3.14.0

• add explicit "Rosetta Flash JSONP abuse" protection
  • previous versions are not vulnerable; this is just explicit protection
• deprecate res.redirect(url, status) -- use res.redirect(status, url) instead
• fix res.send(status, num) to send num as json (not error)
• remove unnecessary escaping when res.jsonp returns JSON response
• deps: [email protected]
  • support empty password
  • support empty username
• deps: [email protected]
  • deps: [email protected]
  • deps: express-session@~1.6.4
  • deps: method-override@~2.1.0
  • deps: parseurl@~1.1.3
  • deps: serve-static@~1.3.1
  • deps: [email protected]
    • Add support for multiple wildcards in namespaces
  • deps: [email protected]
    • add CONNECT
  • deps: parseurl@~1.1.3
    • faster parsing of href-only URLs

4.5.1

• fix routing regression when altering req.method

4.5.0

• add deprecation message to non-plural req.accepts*
• add deprecation message to res.send(body, status)
• add deprecation message to res.vary()
• add headers option to res.sendfile
  • use to set headers on successful file transfer
• add mergeParams option to Router
  • merges req.params from parent routes
• add req.hostname -- correct name for what req.host returns
• deprecate things with depd module
• deprecate req.host -- use req.hostname instead
• fix behavior when handling request without routes
• fix handling when route.all is only route
• invoke router.param() only when route matches
• restore req.params after invoking router
• use finalhandler for final response handling
• use media-typer to alter content-type charset
• deps: accepts@~1.0.7
• deps: [email protected]
  • Accept string for maxage (converted by ms)
  • Include link in default redirect response
• deps: serve-static@~1.3.0
  • Accept string for maxAge (converted by ms)
  • Add setHeaders option
  • Include HTML link in redirect response
  • deps: [email protected]
• deps: type-is@~1.3.2

3.13.0

• add deprecation message to app.configure
• add deprecation message to req.auth
• use basic-auth to parse Authorization header
• deps: [email protected]
  • deps: csurf@~1.3.0
  • deps: express-session@~1.6.1
  • deps: [email protected]
  • deps: serve-static@~1.3.0
• deps: [email protected]
  • Accept string for maxage (converted by ms)
  • Include link in default redirect response

4.4.5

• deps: [email protected]
  • fix for timing attacks

3.12.1

• deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: express-session@~1.5.2
  • deps: type-is@~1.3.2
• deps: [email protected]
  • fix for timing attacks

3.12.0

• use media-typer to alter content-type charset
• deps: [email protected]
  • deprecate connect(middleware) -- use app.use(middleware) instead
  • deprecate connect.createServer() -- use connect() instead
  • fix res.setHeader() patch to work with with get -> append -> set pattern
  • deps: compression@~1.0.8
  • deps: errorhandler@~1.1.1
  • deps: express-session@~1.5.0
  • deps: serve-index@~1.1.3

4.4.4

• fix res.attachment Unicode filenames in Safari
• fix "trim prefix" debug message in express:router
• deps: accepts@~1.0.5
• deps: [email protected]

3.11.0

• deprecate things with depd module
• deps: [email protected]
• deps: [email protected]
  • deprecate verify option to json -- use body-parser module directly
  • deprecate verify option to urlencoded -- use body-parser module directly
  • deprecate things with depd module
  • use finalhandler for final response handling
  • use media-typer to parse content-type for charset
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]

4.4.3

• fix persistence of modified req.params[name] from app.param()
• deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
• deps: [email protected]
  • Do not throw un-catchable error on file open race condition
  • Use escape-html for HTML escaping
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Do not throw un-catchable error on file open race condition
  • deps: [email protected]