and limit middleware deprecation for v3
fix fully qualified domain name mounting. #920 (@dougwilson)
directory: Fix potential security issue with serving files outside the root. #929 (@dougwilson)
logger: store IP at beginning in case socket prematurely closes #930 (@dougwilson)

2.9.1 / 2013-10-15

update multiparty
compress: Set vary header only if Content-Type passes filter #904
directory: Fix directory middleware URI escaping #917 (@dougwilson)
directory: Fix directory seperators for Windows #914 (@dougwilson)
directory: Keep query string intact during directory redirect #913 (@dougwilson)
directory: Fix paths in links #730 (@JacksonTian)
errorHandler: Don't escape text/plain as HTML #875 (@johan)
logger: Write '0' instead of '-' when response time is zero #910 (@dougwilson)
logger: Log even when connections are aborted #760 (@dylanahsmith)
methodOverride: Check req.body is an object #907 (@kbjr)
multipart: Add .type back to file parts for backwards compatibility #912 (@dougwilson)
multipart: Allow passing options to the Multiparty constructor #902 (@niftylettuce)

2.9.0 / 2013-09-07

multipart: add docs regarding tmpfiles
multipart: add .name back to file parts
multipart: use multiparty instead of formidable

2.8.8 / 2013-09-02

csrf: change to math.random() salt and remove csrfToken() callback

2.8.7 / 2013-08-28

csrf: prevent salt generation on every request, and add async req.csrfToken(fn)

2.8.6 / 2013-08-28

csrf: refactor to use HMAC tokens (BREACH attack)
compress: add compression of SVG and common font files by default.

2.8.5 / 2013-08-11

add: compress Dart source files by default
update fresh

2.8.4 / 2013-07-08

update send

2.8.3 / 2013-07-04

add a name back to static middleware ("staticMiddleware")
fix .hasBody() utility to require transfer-encoding or content-length

2.8.2 / 2013-07-03

update send
update cookie dep.
add better debug() for middleware
add whitelisting of supported methods to methodOverride()

2.8.1 / 2013-06-27

fix: escape req.method in 404 response

2.8.0 / 2013-06-26

add threshold option to compress() to prevent compression of small responses
add support for vendor JSON mime types in json()
add X-Forwarded-Proto initial https proxy support
change static redirect to 303
change octal escape sequences for strict mode
change: replace utils.uid() with uid2 lib
remove other "static" function name. Fixes #794
fix: hasBody() should return false if Content-Length: 0

2.7.11 / 2013-06-02

update send

2.7.10 / 2013-05-21

update qs
update formidable
fix: write/end to noop() when request aborted

2.7.9 / 2013-05-07

update qs
drop support for node < v0.8

2.7.8 / 2013-05-03

update qs

2.7.7 / 2013-04-29

update qs dependency
remove "static" function name. Closes #794
update node-formidable
update buffer-crc32

2.7.6 / 2013-04-15

revert cookie signature which was creating session race conditions

2.7.5 / 2013-04-12

update cookie-signature
limit: do not consume request in node 0.10.x

2.7.4 / 2013-04-01

session: add long expires check and prevent excess set-cookie
session: add console.error() of session#save() errors

2.7.3 / 2013-02-19

add name to compress middleware
add appending Accept-Encoding to Vary when set but missing
add tests for csrf middleware
add 'next' support for connect() server handler
change utils.uid() to return url-safe chars. Closes #753
fix treating '.' as a regexp in vhost()
fix duplicate bytes dep in package.json. Closes #743
fix #733 - parse x-forwarded-proto in a more generally compatibly way
revert "add support for next(status[, msg])"; makes composition hard

2.7.2 / 2013-01-04

add support for next(status[, msg]) back
add utf-8 meta tag to support foreign characters in filenames/directories
change timeout() 408 to 503
replace 'node-crc' with 'buffer-crc32', fixes licensing
fix directory.html IE support

2.7.1 / 2012-12-05

add directory() tests
add support for bodyParser to ignore Content-Type if no body is present (jquery primarily does this poorely)
fix errorHandler signature

2.7.0 / 2012-11-13

add support for leading JSON whitespace
add logging of req.ip when present
add basicAuth support for :-delimited string
update cookie module. Closes #688

2.6.2 / 2012-11-01

add debug() for disconnected session store
fix session regeneration bug. Closes #681

2.6.1 / 2012-10-25

add passing of connect.timeout() errors to next()
replace signature utils with cookie-signature module

2.6.0 / 2012-10-09

add defer option to multipart() [Blake Miner]
fix mount path case sensitivity. Closes #663
fix default of ascii encoding from logger(), now utf8. Closes #293

2.5.0 / 2012-09-27

add err.status = 400 to multipart() errors
add double-encoding protection to compress(). Closes #659
add graceful handling cookie parsing errors [shtylman]
fix typo X-Response-time to X-Response-Time

2.4.6 / 2012-09-18

update qs

2.4.5 / 2012-09-03

add session store "connect" / "disconnect" support [louischatriot]
fix :url log token

2.4.4 / 2012-08-21

fix static() pause regression from "send" integration

2.4.3 / 2012-08-07

fix .write() encoding for zlib inconstancy. Closes #561

2.4.2 / 2012-07-25

remove limit default from urlencoded()
remove limit default from json()
remove limit default from multipart()
fix cookieSession() clear cookie path / domain bug. Closes #636

2.4.1 / 2012-07-24

fix options mutation in static()

2.4.0 / 2012-07-23

add connect.timeout()
add GET / HEAD check to directory(). Closes #634
add "pause" util dep
update send dep for normalization bug

2.3.9 / 2012-07-16

add more descriptive invalid json error message
update send dep for root normalization regression
fix staticCache fresh dep

2.3.8 / 2012-07-12

fix connect.static() 404 regression, pass next(). Closes #629

2.3.7 / 2012-07-05

add json() utf-8 illustration test. Closes #621
add "send" dependency
change connect.static() internals to use "send"
fix session() req.session generation with pathname mismatch
fix cookieSession() req.session generation with pathname mismatch
fix mime export. Closes #618

2.3.6 / 2012-07-03

Fixed cookieSession() with cookieParser() secret regression. Closes #602
Fixed set-cookie header fields on cookie.path mismatch. Closes #615

2.3.5 / 2012-06-28

Remove logger() mount check
Fixed staticCache() dont cache responses with set-cookie. Closes #607
Fixed staticCache() when Cookie is present

2.3.4 / 2012-06-22

Added err.buf to urlencoded() and json()
Update cookie to 0.0.4. Closes #604
Fixed: only send 304 if original response in 2xx or 304 [timkuijsten]

2.3.3 / 2012-06-11

Added ETags back to static() [timkuijsten]
Replaced utils.parseRange() with range-parser module
Replaced utils.parseBytes() with bytes module
Replaced utils.modified() with fresh module
Fixed cookieSession() regression with invalid cookie signing [shtylman]

2.3.2 / 2012-06-08

expose mime module
Update crc dep (which bundled nodeunit)

2.3.1 / 2012-06-06

Added secret option to cookieSession middleware [shtylman]
Added secret option to session middleware [shtylman]
Added req.remoteUser back to basicAuth() as alias of req.user
Performance: improve signed cookie parsing
Update cookie dependency [shtylman]

2.3.0 / 2012-05-20

Added limit option to json()
Added limit option to urlencoded()
Added limit option to multipart()
Fixed: remove socket error event listener on callback
Fixed ENOTDIR error on static middleware

2.2.2 / 2012-05-07

Added support to csrf middle for pre-flight CORS requests
Updated engines to allow newer version of node
Removed duplicate repo prop. Closes #560

2.2.1 / 2012-04-28

Fixed static() redirect when mounted. Closes #554

2.2.0 / 2012-04-25

Added make benchmark
Perf: memoize url parsing (~20% increase)
Fixed connect(fn, fn2, ...). Closes #549

2.1.3 / 2012-04-20

Added optional json() reviver function to be passed to JSON.parse [jed]
Fixed: emit drain in compress middleware [nsabovic]

2.1.2 / 2012-04-11

Fixed cookieParser() req.cookies regression

2.1.1 / 2012-04-11

Fixed session() browser-session length cookies & examples
Fixed: make query() "self-aware" [jed]

2.1.0 / 2012-04-05

Added debug() calls to .use() (DEBUG=connect:displatcher)
Added urlencoded() support for GET
Added json() support for GET. Closes #497
Added strict option to json()
Changed: session() only set-cookie when modified
Removed Session#lastAccess property. Closes #399

2.0.3 / 2012-03-20

Added: cookieSession() only sets cookie on change. Closes #442
Added connect:dispatcher debug() probes

2.0.2 / 2012-03-04

Added test for ENAMETOOLONG now that node is fixed
Fixed static() index "/" check on windows. Closes #498
Fixed Content-Range behaviour to match RFC2616 [matthiasdg / visionmedia]

2.0.1 / 2012-02-29

Added test coverage for vhost() middleware
Changed cookieParser() signed cookie support to use SHA-2 [senotrusov]
Fixed static() Range: respond with 416 when unsatisfiable
Fixed vhost() middleware. Closes #494

2.0.0 / 2011-10-05

Added cookieSession() middleware for cookie-only sessions
Added compress() middleware for gzip / deflate support
Added session() "proxy" setting to trust X-Forwarded-Proto
Added json() middleware to parse "application/json"
Added urlencoded() middleware to parse "application/x-www-form-urlencoded"
Added multipart() middleware to parse "multipart/form-data"
Added cookieParser(secret) support so anything using this middleware may access signed cookies
Added signed cookie support to cookieParser()
Added support for JSON-serialized cookies to cookieParser()
Added err.status support in Connect's default end-point
Added X-Cache MISS / HIT to staticCache()
Added public res.headerSent checking nodes res._headerSent until node does
Changed basicAuth() req.remoteUser to req.user
Changed: default session() to a browser-session cookie. Closes #475
Changed: no longer lowercase cookie names
Changed bodyParser() to use json(), urlencoded(), and multipart()
Changed: errorHandler() is now a development-only middleware
Changed middleware to next() errors when possible so applications can unify logging / handling
Removed http[s].Server inheritance, now just a function, making it easy to have an app providing both http and https
Removed .createServer() (use connect())
Removed secret option from session(), use cookieParser(secret)
Removed connect.session.ignore array support
Removed router() middleware. Closes #262
Fixed: set-cookie only once for browser-session cookies
Fixed FQDN support. dont add leading "/"
Fixed 404 XSS attack vector. Closes #473
Fixed HEAD support for 404s and 500s generated by Connect's end-point

1.8.5 / 2011-12-22

Fixed: actually allow empty body for json

1.8.4 / 2011-12-22

Changed: allow empty body for json/urlencoded requests. Backport for #443

1.8.3 / 2011-12-16

Fixed static() index.html support on windows

1.8.2 / 2011-12-03

Fixed potential security issue, store files in req.files. Closes #431 [reported by dobesv]

1.8.1 / 2011-11-21

Added nesting support for multipart/form-data [jackyz]

1.8.0 / 2011-11-17

Added multipart/form-data support to bodyParser() using formidable

1.7.3 / 2011-11-11

Fixed req.body, always default to {}
Fixed HEAD support for 404s and 500s

1.7.2 / 2011-10-24

"node": ">= 0.4.1 < 0.7.0"
Added static() redirect option. Closes #398
Changed limit(): respond with 413 when content-length exceeds the limit
Removed socket error listener in static(). Closes #389
Fixed staticCache() Age header field
Fixed race condition causing errors reported in #329.

1.7.1 / 2011-09-12

Added: make Store inherit from EventEmitter
Added session Store#load(sess, fn) to fetch a Session instance
Added backpressure support to staticCache()
Changed res.socket.destroy() to req.socket.destroy()

1.7.0 / 2011-08-31

Added staticCache() middleware, a memory cache for static()
Added public res.headerSent checking nodes res._headerSent (remove when node adds this)
Changed: ignore error handling middleware when header is sent
Changed: dispatcher errors after header is sent destroy the sock

1.6.4 / 2011-08-26

Revert "Added double-next reporting"

1.6.3 / 2011-08-26

Added double-next() reporting
Added immediate option to logger(). Closes #321
Dependency qs >= 0.3.1

1.6.2 / 2011-08-11

Fixed connect.static() null byte vulnerability
Fixed connect.directory() null byte vulnerability
Changed: 301 redirect in static() to postfix "/" on directory. Closes #289

1.6.1 / 2011-08-03

Added: allow retval == null from logger callback to ignore line
Added getOnly option to connect.static.send()
Added response "header" event allowing augmentation
Added X-CSRF-Token header field check
Changed dep qs >= 0.3.0
Changed: persist csrf token. Closes #322
Changed: sort directory middleware files alphabetically

1.6.0 / 2011-07-10

Added :response-time to "dev" logger format
Added simple csrf() middleware. Closes #315
Fixed res._headers logger regression. Closes #318
Removed support for multiple middleware being passed to .use()

1.5.2 / 2011-07-06

Added filter function option to directory() [David Rio Deiros]
Changed: re-write of the logger() middleware, with extensible tokens and formats
Changed: static.send() ".." in path without root considered malicious
Fixed quotes in docs. Closes #312
Fixed urls when mounting directory(), use originalUrl [Daniel Dickison]

1.5.1 / 2011-06-20

Added malicious path check to directory() middleware
Added utils.forbidden(res)
Added connect.query() middleware

1.5.0 / 2011-06-20

Added connect.directory() middleware for serving directory listings

1.4.6 / 2011-06-18

Fixed connect.static() root with ..
Fixed connect.static() EBADF

1.4.5 / 2011-06-17

Fixed EBADF in connect.static(). Closes #297

1.4.4 / 2011-06-16

Changed connect.static() to check resolved dirname. Closes #294

1.4.3 / 2011-06-06

Fixed fd leak in connect.static() when the socket is closed
Fixed; bodyParser() ignoring GET/HEAD. Closes #285

1.4.2 / 2011-05-27

Changed to devDependencies
Fixed stream creation on static() HEAD request. [Andreas Lind Petersen]
Fixed Win32 support for static()
Fixed monkey-patch issue. Closes #261

1.4.1 / 2011-05-08

Added "hidden" option to static(). ignores hidden files by default. Closes * Added; expose connect.static.mime.define(). Closes #251
Fixed errorHandler middleware for missing stack traces. [aseemk]
274

1.4.0 / 2011-04-25

Added route-middleware next('route') support to jump passed the route itself
Added Content-Length support to limit()
Added route-specific middleware support (used to be in express)
Changed; refactored duplicate session logic
Changed; prevent redefining store.generate per request
Fixed; static() does not set Content-Type when explicitly set [nateps]
Fixed escape errorHandler() {error} contents
NOTE: router will be removed in 2.0

1.3.0 / 2011-04-06

Added router.remove(path[, method]) to remove a route

1.2.3 / 2011-04-05

Fixed basicAuth realm issue when passing strings. Closes #253

1.2.2 / 2011-04-05

Added basicAuth(username, password) support
Added errorHandler.title defaulting to "Connect"
Changed errorHandler css

1.2.1 / 2011-03-30

Fixed logger() https remoteAddress logging [Alexander Simmerl]

1.2.0 / 2011-03-30

Added router.lookup(path[, method])
Added router.match(url[, method])
Added basicAuth async support. Closes #223

1.1.5 / 2011-03-27

Added; allow logger() callback function to return an empty string to ignore logging
Fixed; utilizing mime.charsets.lookup() for static(). Closes 245

1.1.4 / 2011-03-23

Added logger() support for format function
Fixed logger() to support mess of writeHead()/progressive api for node 0.4.x

1.1.3 / 2011-03-21

Changed; limit() now calls req.destroy()

1.1.2 / 2011-03-21

Added request "limit" event to limit() middleware
Changed; limit() middleware will next(err) on failure

1.1.1 / 2011-03-18

Fixed session middleware for HTTPS. Closes #241 [reported by mt502]

1.1.0 / 2011-03-17

Added Session#reload(fn)

1.0.6 / 2011-03-09

Fixed res.setHeader() patch, preserve casing

1.0.5 / 2011-03-09

Fixed; logger() using req.originalUrl instead of req.url

1.0.4 / 2011-03-09

Added res.charset
Added conditional sessions example
Added support for session.ignore to be replaced. Closes #227
Fixed Cache-Control delimiters. Closes #228

1.0.3 / 2011-03-03

Fixed; static.send() invokes callback with connection error

1.0.2 / 2011-03-02

Fixed exported connect function
Fixed package.json; node ">= 0.4.1 < 0.5.0"

1.0.1 / 2011-03-02

Added Session#save(fn). Closes #213
Added callback support to connect.static.send() for express
Added connect.static.send() "path" option
Fixed content-type in static() for index.html

1.0.0 / 2011-03-01

Added stack, message, and dump errorHandler option aliases
Added req.originalMethod to methodOverride
Added favicon() maxAge option support
Added connect() alternative to connect.createServer()
Added new documentation
Added Range support to static()
Added HTTPS support
Rewrote session middleware. The session API now allows for
session-specific cookies, so you may alter each individually.
Click to view the new session api.
Added middleware self-awareness. This helps prevent
middleware breakage when used within mounted servers.
For example cookieParser() will not parse cookies more
than once even when within a mounted server.
Added new examples in the ./examples directory
Added limit() middleware
Added profiler() middleware
Added responseTime() middleware
Renamed staticProvider to static
Renamed bodyDecoder to bodyParser
Renamed cookieDecoder to cookieParser
Fixed ETag quotes. [reported by papandreou]
Fixed If-None-Match comma-delimited ETag support. [reported by papandreou]
Fixed; only set req.originalUrl once. Closes #124
Fixed symlink support for static(). Closes #123

0.5.10 / 2011-02-14

Fixed SID space issue. Closes #196
Fixed; proxy res.end() to commit session data
Fixed directory traversal attack in staticProvider. Closes #198

0.5.9 / 2011-02-09

qs >= 0.0.4

0.5.8 / 2011-02-04

Added qs dependency
Fixed router race-condition causing possible failure
when next()ing to one or more routes with parallel
requests

0.5.7 / 2011-02-01

Added onvhost() call so Express (and others) can know when they are
Revert "Added stylus support" (use the middleware which ships with stylus)
Removed custom Server#listen() to allow regular http.Server#listen() args to work properly
Fixed long standing router issue (#83) that causes '.' to be disallowed within named placeholders in routes [Andreas Lind Petersen]
Fixed utils.uid() length error [Jxck]
mounted

0.5.6 / 2011-01-23

Added stylus support to compiler
favicon.js cleanup
compiler.js cleanup
bodyDecoder.js cleanup

0.5.5 / 2011-01-13

Changed; using sha256 HMAC instead of md5. [Paul Querna]
Changed; generated a longer random UID, without time influence. [Paul Querna]
Fixed; session middleware throws when secret is not present. [Paul Querna]

0.5.4 / 2011-01-07

Added; throw when router path or callback is missing
Fixed; next(err) on cookie parse exception instead of ignoring
Revert "Added utils.pathname(), memoized url.parse(str).pathname"

0.5.3 / 2011-01-05

Added docs/api.html
Added utils.pathname(), memoized url.parse(str).pathname
Fixed session.id issue. Closes #183
Changed; Defaulting staticProvider maxAge to 0 not 1 year. Closes #179
Removed bad outdated docs, we need something new / automated eventually

0.5.2 / 2010-12-28

Added default OPTIONS support to router middleware

0.5.1 / 2010-12-28

Added req.session.id mirroring req.sessionID
Refactored router, exposing connect.router.methods
Exclude non-lib files from npm
Removed imposed headers X-Powered-By, Server, etc

0.5.0 / 2010-12-06

Added ./index.js
Added route segment precondition support and example
Added named capture group support to router

0.4.0 / 2010-11-29

Added basicAuth middleware
Added more HTTP methods to the router middleware

0.3.0 / 2010-07-21

Added staticGzip middleware
Added connect.utils to expose utils
Added connect.session.Session
Added connect.session.Store
Added connect.session.MemoryStore
Added connect.middleware to expose the middleware getters
Added buffer option to logger for performance increase
Added favicon middleware for serving your own favicon or the connect default
Added option support to staticProvider, can now pass root and lifetime.
Added; mounted Server instances now have the route property exposed for reflection
Added support for callback as first arg to Server#use()
Added support for next(true) in router to bypass match attempts
Added Server#listen() host support
Added Server#route when Server#use() is called with a route on a Server instance
Added methodOverride X-HTTP-Method-Override support
Refactored session internals, adds secret option
Renamed lifetime option to maxAge in staticProvider
Removed connect(1), it is now spark(1)
Removed connect(1) dependency on examples, they can all now run with node(1)
Remove a typo that was leaking a global.
Removed Object.prototype forEach() and map() methods
Removed a few utils not used
Removed connect.createApp()
Removed res.simpleBody()
Removed format middleware
Removed flash middleware
Removed redirect middleware
Removed jsonrpc middleware, use visionmedia/connect-jsonrpc
Removed pubsub middleware
Removed need for params.{captures,splat} in router middleware, params is an array
Changed; compiler no longer 404s
Changed; router signature now matches connect middleware signature
Fixed a require in session for default MemoryStore
Fixed nasty request body bug in router. Closes #54
Fixed less support in compiler
Fixed bug preventing proper bubbling of exceptions in mounted servers
Fixed bug in Server#use() preventing Server instances as the first arg
Fixed ENOENT special case, is now treated as any other exception
Fixed spark env support

0.2.1 / 2010-07-09

Added support for router next() to continue calling matched routes
Added mime type for cache.manifest files.
Changed compiler middleware to use async require
Changed session api, stores now only require #get(), and #set()
Fixed cacheManifest by adding utils.find() back

0.2.0 / 2010-07-01

Added calls to Session() casts the given object as a Session instance
Added passing of next() to router callbacks. Closes #46
Changed; MemoryStore#destroy() removes req.session
Changed res.redirect("back") to default to "/" when Referr?er is not present
Fixed staticProvider urlencoded paths issue. Closes #47
Fixed staticProvider middleware responding to GET requests
Fixed jsonrpc middleware Accept header check. Closes #43
Fixed logger format option
Fixed typo in compiler middleware preventing the dest option from working

0.1.0 / 2010-06-25

Revamped the api, view the Connect documentation for more info (hover on the right for menu)
Added extended api docs
Added docs for several more middleware layers
Added connect.Server#use()
Added compiler middleware which provides arbitrary static compilation
Added req.originalUrl
Removed blog example
Removed sass middleware (use compiler)
Removed less middleware (use compiler)
Renamed middleware to be camelcase, body-decoder is now bodyDecoder etc.
Fixed req.url mutation bug when matching connect.Server#use() routes
Fixed mkdir -p implementation used in bin/connect. Closes #39
Fixed bug in bodyDecoder throwing exceptions on request empty bodies
make install installing lib to $LIB_PREFIX aka $HOME/.node_libraries

0.0.6 / 2010-06-22

Added static middleware usage example
Added support for regular expressions as paths for router
Added util.merge()
Increased performance of static by ~ 200 rps
Renamed the rest middleware to router
Changed rest api to accept a callback function
Removed router middleware
Removed proto.js, only Object#forEach() remains

0.0.5 / 2010-06-21

Added Server#use() which contains the Layer normalization logic
Added documentation for several middleware
Added several new examples
Added less middleware
Added repl middleware
Added vhost middleware
Added flash middleware
Added cookie middleware
Added session middleware
Added utils.htmlEscape()
Added utils.base64Decode()
Added utils.base64Encode()
Added utils.uid()
Added bin/connect app path and --config path support for .js suffix, although optional. Closes #26
Moved mime code to utils.mime, ex utils.mime.types, and utils.mime.type()
Renamed req.redirect() to res.redirect(). Closes #29
Fixed sass 404 on ENOENT
Fixed +new Date duplication. Closes #24

0.0.4 / 2010-06-16

Added workerPidfile() to bin/connect
Added --workers support to bin/connect stop and status commands
Added redirect middleware
Added better --config support to bin/connect. All flags can be utilized
Added auto-detection of ./config.js
Added config example
Added net.Server support to bin/connect
Writing worker pids relative to env.pidfile
s/parseQuery/parse/g
Fixed npm support

0.0.3 / 2010-06-16

Fixed node dependency in package.json, now ">= 0.1.98-0" to support HEAD

0.0.2 / 2010-06-15

Added -V, --version to bin/connect
Added utils.parseCookie()
Added utils.serializeCookie()
Added utils.toBoolean()
Added sass middleware
Added cookie middleware
Added format middleware
Added lint middleware
Added rest middleware
Added ./package.json (npm install connect)
Added handleError() support
Added process.connectEnv
Added custom log format support to log middleware
Added arbitrary env variable support to bin/connect (ext: --logFormat ":method :url")
Added -w, --workers to bin/connect
Added bin/connect support for --user NAME and --group NAME
Fixed url re-writing support

0.0.1 / 2010-06-03

Initial release