Releases: expressjs/express
Releases · expressjs/express
4.18.1
- Fix hanging on large stack of sync routes
4.18.0
- Add "root" option to
res.download
- Allow
options
withoutfilename
inres.download
- Deprecate string and non-integer arguments to
res.status
- Fix behavior of
null
/undefined
asmaxAge
inres.cookie
- Fix handling very large stacks of sync middleware
- Ignore
Object.prototype
values in settings throughapp.set
/app.get
- Invoke
default
with same arguments as types inres.format
- Support proper 205 responses using
res.send
- Use
http-errors
forres.format
error - deps: body-parser@1.20.0
- Fix error message for json parse whitespace in
strict
- Fix internal error when inflated body exceeds limit
- Prevent loss of async hooks context
- Prevent hanging when request already read
- deps: depd@2.0.0
- deps: http-errors@2.0.0
- deps: on-finished@2.4.1
- deps: qs@6.10.3
- deps: raw-body@2.5.1
- Fix error message for json parse whitespace in
- deps: cookie@0.5.0
- Add
priority
option - Fix
expires
option to reject invalid dates
- Add
- deps: depd@2.0.0
- Replace internal
eval
usage withFunction
constructor - Use instance methods on
process
to check for listeners
- Replace internal
- deps: finalhandler@1.2.0
- Remove set content headers that break response
- deps: on-finished@2.4.1
- deps: statuses@2.0.1
- deps: on-finished@2.4.1
- Prevent loss of async hooks context
- deps: qs@6.10.3
- deps: send@0.18.0
- Fix emitted 416 error missing headers property
- Limit the headers removed for 304 response
- deps: depd@2.0.0
- deps: destroy@1.2.0
- deps: http-errors@2.0.0
- deps: on-finished@2.4.1
- deps: statuses@2.0.1
- deps: serve-static@1.15.0
- deps: send@0.18.0
- deps: statuses@2.0.1
- Remove code 306
- Rename
425 Unordered Collection
to standard425 Too Early
4.17.3
- deps: accepts@~1.3.8
- deps: mime-types@~2.1.34
- deps: negotiator@0.6.3
- deps: body-parser@1.19.2
- deps: bytes@3.1.2
- deps: qs@6.9.7
- deps: raw-body@2.4.3
- deps: cookie@0.4.2
- deps: qs@6.9.7
- Fix handling of
__proto__
keys
- Fix handling of
- pref: remove unnecessary regexp for trust proxy
5.0.0-beta.1
This is the first Express 5.0 beta release, based off 4.17.2 and includes
changes from 5.0.0-alpha.8.
- change:
- Default "query parser" setting to
'simple'
- Requires Node.js 4+
- Use
mime-types
for file to content type mapping
- Default "query parser" setting to
- deps: array-flatten@3.0.0
- deps: body-parser@2.0.0-beta.1
req.body
is no longer always initialized to{}
urlencoded
parser now defaultsextended
tofalse
- Use
on-finished
to determine when body read
- deps: router@2.0.0-beta.1
- Add new
?
,*
, and+
parameter modifiers - Internalize private
router.process_params
method - Matching group expressions are only RegExp syntax
- Named matching groups no longer available by position in
req.params
- Regular expressions can only be used in a matching group
- Remove
debug
dependency - Special
*
path segment behavior removed - deps: array-flatten@3.0.0
- deps: parseurl@~1.3.3
- deps: path-to-regexp@3.2.0
- deps: setprototypeof@1.2.0
- Add new
- deps: send@1.0.0-beta.1
- Change
dotfiles
option default to'ignore'
- Remove
hidden
option; usedotfiles
option instead - Use
mime-types
for file to content type mapping - deps: debug@3.1.0
- Change
- deps: serve-static@2.0.0-beta.1
- Change
dotfiles
option default to'ignore'
- Remove
hidden
option; usedotfiles
option instead - Use
mime-types
for file to content type mapping - deps: send@1.0.0-beta.1
- Change
4.17.2
- Fix handling of
undefined
inres.jsonp
- Fix handling of
undefined
when"json escape"
is enabled - Fix incorrect middleware execution with unanchored
RegExp
s - Fix
res.jsonp(obj, status)
deprecation message - Fix typo in
res.is
JSDoc - deps: body-parser@1.19.1
- deps: bytes@3.1.1
- deps: http-errors@1.8.1
- deps: qs@6.9.6
- deps: raw-body@2.4.2
- deps: safe-buffer@5.2.1
- deps: type-is@~1.6.18
- deps: content-disposition@0.5.4
- deps: safe-buffer@5.2.1
- deps: cookie@0.4.1
- Fix
maxAge
option to reject invalid values
- Fix
- deps: proxy-addr@~2.0.7
- Use
req.socket
over deprecatedreq.connection
- deps: forwarded@0.2.0
- deps: ipaddr.js@1.9.1
- Use
- deps: qs@6.9.6
- deps: safe-buffer@5.2.1
- deps: send@0.17.2
- deps: http-errors@1.8.1
- deps: ms@2.1.3
- pref: ignore empty http tokens
- deps: serve-static@1.14.2
- deps: send@0.17.2
- deps: setprototypeof@1.2.0
5.0.0-alpha.8
This is the sixth Express 5.0 alpha release, based off 4.17.1 and includes
changes from 5.0.0-alpha.7.
4.17.1
- Revert "Improve error message for
null
/undefined
tores.status
"
4.17.0
- Add
express.raw
to parse bodies intoBuffer
- Add
express.text
to parse bodies into string - Improve error message for non-strings to
res.sendFile
- Improve error message for
null
/undefined
tores.status
- Support multiple hosts in
X-Forwarded-Host
- deps: accepts@~1.3.7
- deps: body-parser@1.19.0
- Add encoding MIK
- Add petabyte (
pb
) support - Fix parsing array brackets after index
- deps: bytes@3.1.0
- deps: http-errors@1.7.2
- deps: iconv-lite@0.4.24
- deps: qs@6.7.0
- deps: raw-body@2.4.0
- deps: type-is@~1.6.17
- deps: content-disposition@0.5.3
- deps: cookie@0.4.0
- Add
SameSite=None
support
- Add
- deps: finalhandler@~1.1.2
- Set stricter
Content-Security-Policy
header - deps: parseurl@~1.3.3
- deps: statuses@~1.5.0
- Set stricter
- deps: parseurl@~1.3.3
- deps: proxy-addr@~2.0.5
- deps: ipaddr.js@1.9.0
- deps: qs@6.7.0
- Fix parsing array brackets after index
- deps: range-parser@~1.2.1
- deps: send@0.17.1
- Set stricter CSP header in redirect & error responses
- deps: http-errors@~1.7.2
- deps: mime@1.6.0
- deps: ms@2.1.1
- deps: range-parser@~1.2.1
- deps: statuses@~1.5.0
- perf: remove redundant
path.normalize
call
- deps: serve-static@1.14.1
- Set stricter CSP header in redirect response
- deps: parseurl@~1.3.3
- deps: send@0.17.1
- deps: setprototypeof@1.1.1
- deps: statuses@~1.5.0
- Add
103 Early Hints
- Add
- deps: type-is@~1.6.18
- deps: mime-types@~2.1.24
- perf: prevent internal
throw
on invalid type
5.0.0-alpha.7
This is the seventh Express 5.0 alpha release, based off 4.16.4 and includes
changes from 5.0.0-alpha.6.
The major change with this alpha is the basic support for returned, rejected
Promises in the router.
- remove:
path-to-regexp
dependency
- deps: debug@3.1.0
- Add
DEBUG_HIDE_DATE
environment variable - Change timer to per-namespace instead of global
- Change non-TTY date format
- Remove
DEBUG_FD
environment variable support - Support 256 namespace colors
- Add
- deps: router@2.0.0-alpha.1
- Add basic support for returned, rejected Promises
- Fix JSDoc for
Router
constructor - deps: debug@3.1.0
- deps: parseurl@~1.3.2
- deps: setprototypeof@1.1.0
- deps: utils-merge@1.0.1
4.16.4
- Fix issue where
"Request aborted"
may be logged inres.sendfile
- Fix JSDoc for
Router
constructor - deps: body-parser@1.18.3
- Fix deprecation warnings on Node.js 10+
- Fix stack trace for strict json parse error
- deps: depd@~1.1.2
- deps: http-errors@~1.6.3
- deps: iconv-lite@0.4.23
- deps: qs@6.5.2
- deps: raw-body@2.3.3
- deps: type-is@~1.6.16
- deps: proxy-addr@~2.0.4
- deps: ipaddr.js@1.8.0
- deps: qs@6.5.2
- deps: safe-buffer@5.1.2