HISTORY.md
1 2.2.0 / 2025-03-27 2 ================== 3 4 * deps: send@^1.2.0 5 6 2.1.0 / 2024-09-10 7 =================== 8 9 * Changes from 1.16.0 10 * deps: send@^1.2.0 11 12 2.0.0 / 2024-08-23 13 ================== 14 15 * deps: 16 * parseurl@^1.3.3 17 * excape-html@^1.0.3 18 * encodeurl@^2.0.0 19 * supertest@^6.3.4 20 * safe-buffer@^5.2.1 21 * nyc@^17.0.0 22 * mocha@^10.7.0 23 * Changes from 1.x 24 25 2.0.0-beta.2 / 2024-03-20 26 ========================= 27 28 * deps: send@1.0.0-beta.2 29 30 2.0.0-beta.1 / 2022-02-05 31 ========================= 32 33 * Change `dotfiles` option default to `'ignore'` 34 * Drop support for Node.js 0.8 35 * Remove `hidden` option; use `dotfiles` option instead 36 * Remove `mime` export; use `mime-types` package instead 37 * deps: send@1.0.0-beta.1 38 - Use `mime-types` for file to content type mapping 39 - deps: debug@3.1.0 40 41 1.16.0 / 2024-09-10 42 =================== 43 44 * Remove link renderization in html while redirecting 45 46 1.15.0 / 2022-03-24 47 =================== 48 49 * deps: send@0.18.0 50 - Fix emitted 416 error missing headers property 51 - Limit the headers removed for 304 response 52 - deps: depd@2.0.0 53 - deps: destroy@1.2.0 54 - deps: http-errors@2.0.0 55 - deps: on-finished@2.4.1 56 - deps: statuses@2.0.1 57 58 1.14.2 / 2021-12-15 59 =================== 60 61 * deps: send@0.17.2 62 - deps: http-errors@1.8.1 63 - deps: ms@2.1.3 64 - pref: ignore empty http tokens 65 66 1.14.1 / 2019-05-10 67 =================== 68 69 * Set stricter CSP header in redirect response 70 * deps: send@0.17.1 71 - deps: range-parser@~1.2.1 72 73 1.14.0 / 2019-05-07 74 =================== 75 76 * deps: parseurl@~1.3.3 77 * deps: send@0.17.0 78 - deps: http-errors@~1.7.2 79 - deps: mime@1.6.0 80 - deps: ms@2.1.1 81 - deps: statuses@~1.5.0 82 - perf: remove redundant `path.normalize` call 83 84 1.13.2 / 2018-02-07 85 =================== 86 87 * Fix incorrect end tag in redirects 88 * deps: encodeurl@~1.0.2 89 - Fix encoding `%` as last character 90 * deps: send@0.16.2 91 - deps: depd@~1.1.2 92 - deps: encodeurl@~1.0.2 93 - deps: statuses@~1.4.0 94 95 1.13.1 / 2017-09-29 96 =================== 97 98 * Fix regression when `root` is incorrectly set to a file 99 * deps: send@0.16.1 100 101 1.13.0 / 2017-09-27 102 =================== 103 104 * deps: send@0.16.0 105 - Add 70 new types for file extensions 106 - Add `immutable` option 107 - Fix missing `</html>` in default error & redirects 108 - Set charset as "UTF-8" for .js and .json 109 - Use instance methods on steam to check for listeners 110 - deps: mime@1.4.1 111 - perf: improve path validation speed 112 113 1.12.6 / 2017-09-22 114 =================== 115 116 * deps: send@0.15.6 117 - deps: debug@2.6.9 118 - perf: improve `If-Match` token parsing 119 * perf: improve slash collapsing 120 121 1.12.5 / 2017-09-21 122 =================== 123 124 * deps: parseurl@~1.3.2 125 - perf: reduce overhead for full URLs 126 - perf: unroll the "fast-path" `RegExp` 127 * deps: send@0.15.5 128 - Fix handling of modified headers with invalid dates 129 - deps: etag@~1.8.1 130 - deps: fresh@0.5.2 131 132 1.12.4 / 2017-08-05 133 =================== 134 135 * deps: send@0.15.4 136 - deps: debug@2.6.8 137 - deps: depd@~1.1.1 138 - deps: http-errors@~1.6.2 139 140 1.12.3 / 2017-05-16 141 =================== 142 143 * deps: send@0.15.3 144 - deps: debug@2.6.7 145 146 1.12.2 / 2017-04-26 147 =================== 148 149 * deps: send@0.15.2 150 - deps: debug@2.6.4 151 152 1.12.1 / 2017-03-04 153 =================== 154 155 * deps: send@0.15.1 156 - Fix issue when `Date.parse` does not return `NaN` on invalid date 157 - Fix strict violation in broken environments 158 159 1.12.0 / 2017-02-25 160 =================== 161 162 * Send complete HTML document in redirect response 163 * Set default CSP header in redirect response 164 * deps: send@0.15.0 165 - Fix false detection of `no-cache` request directive 166 - Fix incorrect result when `If-None-Match` has both `*` and ETags 167 - Fix weak `ETag` matching to match spec 168 - Remove usage of `res._headers` private field 169 - Support `If-Match` and `If-Unmodified-Since` headers 170 - Use `res.getHeaderNames()` when available 171 - Use `res.headersSent` when available 172 - deps: debug@2.6.1 173 - deps: etag@~1.8.0 174 - deps: fresh@0.5.0 175 - deps: http-errors@~1.6.1 176 177 1.11.2 / 2017-01-23 178 =================== 179 180 * deps: send@0.14.2 181 - deps: http-errors@~1.5.1 182 - deps: ms@0.7.2 183 - deps: statuses@~1.3.1 184 185 1.11.1 / 2016-06-10 186 =================== 187 188 * Fix redirect error when `req.url` contains raw non-URL characters 189 * deps: send@0.14.1 190 191 1.11.0 / 2016-06-07 192 =================== 193 194 * Use status code 301 for redirects 195 * deps: send@0.14.0 196 - Add `acceptRanges` option 197 - Add `cacheControl` option 198 - Attempt to combine multiple ranges into single range 199 - Correctly inherit from `Stream` class 200 - Fix `Content-Range` header in 416 responses when using `start`/`end` options 201 - Fix `Content-Range` header missing from default 416 responses 202 - Ignore non-byte `Range` headers 203 - deps: http-errors@~1.5.0 204 - deps: range-parser@~1.2.0 205 - deps: statuses@~1.3.0 206 - perf: remove argument reassignment 207 208 1.10.3 / 2016-05-30 209 =================== 210 211 * deps: send@0.13.2 212 - Fix invalid `Content-Type` header when `send.mime.default_type` unset 213 214 1.10.2 / 2016-01-19 215 =================== 216 217 * deps: parseurl@~1.3.1 218 - perf: enable strict mode 219 220 1.10.1 / 2016-01-16 221 =================== 222 223 * deps: escape-html@~1.0.3 224 - perf: enable strict mode 225 - perf: optimize string replacement 226 - perf: use faster string coercion 227 * deps: send@0.13.1 228 - deps: depd@~1.1.0 229 - deps: destroy@~1.0.4 230 - deps: escape-html@~1.0.3 231 - deps: range-parser@~1.0.3 232 233 1.10.0 / 2015-06-17 234 =================== 235 236 * Add `fallthrough` option 237 - Allows declaring this middleware is the final destination 238 - Provides better integration with Express patterns 239 * Fix reading options from options prototype 240 * Improve the default redirect response headers 241 * deps: escape-html@1.0.2 242 * deps: send@0.13.0 243 - Allow Node.js HTTP server to set `Date` response header 244 - Fix incorrectly removing `Content-Location` on 304 response 245 - Improve the default redirect response headers 246 - Send appropriate headers on default error response 247 - Use `http-errors` for standard emitted errors 248 - Use `statuses` instead of `http` module for status messages 249 - deps: escape-html@1.0.2 250 - deps: etag@~1.7.0 251 - deps: fresh@0.3.0 252 - deps: on-finished@~2.3.0 253 - perf: enable strict mode 254 - perf: remove unnecessary array allocations 255 * perf: enable strict mode 256 * perf: remove argument reassignment 257 258 1.9.3 / 2015-05-14 259 ================== 260 261 * deps: send@0.12.3 262 - deps: debug@~2.2.0 263 - deps: depd@~1.0.1 264 - deps: etag@~1.6.0 265 - deps: ms@0.7.1 266 - deps: on-finished@~2.2.1 267 268 1.9.2 / 2015-03-14 269 ================== 270 271 * deps: send@0.12.2 272 - Throw errors early for invalid `extensions` or `index` options 273 - deps: debug@~2.1.3 274 275 1.9.1 / 2015-02-17 276 ================== 277 278 * deps: send@0.12.1 279 - Fix regression sending zero-length files 280 281 1.9.0 / 2015-02-16 282 ================== 283 284 * deps: send@0.12.0 285 - Always read the stat size from the file 286 - Fix mutating passed-in `options` 287 - deps: mime@1.3.4 288 289 1.8.1 / 2015-01-20 290 ================== 291 292 * Fix redirect loop in Node.js 0.11.14 293 * deps: send@0.11.1 294 - Fix root path disclosure 295 296 1.8.0 / 2015-01-05 297 ================== 298 299 * deps: send@0.11.0 300 - deps: debug@~2.1.1 301 - deps: etag@~1.5.1 302 - deps: ms@0.7.0 303 - deps: on-finished@~2.2.0 304 305 1.7.2 / 2015-01-02 306 ================== 307 308 * Fix potential open redirect when mounted at root 309 310 1.7.1 / 2014-10-22 311 ================== 312 313 * deps: send@0.10.1 314 - deps: on-finished@~2.1.1 315 316 1.7.0 / 2014-10-15 317 ================== 318 319 * deps: send@0.10.0 320 - deps: debug@~2.1.0 321 - deps: depd@~1.0.0 322 - deps: etag@~1.5.0 323 324 1.6.5 / 2015-02-04 325 ================== 326 327 * Fix potential open redirect when mounted at root 328 - Back-ported from v1.7.2 329 330 1.6.4 / 2014-10-08 331 ================== 332 333 * Fix redirect loop when index file serving disabled 334 335 1.6.3 / 2014-09-24 336 ================== 337 338 * deps: send@0.9.3 339 - deps: etag@~1.4.0 340 341 1.6.2 / 2014-09-15 342 ================== 343 344 * deps: send@0.9.2 345 - deps: depd@0.4.5 346 - deps: etag@~1.3.1 347 - deps: range-parser@~1.0.2 348 349 1.6.1 / 2014-09-07 350 ================== 351 352 * deps: send@0.9.1 353 - deps: fresh@0.2.4 354 355 1.6.0 / 2014-09-07 356 ================== 357 358 * deps: send@0.9.0 359 - Add `lastModified` option 360 - Use `etag` to generate `ETag` header 361 - deps: debug@~2.0.0 362 363 1.5.4 / 2014-09-04 364 ================== 365 366 * deps: send@0.8.5 367 - Fix a path traversal issue when using `root` 368 - Fix malicious path detection for empty string path 369 370 1.5.3 / 2014-08-17 371 ================== 372 373 * deps: send@0.8.3 374 375 1.5.2 / 2014-08-14 376 ================== 377 378 * deps: send@0.8.2 379 - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream` 380 381 1.5.1 / 2014-08-09 382 ================== 383 384 * Fix parsing of weird `req.originalUrl` values 385 * deps: parseurl@~1.3.0 386 * deps: utils-merge@1.0.0 387 388 1.5.0 / 2014-08-05 389 ================== 390 391 * deps: send@0.8.1 392 - Add `extensions` option 393 394 1.4.4 / 2014-08-04 395 ================== 396 397 * deps: send@0.7.4 398 - Fix serving index files without root dir 399 400 1.4.3 / 2014-07-29 401 ================== 402 403 * deps: send@0.7.3 404 - Fix incorrect 403 on Windows and Node.js 0.11 405 406 1.4.2 / 2014-07-27 407 ================== 408 409 * deps: send@0.7.2 410 - deps: depd@0.4.4 411 412 1.4.1 / 2014-07-26 413 ================== 414 415 * deps: send@0.7.1 416 - deps: depd@0.4.3 417 418 1.4.0 / 2014-07-21 419 ================== 420 421 * deps: parseurl@~1.2.0 422 - Cache URLs based on original value 423 - Remove no-longer-needed URL mis-parse work-around 424 - Simplify the "fast-path" `RegExp` 425 * deps: send@0.7.0 426 - Add `dotfiles` option 427 - deps: debug@1.0.4 428 - deps: depd@0.4.2 429 430 1.3.2 / 2014-07-11 431 ================== 432 433 * deps: send@0.6.0 434 - Cap `maxAge` value to 1 year 435 - deps: debug@1.0.3 436 437 1.3.1 / 2014-07-09 438 ================== 439 440 * deps: parseurl@~1.1.3 441 - faster parsing of href-only URLs 442 443 1.3.0 / 2014-06-28 444 ================== 445 446 * Add `setHeaders` option 447 * Include HTML link in redirect response 448 * deps: send@0.5.0 449 - Accept string for `maxAge` (converted by `ms`) 450 451 1.2.3 / 2014-06-11 452 ================== 453 454 * deps: send@0.4.3 455 - Do not throw un-catchable error on file open race condition 456 - Use `escape-html` for HTML escaping 457 - deps: debug@1.0.2 458 - deps: finished@1.2.2 459 - deps: fresh@0.2.2 460 461 1.2.2 / 2014-06-09 462 ================== 463 464 * deps: send@0.4.2 465 - fix "event emitter leak" warnings 466 - deps: debug@1.0.1 467 - deps: finished@1.2.1 468 469 1.2.1 / 2014-06-02 470 ================== 471 472 * use `escape-html` for escaping 473 * deps: send@0.4.1 474 - Send `max-age` in `Cache-Control` in correct format 475 476 1.2.0 / 2014-05-29 477 ================== 478 479 * deps: send@0.4.0 480 - Calculate ETag with md5 for reduced collisions 481 - Fix wrong behavior when index file matches directory 482 - Ignore stream errors after request ends 483 - Skip directories in index file search 484 - deps: debug@0.8.1 485 486 1.1.0 / 2014-04-24 487 ================== 488 489 * Accept options directly to `send` module 490 * deps: send@0.3.0 491 492 1.0.4 / 2014-04-07 493 ================== 494 495 * Resolve relative paths at middleware setup 496 * Use parseurl to parse the URL from request 497 498 1.0.3 / 2014-03-20 499 ================== 500 501 * Do not rely on connect-like environments 502 503 1.0.2 / 2014-03-06 504 ================== 505 506 * deps: send@0.2.0 507 508 1.0.1 / 2014-03-05 509 ================== 510 511 * Add mime export for back-compat 512 513 1.0.0 / 2014-03-05 514 ================== 515 516 * Genesis from `connect`