v1.12.1

Updates

• update mime package to avoid security vulnerability (#231)

v1.12.0

Updates

• Test updates for Node 8 and Sinon

Features

• Added optional time output for logging

Bugfixes

• Stop serving index.html if options.index is falsy
• Use querystring.unescape to fallback to safer equivalent that does not throw on malformed URIs

v1.11.0

Updates

• Webpack@3 Support
• Koa@2 Support

Features

• add mimeTypes option

Bugfixes

• Use options.log, warn and error for messages
• serverSideRendering example corrected
• added support for multi-compiler configuration

v1.10.2

Security fix:

This version contains a security fix, which is also breaking change if you have an insecure configuration.
We are releasing this breaking change as patch version to protect you from attacks.
Sorry if this breaks your setup, but the fix is easy.

We removed setting Access-Control-Allow-Origin to * be default. This allowed evil websites to access your assets.
Instead we ask you to set Access-Control-Allow-Origin manually to your host if required in your setup.
Use the headers option to do so.

middleware(compiler, {
    headers: {
        "Access-Control-Allow-Origin": "your-host"
    }
})

Read more about CORS here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

Bugfixes:

• Remove Access-Control-Allow-Origin = * default

v1.10.1

• Files with non-ascii names were not getting served (#171).

v1.10.0

• You probably have seen the infamous message webpack: bundle is now (IN)VALID. a lot of times. This has now been changed to more clear messages, clearly indicating when compiling and when done compiling, it will tell you if it was successful or with errors (#164).

v1.9.0

• Allow latest webpack 2.2.0-rc.0 as peer dependency (#160).
• Fix error handling for plugins (#157).
• Update memory-fs dependency to 0.4.1.
• Refactoring to make it easier to support other frameworks then Express in the future (#140).

v1.8.4

• Enforce UTF-8 in requests. This fixes a lot of issues with special characters (#136).

v1.8.3

The last few releases had a few bugs in them that shouldn't have reached stable. We're working hard on adding enough tests to prevent these kind of failures.

• Fix for output.path check with node < 0.12 (38ff513).
• Fix for output.path check on Windows with node < 5.0 (38ff513).
• Fix exception when using the deprecated watchDelay option (#131).

v1.8.2

• Add a nice error message when output.path in the webpack config is relative.
• Expose stats when using the advanced API (#127).
• Make log & warn functions replaceable (#124).
• Fix protocol-relative urls with publicPath (#129).