- deps: encodeurl@~2.0.0
- deps: send@0.19.0
- Remove link renderization in html while redirecting
- deps: send@0.18.0
- Fix emitted 416 error missing headers property
- Limit the headers removed for 304 response
- deps: depd@2.0.0
- deps: destroy@1.2.0
- deps: http-errors@2.0.0
- deps: on-finished@2.4.1
- deps: statuses@2.0.1
- deps: send@0.17.2
- deps: http-errors@1.8.1
- deps: ms@2.1.3
- pref: ignore empty http tokens
- Set stricter CSP header in redirect response
- deps: send@0.17.1
- deps: range-parser@~1.2.1
- deps: parseurl@~1.3.3
- deps: send@0.17.0
- deps: http-errors@~1.7.2
- deps: mime@1.6.0
- deps: ms@2.1.1
- deps: statuses@~1.5.0
- perf: remove redundant
path.normalize
call
- Fix incorrect end tag in redirects
- deps: encodeurl@~1.0.2
- Fix encoding
%
as last character
- Fix encoding
- deps: send@0.16.2
- deps: depd@~1.1.2
- deps: encodeurl@~1.0.2
- deps: statuses@~1.4.0
- Fix regression when
root
is incorrectly set to a file - deps: send@0.16.1
- deps: send@0.16.0
- Add 70 new types for file extensions
- Add
immutable
option - Fix missing
</html>
in default error & redirects - Set charset as "UTF-8" for .js and .json
- Use instance methods on steam to check for listeners
- deps: mime@1.4.1
- perf: improve path validation speed
- deps: send@0.15.6
- deps: debug@2.6.9
- perf: improve
If-Match
token parsing
- perf: improve slash collapsing
- deps: parseurl@~1.3.2
- perf: reduce overhead for full URLs
- perf: unroll the "fast-path"
RegExp
- deps: send@0.15.5
- Fix handling of modified headers with invalid dates
- deps: etag@~1.8.1
- deps: fresh@0.5.2
- deps: send@0.15.4
- deps: debug@2.6.8
- deps: depd@~1.1.1
- deps: http-errors@~1.6.2
- deps: send@0.15.3
- deps: debug@2.6.7
- deps: send@0.15.2
- deps: debug@2.6.4
- deps: send@0.15.1
- Fix issue when
Date.parse
does not returnNaN
on invalid date - Fix strict violation in broken environments
- Fix issue when
- Send complete HTML document in redirect response
- Set default CSP header in redirect response
- deps: send@0.15.0
- Fix false detection of
no-cache
request directive - Fix incorrect result when
If-None-Match
has both*
and ETags - Fix weak
ETag
matching to match spec - Remove usage of
res._headers
private field - Support
If-Match
andIf-Unmodified-Since
headers - Use
res.getHeaderNames()
when available - Use
res.headersSent
when available - deps: debug@2.6.1
- deps: etag@~1.8.0
- deps: fresh@0.5.0
- deps: http-errors@~1.6.1
- Fix false detection of
- deps: send@0.14.2
- deps: http-errors@~1.5.1
- deps: ms@0.7.2
- deps: statuses@~1.3.1
- Fix redirect error when
req.url
contains raw non-URL characters - deps: send@0.14.1
- Use status code 301 for redirects
- deps: send@0.14.0
- Add
acceptRanges
option - Add
cacheControl
option - Attempt to combine multiple ranges into single range
- Correctly inherit from
Stream
class - Fix
Content-Range
header in 416 responses when usingstart
/end
options - Fix
Content-Range
header missing from default 416 responses - Ignore non-byte
Range
headers - deps: http-errors@~1.5.0
- deps: range-parser@~1.2.0
- deps: statuses@~1.3.0
- perf: remove argument reassignment
- Add
- deps: send@0.13.2
- Fix invalid
Content-Type
header whensend.mime.default_type
unset
- Fix invalid
- deps: parseurl@~1.3.1
- perf: enable strict mode
- deps: escape-html@~1.0.3
- perf: enable strict mode
- perf: optimize string replacement
- perf: use faster string coercion
- deps: send@0.13.1
- deps: depd@~1.1.0
- deps: destroy@~1.0.4
- deps: escape-html@~1.0.3
- deps: range-parser@~1.0.3
- Add
fallthrough
option- Allows declaring this middleware is the final destination
- Provides better integration with Express patterns
- Fix reading options from options prototype
- Improve the default redirect response headers
- deps: escape-html@1.0.2
- deps: send@0.13.0
- Allow Node.js HTTP server to set
Date
response header - Fix incorrectly removing
Content-Location
on 304 response - Improve the default redirect response headers
- Send appropriate headers on default error response
- Use
http-errors
for standard emitted errors - Use
statuses
instead ofhttp
module for status messages - deps: escape-html@1.0.2
- deps: etag@~1.7.0
- deps: fresh@0.3.0
- deps: on-finished@~2.3.0
- perf: enable strict mode
- perf: remove unnecessary array allocations
- Allow Node.js HTTP server to set
- perf: enable strict mode
- perf: remove argument reassignment
- deps: send@0.12.3
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: etag@~1.6.0
- deps: ms@0.7.1
- deps: on-finished@~2.2.1
- deps: send@0.12.2
- Throw errors early for invalid
extensions
orindex
options - deps: debug@~2.1.3
- Throw errors early for invalid
- deps: send@0.12.1
- Fix regression sending zero-length files
- deps: send@0.12.0
- Always read the stat size from the file
- Fix mutating passed-in
options
- deps: mime@1.3.4
- Fix redirect loop in Node.js 0.11.14
- deps: send@0.11.1
- Fix root path disclosure
- deps: send@0.11.0
- deps: debug@~2.1.1
- deps: etag@~1.5.1
- deps: ms@0.7.0
- deps: on-finished@~2.2.0
- Fix potential open redirect when mounted at root
- deps: send@0.10.1
- deps: on-finished@~2.1.1
- deps: send@0.10.0
- deps: debug@~2.1.0
- deps: depd@~1.0.0
- deps: etag@~1.5.0
- Fix potential open redirect when mounted at root
- Back-ported from v1.7.2
- Fix redirect loop when index file serving disabled
- deps: send@0.9.3
- deps: etag@~1.4.0
- deps: send@0.9.2
- deps: depd@0.4.5
- deps: etag@~1.3.1
- deps: range-parser@~1.0.2
- deps: send@0.9.1
- deps: fresh@0.2.4
- deps: send@0.9.0
- Add
lastModified
option - Use
etag
to generateETag
header - deps: debug@~2.0.0
- Add
- deps: send@0.8.5
- Fix a path traversal issue when using
root
- Fix malicious path detection for empty string path
- Fix a path traversal issue when using
- deps: send@0.8.3
- deps: send@0.8.2
- Work around
fd
leak in Node.js 0.10 forfs.ReadStream
- Work around
- Fix parsing of weird
req.originalUrl
values - deps: parseurl@~1.3.0
- deps: utils-merge@1.0.0
- deps: send@0.8.1
- Add
extensions
option
- Add
- deps: send@0.7.4
- Fix serving index files without root dir
- deps: send@0.7.3
- Fix incorrect 403 on Windows and Node.js 0.11
- deps: send@0.7.2
- deps: depd@0.4.4
- deps: send@0.7.1
- deps: depd@0.4.3
- deps: parseurl@~1.2.0
- Cache URLs based on original value
- Remove no-longer-needed URL mis-parse work-around
- Simplify the "fast-path"
RegExp
- deps: send@0.7.0
- Add
dotfiles
option - deps: debug@1.0.4
- deps: depd@0.4.2
- Add
- deps: send@0.6.0
- Cap
maxAge
value to 1 year - deps: debug@1.0.3
- Cap
- deps: parseurl@~1.1.3
- faster parsing of href-only URLs
- Add
setHeaders
option - Include HTML link in redirect response
- deps: send@0.5.0
- Accept string for
maxAge
(converted byms
)
- Accept string for
- deps: send@0.4.3
- Do not throw un-catchable error on file open race condition
- Use
escape-html
for HTML escaping - deps: debug@1.0.2
- deps: finished@1.2.2
- deps: fresh@0.2.2
- deps: send@0.4.2
- fix "event emitter leak" warnings
- deps: debug@1.0.1
- deps: finished@1.2.1
- use
escape-html
for escaping - deps: send@0.4.1
- Send
max-age
inCache-Control
in correct format
- Send
- deps: send@0.4.0
- Calculate ETag with md5 for reduced collisions
- Fix wrong behavior when index file matches directory
- Ignore stream errors after request ends
- Skip directories in index file search
- deps: debug@0.8.1
- Accept options directly to
send
module - deps: send@0.3.0
- Resolve relative paths at middleware setup
- Use parseurl to parse the URL from request
- Do not rely on connect-like environments
- deps: send@0.2.0
- Add mime export for back-compat
- Genesis from
connect