History.md

2.3.0 / 2012-05-20

• Added limit option to json()
• Added limit option to urlencoded()
• Added limit option to multipart()
• Fixed: remove socket error event listener on callback
• Fixed ENOTDIR error on static middleware

2.2.2 / 2012-05-07

• Added support to csrf middle for pre-flight CORS requests
• Updated engines to allow newer version of node
• Removed duplicate repo prop. Closes #560

2.2.1 / 2012-04-28

• Fixed static() redirect when mounted. Closes #554

2.2.0 / 2012-04-25

• Added make benchmark
• Perf: memoize url parsing (~20% increase)
• Fixed connect(fn, fn2, ...). Closes #549

2.1.3 / 2012-04-20

• Added optional json() reviver function to be passed to JSON.parse [jed]
• Fixed: emit drain in compress middleware [nsabovic]

2.1.2 / 2012-04-11

• Fixed cookieParser() req.cookies regression

2.1.1 / 2012-04-11

• Fixed session() browser-session length cookies & examples
• Fixed: make query() "self-aware" [jed]

2.1.0 / 2012-04-05

• Added debug() calls to .use() (DEBUG=connect:displatcher)
• Added urlencoded() support for GET
• Added json() support for GET. Closes #497
• Added strict option to json()
• Changed: session() only set-cookie when modified
• Removed Session#lastAccess property. Closes #399

2.0.3 / 2012-03-20

• Added: cookieSession() only sets cookie on change. Closes #442
• Added connect:dispatcher debug() probes

2.0.2 / 2012-03-04

• Added test for ENAMETOOLONG now that node is fixed
• Fixed static() index "/" check on windows. Closes #498
• Fixed Content-Range behaviour to match RFC2616 [matthiasdg / visionmedia]

2.0.1 / 2012-02-29

• Added test coverage for vhost() middleware
• Changed cookieParser() signed cookie support to use SHA-2 [senotrusov]
• Fixed static() Range: respond with 416 when unsatisfiable
• Fixed vhost() middleware. Closes #494

2.0.0 / 2011-10-05

• Added cookieSession() middleware for cookie-only sessions
• Added compress() middleware for gzip / deflate support
• Added session() "proxy" setting to trust X-Forwarded-Proto
• Added json() middleware to parse "application/json"
• Added urlencoded() middleware to parse "application/x-www-form-urlencoded"
• Added multipart() middleware to parse "multipart/form-data"
• Added cookieParser(secret) support so anything using this middleware may access signed cookies
• Added signed cookie support to cookieParser()
• Added support for JSON-serialized cookies to cookieParser()
• Added err.status support in Connect's default end-point
• Added X-Cache MISS / HIT to staticCache()
• Added public res.headerSent checking nodes res._headerSent until node does
• Changed basicAuth() req.remoteUser to req.user
• Changed: default session() to a browser-session cookie. Closes #475
• Changed: no longer lowercase cookie names
• Changed bodyParser() to use json(), urlencoded(), and multipart()
• Changed: errorHandler() is now a development-only middleware
• Changed middleware to next() errors when possible so applications can unify logging / handling
• Removed http[s].Server inheritance, now just a function, making it easy to have an app providing both http and https
• Removed .createServer() (use connect())
• Removed secret option from session(), use cookieParser(secret)
• Removed connect.session.ignore array support
• Removed router() middleware. Closes #262
• Fixed: set-cookie only once for browser-session cookies
• Fixed FQDN support. dont add leading "/"
• Fixed 404 XSS attack vector. Closes #473
• Fixed HEAD support for 404s and 500s generated by Connect's end-point

1.8.5 / 2011-12-22

• Fixed: actually allow empty body for json

1.8.4 / 2011-12-22

• Changed: allow empty body for json/urlencoded requests. Backport for #443

1.8.3 / 2011-12-16

• Fixed static() index.html support on windows

1.8.2 / 2011-12-03

• Fixed potential security issue, store files in req.files. Closes #431 [reported by dobesv]

1.8.1 / 2011-11-21

• Added nesting support for multipart/form-data [jackyz]

1.8.0 / 2011-11-17

• Added multipart/form-data support to bodyParser() using formidable

1.7.3 / 2011-11-11

• Fixed req.body, always default to {}
• Fixed HEAD support for 404s and 500s

1.7.2 / 2011-10-24

• "node": ">= 0.4.1 < 0.7.0"
• Added static() redirect option. Closes #398
• Changed limit(): respond with 413 when content-length exceeds the limit
• Removed socket error listener in static(). Closes #389
• Fixed staticCache() Age header field
• Fixed race condition causing errors reported in #329.

1.7.1 / 2011-09-12

• Added: make Store inherit from EventEmitter
• Added session Store#load(sess, fn) to fetch a Session instance
• Added backpressure support to staticCache()
• Changed res.socket.destroy() to req.socket.destroy()

1.7.0 / 2011-08-31

• Added staticCache() middleware, a memory cache for static()
• Added public res.headerSent checking nodes res._headerSent (remove when node adds this)
• Changed: ignore error handling middleware when header is sent
• Changed: dispatcher errors after header is sent destroy the sock

1.6.4 / 2011-08-26

• Revert "Added double-next reporting"

1.6.3 / 2011-08-26

• Added double-next() reporting
• Added immediate option to logger(). Closes #321
• Dependency qs >= 0.3.1

1.6.2 / 2011-08-11

• Fixed connect.static() null byte vulnerability
• Fixed connect.directory() null byte vulnerability
• Changed: 301 redirect in static() to postfix "/" on directory. Closes #289

1.6.1 / 2011-08-03

• Added: allow retval == null from logger callback to ignore line
• Added getOnly option to connect.static.send()
• Added response "header" event allowing augmentation
• Added X-CSRF-Token header field check
• Changed dep qs >= 0.3.0
• Changed: persist csrf token. Closes #322
• Changed: sort directory middleware files alphabetically

1.6.0 / 2011-07-10

• Added :response-time to "dev" logger format
• Added simple csrf() middleware. Closes #315
• Fixed res._headers logger regression. Closes #318
• Removed support for multiple middleware being passed to .use()

1.5.2 / 2011-07-06

• Added filter function option to directory() [David Rio Deiros]
• Changed: re-write of the logger() middleware, with extensible tokens and formats
• Changed: static.send() ".." in path without root considered malicious
• Fixed quotes in docs. Closes #312
• Fixed urls when mounting directory(), use originalUrl [Daniel Dickison]

1.5.1 / 2011-06-20

• Added malicious path check to directory() middleware
• Added utils.forbidden(res)
• Added connect.query() middleware

1.5.0 / 2011-06-20

• Added connect.directory() middleware for serving directory listings

1.4.6 / 2011-06-18

• Fixed connect.static() root with ..
• Fixed connect.static() EBADF

1.4.5 / 2011-06-17

• Fixed EBADF in connect.static(). Closes #297

1.4.4 / 2011-06-16

• Changed connect.static() to check resolved dirname. Closes #294

1.4.3 / 2011-06-06

• Fixed fd leak in connect.static() when the socket is closed
• Fixed; bodyParser() ignoring GET/HEAD. Closes #285

1.4.2 / 2011-05-27

• Changed to devDependencies
• Fixed stream creation on static() HEAD request. [Andreas Lind Petersen]
• Fixed Win32 support for static()
• Fixed monkey-patch issue. Closes #261

1.4.1 / 2011-05-08

• Added "hidden" option to static(). ignores hidden files by default. Closes * Added; expose connect.static.mime.define(). Closes #251
• Fixed errorHandler middleware for missing stack traces. [aseemk] #274

1.4.0 / 2011-04-25

• Added route-middleware next('route') support to jump passed the route itself
• Added Content-Length support to limit()
• Added route-specific middleware support (used to be in express)
• Changed; refactored duplicate session logic
• Changed; prevent redefining store.generate per request
• Fixed; static() does not set Content-Type when explicitly set [nateps]
• Fixed escape errorHandler() {error} contents
• NOTE: router will be removed in 2.0

1.3.0 / 2011-04-06

• Added router.remove(path[, method]) to remove a route

1.2.3 / 2011-04-05

• Fixed basicAuth realm issue when passing strings. Closes #253

1.2.2 / 2011-04-05

• Added basicAuth(username, password) support
• Added errorHandler.title defaulting to "Connect"
• Changed errorHandler css

1.2.1 / 2011-03-30

• Fixed logger() https remoteAddress logging [Alexander Simmerl]

1.2.0 / 2011-03-30

• Added router.lookup(path[, method])
• Added router.match(url[, method])
• Added basicAuth async support. Closes #223

1.1.5 / 2011-03-27

• Added; allow logger() callback function to return an empty string to ignore logging
• Fixed; utilizing mime.charsets.lookup() for static(). Closes 245

1.1.4 / 2011-03-23

• Added logger() support for format function
• Fixed logger() to support mess of writeHead()/progressive api for node 0.4.x

1.1.3 / 2011-03-21

• Changed; limit() now calls req.destroy()

1.1.2 / 2011-03-21

• Added request "limit" event to limit() middleware
• Changed; limit() middleware will next(err) on failure

1.1.1 / 2011-03-18

• Fixed session middleware for HTTPS. Closes #241 [reported by mt502]

1.1.0 / 2011-03-17

• Added Session#reload(fn)

1.0.6 / 2011-03-09

• Fixed res.setHeader() patch, preserve casing

1.0.5 / 2011-03-09

• Fixed; logger() using req.originalUrl instead of req.url

1.0.4 / 2011-03-09

• Added res.charset
• Added conditional sessions example
• Added support for session.ignore to be replaced. Closes #227
• Fixed Cache-Control delimiters. Closes #228

1.0.3 / 2011-03-03

• Fixed; static.send() invokes callback with connection error

1.0.2 / 2011-03-02

• Fixed exported connect function
• Fixed package.json; node ">= 0.4.1 < 0.5.0"

1.0.1 / 2011-03-02

• Added Session#save(fn). Closes #213
• Added callback support to connect.static.send() for express
• Added connect.static.send() "path" option
• Fixed content-type in static() for index.html

1.0.0 / 2011-03-01

• Added stack, message, and dump errorHandler option aliases
• Added req.originalMethod to methodOverride
• Added favicon() maxAge option support
• Added connect() alternative to connect.createServer()
• Added new documentation
• Added Range support to static()
• Added HTTPS support
• Rewrote session middleware. The session API now allows for session-specific cookies, so you may alter each individually. Click to view the new session api.
• Added middleware self-awareness. This helps prevent middleware breakage when used within mounted servers. For example cookieParser() will not parse cookies more than once even when within a mounted server.
• Added new examples in the ./examples directory
• Added limit() middleware
• Added profiler() middleware
• Added responseTime() middleware
• Renamed staticProvider to static
• Renamed bodyDecoder to bodyParser
• Renamed cookieDecoder to cookieParser
• Fixed ETag quotes. [reported by papandreou]
• Fixed If-None-Match comma-delimited ETag support. [reported by papandreou]
• Fixed; only set req.originalUrl once. Closes #124
• Fixed symlink support for static(). Closes #123

0.5.10 / 2011-02-14

• Fixed SID space issue. Closes #196
• Fixed; proxy res.end() to commit session data
• Fixed directory traversal attack in staticProvider. Closes #198

0.5.9 / 2011-02-09

• qs >= 0.0.4

0.5.8 / 2011-02-04

• Added qs dependency
• Fixed router race-condition causing possible failure when next()ing to one or more routes with parallel requests

0.5.7 / 2011-02-01

• Added onvhost() call so Express (and others) can know when they are
• Revert "Added stylus support" (use the middleware which ships with stylus)
• Removed custom Server#listen() to allow regular http.Server#listen() args to work properly
• Fixed long standing router issue (#83) that causes '.' to be disallowed within named placeholders in routes [Andreas Lind Petersen]
• Fixed utils.uid() length error [Jxck] mounted

0.5.6 / 2011-01-23

• Added stylus support to compiler
• favicon.js cleanup
• compiler.js cleanup
• bodyDecoder.js cleanup

0.5.5 / 2011-01-13

• Changed; using sha256 HMAC instead of md5. [Paul Querna]
• Changed; generated a longer random UID, without time influence. [Paul Querna]
• Fixed; session middleware throws when secret is not present. [Paul Querna]

0.5.4 / 2011-01-07

• Added; throw when router path or callback is missing
• Fixed; next(err) on cookie parse exception instead of ignoring
• Revert "Added utils.pathname(), memoized url.parse(str).pathname"

0.5.3 / 2011-01-05

• Added docs/api.html
• Added utils.pathname(), memoized url.parse(str).pathname
• Fixed session.id issue. Closes #183
• Changed; Defaulting staticProvider maxAge to 0 not 1 year. Closes #179
• Removed bad outdated docs, we need something new / automated eventually

0.5.2 / 2010-12-28

• Added default OPTIONS support to router middleware

0.5.1 / 2010-12-28

• Added req.session.id mirroring req.sessionID
• Refactored router, exposing connect.router.methods
• Exclude non-lib files from npm
• Removed imposed headers X-Powered-By, Server, etc

0.5.0 / 2010-12-06

• Added ./index.js
• Added route segment precondition support and example
• Added named capture group support to router

0.4.0 / 2010-11-29

• Added basicAuth middleware
• Added more HTTP methods to the router middleware

0.3.0 / 2010-07-21

• Added staticGzip middleware
• Added connect.utils to expose utils
• Added connect.session.Session
• Added connect.session.Store
• Added connect.session.MemoryStore
• Added connect.middleware to expose the middleware getters
• Added buffer option to logger for performance increase
• Added favicon middleware for serving your own favicon or the connect default
• Added option support to staticProvider, can now pass root and lifetime.
• Added; mounted Server instances now have the route property exposed for reflection
• Added support for callback as first arg to Server#use()
• Added support for next(true) in router to bypass match attempts
• Added Server#listen() host support
• Added Server#route when Server#use() is called with a route on a Server instance
• Added methodOverride X-HTTP-Method-Override support
• Refactored session internals, adds secret option
• Renamed lifetime option to maxAge in staticProvider
• Removed connect(1), it is now spark(1)
• Removed connect(1) dependency on examples, they can all now run with node(1)
• Remove a typo that was leaking a global.
• Removed Object.prototype forEach() and map() methods
• Removed a few utils not used
• Removed connect.createApp()
• Removed res.simpleBody()
• Removed format middleware
• Removed flash middleware
• Removed redirect middleware
• Removed jsonrpc middleware, use visionmedia/connect-jsonrpc
• Removed pubsub middleware
• Removed need for params.{captures,splat} in router middleware, params is an array
• Changed; compiler no longer 404s
• Changed; router signature now matches connect middleware signature
• Fixed a require in session for default MemoryStore
• Fixed nasty request body bug in router. Closes #54
• Fixed less support in compiler
• Fixed bug preventing proper bubbling of exceptions in mounted servers
• Fixed bug in Server#use() preventing Server instances as the first arg
• Fixed ENOENT special case, is now treated as any other exception
• Fixed spark env support

0.2.1 / 2010-07-09

• Added support for router next() to continue calling matched routes
• Added mime type for cache.manifest files.
• Changed compiler middleware to use async require
• Changed session api, stores now only require #get(), and #set()
• Fixed cacheManifest by adding utils.find() back

0.2.0 / 2010-07-01

• Added calls to Session() casts the given object as a Session instance
• Added passing of next() to router callbacks. Closes #46
• Changed; MemoryStore#destroy() removes req.session
• Changed res.redirect("back") to default to "/" when Referr?er is not present
• Fixed staticProvider urlencoded paths issue. Closes #47
• Fixed staticProvider middleware responding to GET requests
• Fixed jsonrpc middleware Accept header check. Closes #43
• Fixed logger format option
• Fixed typo in compiler middleware preventing the dest option from working

0.1.0 / 2010-06-25

• Revamped the api, view the Connect documentation for more info (hover on the right for menu)
• Added extended api docs
• Added docs for several more middleware layers
• Added connect.Server#use()
• Added compiler middleware which provides arbitrary static compilation
• Added req.originalUrl
• Removed blog example
• Removed sass middleware (use compiler)
• Removed less middleware (use compiler)
• Renamed middleware to be camelcase, body-decoder is now bodyDecoder etc.
• Fixed req.url mutation bug when matching connect.Server#use() routes
• Fixed mkdir -p implementation used in bin/connect. Closes #39
• Fixed bug in bodyDecoder throwing exceptions on request empty bodies
• make install installing lib to $LIB_PREFIX aka $HOME/.node_libraries

0.0.6 / 2010-06-22

• Added static middleware usage example
• Added support for regular expressions as paths for router
• Added util.merge()
• Increased performance of static by ~ 200 rps
• Renamed the rest middleware to router
• Changed rest api to accept a callback function
• Removed router middleware
• Removed proto.js, only Object#forEach() remains

0.0.5 / 2010-06-21

• Added Server#use() which contains the Layer normalization logic
• Added documentation for several middleware
• Added several new examples
• Added less middleware
• Added repl middleware
• Added vhost middleware
• Added flash middleware
• Added cookie middleware
• Added session middleware
• Added utils.htmlEscape()
• Added utils.base64Decode()
• Added utils.base64Encode()
• Added utils.uid()
• Added bin/connect app path and --config path support for .js suffix, although optional. Closes #26
• Moved mime code to utils.mime, ex utils.mime.types, and utils.mime.type()
• Renamed req.redirect() to res.redirect(). Closes #29
• Fixed sass 404 on ENOENT
• Fixed +new Date duplication. Closes #24

0.0.4 / 2010-06-16

• Added workerPidfile() to bin/connect
• Added --workers support to bin/connect stop and status commands
• Added redirect middleware
• Added better --config support to bin/connect. All flags can be utilized
• Added auto-detection of ./config.js
• Added config example
• Added net.Server support to bin/connect
• Writing worker pids relative to env.pidfile
• s/parseQuery/parse/g
• Fixed npm support

0.0.3 / 2010-06-16

• Fixed node dependency in package.json, now ">= 0.1.98-0" to support HEAD

0.0.2 / 2010-06-15

• Added -V, --version to bin/connect
• Added utils.parseCookie()
• Added utils.serializeCookie()
• Added utils.toBoolean()
• Added sass middleware
• Added cookie middleware
• Added format middleware
• Added lint middleware
• Added rest middleware
• Added ./package.json (npm install connect)
• Added handleError() support
• Added process.connectEnv
• Added custom log format support to log middleware
• Added arbitrary env variable support to bin/connect (ext: --logFormat ":method :url")
• Added -w, --workers to bin/connect
• Added bin/connect support for --user NAME and --group NAME
• Fixed url re-writing support

0.0.1 / 2010-06-03

• Initial release