HISTORY

0.17.1 / 2019-05-10

• Set stricter CSP header in redirect & error responses

• deps: range-parser@~1.2.1

0.17.0 / 2019-05-03

• deps: http-errors@~1.7.2

  • Set constructor name when possible

  • Use toidentifier module to make class names

  • deps: depd@~1.1.2

  • deps: setprototypeof@1.1.1

  • deps: statuses@'>= 1.5.0 < 2'

• deps: mime@1.6.0

  • Add extensions for JPEG-2000 images

  • Add new font/* types from IANA

  • Add WASM mapping

  • Update .bdoc to application/bdoc

  • Update .bmp to image/bmp

  • Update .m4a to audio/mp4

  • Update .rtf to application/rtf

  • Update .wav to audio/wav

  • Update .xml to application/xml

  • Update generic extensions to application/octet-stream: .deb, .dll, .dmg, .exe, .iso, .msi

  • Use mime-score module to resolve extension conflicts

• deps: ms@2.1.1

  • Add week/w support

  • Fix negative number handling

• deps: statuses@~1.5.0

• perf: remove redundant path.normalize call

0.16.2 / 2018-02-07

• Fix incorrect end tag in default error & redirects

• deps: depd@~1.1.2

  • perf: remove argument reassignment

• deps: encodeurl@~1.0.2

  • Fix encoding % as last character

• deps: statuses@~1.4.0

0.16.1 / 2017-09-29

• Fix regression in edge-case behavior for empty path

0.16.0 / 2017-09-27

• Add immutable option

• Fix missing </html> in default error & redirects

• Use instance methods on steam to check for listeners

• deps: mime@1.4.1

  • Add 70 new types for file extensions

  • Set charset as "UTF-8" for .js and .json

• perf: improve path validation speed

0.15.6 / 2017-09-22

• deps: debug@2.6.9

• perf: improve If-Match token parsing

0.15.5 / 2017-09-20

• deps: etag@~1.8.1

  • perf: replace regular expression with substring

• deps: fresh@0.5.2

  • Fix handling of modified headers with invalid dates

  • perf: improve ETag match loop

  • perf: improve If-None-Match token parsing

0.15.4 / 2017-08-05

• deps: debug@2.6.8

• deps: depd@~1.1.1

  • Remove unnecessary Buffer loading

• deps: http-errors@~1.6.2

  • deps: depd@1.1.1

0.15.3 / 2017-05-16

• deps: debug@2.6.7

  • deps: ms@2.0.0

• deps: ms@2.0.0

0.15.2 / 2017-04-26

• deps: debug@2.6.4

  • Fix DEBUG_MAX_ARRAY_LENGTH

  • deps: ms@0.7.3

• deps: ms@1.0.0

0.15.1 / 2017-03-04

• Fix issue when Date.parse does not return NaN on invalid date

• Fix strict violation in broken environments

0.15.0 / 2017-02-25

• Support If-Match and If-Unmodified-Since headers

• Add res and path arguments to directory event

• Remove usage of res._headers private field

  • Improves compatibility with Node.js 8 nightly

• Send complete HTML document in redirect & error responses

• Set default CSP header in redirect & error responses

• Use res.getHeaderNames() when available

• Use res.headersSent when available

• deps: debug@2.6.1

  • Allow colors in workers

  • Deprecated DEBUG_FD environment variable set to 3 or higher

  • Fix error when running under React Native

  • Use same color for same namespace

  • deps: ms@0.7.2

• deps: etag@~1.8.0

• deps: fresh@0.5.0

  • Fix false detection of no-cache request directive

  • Fix incorrect result when If-None-Match has both * and ETags

  • Fix weak ETag matching to match spec

  • perf: delay reading header values until needed

  • perf: enable strict mode

  • perf: hoist regular expressions

  • perf: remove duplicate conditional

  • perf: remove unnecessary boolean coercions

  • perf: skip checking modified time if ETag check failed

  • perf: skip parsing If-None-Match when no ETag header

  • perf: use Date.parse instead of new Date

• deps: http-errors@~1.6.1

  • Make message property enumerable for HttpErrors

  • deps: setprototypeof@1.0.3

0.14.2 / 2017-01-23

• deps: http-errors@~1.5.1

  • deps: inherits@2.0.3

  • deps: setprototypeof@1.0.2

  • deps: statuses@'>= 1.3.1 < 2'

• deps: ms@0.7.2

• deps: statuses@~1.3.1

0.14.1 / 2016-06-09

• Fix redirect error when path contains raw non-URL characters

• Fix redirect when path starts with multiple forward slashes

0.14.0 / 2016-06-06

• Add acceptRanges option

• Add cacheControl option

• Attempt to combine multiple ranges into single range

• Correctly inherit from Stream class

• Fix Content-Range header in 416 responses when using start/end options

• Fix Content-Range header missing from default 416 responses

• Ignore non-byte Range headers

• deps: http-errors@~1.5.0

  • Add HttpError export, for err instanceof createError.HttpError

  • Support new code 421 Misdirected Request

  • Use setprototypeof module to replace __proto__ setting

  • deps: inherits@2.0.1

  • deps: statuses@'>= 1.3.0 < 2'

  • perf: enable strict mode

• deps: range-parser@~1.2.0

  • Fix incorrectly returning -1 when there is at least one valid range

  • perf: remove internal function

• deps: statuses@~1.3.0

  • Add 421 Misdirected Request

  • perf: enable strict mode

• perf: remove argument reassignment

0.13.2 / 2016-03-05

• Fix invalid Content-Type header when send.mime.default_type unset

0.13.1 / 2016-01-16

• deps: depd@~1.1.0

  • Support web browser loading

  • perf: enable strict mode

• deps: destroy@~1.0.4

  • perf: enable strict mode

• deps: escape-html@~1.0.3

  • perf: enable strict mode

  • perf: optimize string replacement

  • perf: use faster string coercion

• deps: range-parser@~1.0.3

  • perf: enable strict mode

0.13.0 / 2015-06-16

• Allow Node.js HTTP server to set Date response header

• Fix incorrectly removing Content-Location on 304 response

• Improve the default redirect response headers

• Send appropriate headers on default error response

• Use http-errors for standard emitted errors

• Use statuses instead of http module for status messages

• deps: escape-html@1.0.2

• deps: etag@~1.7.0

  • Improve stat performance by removing hashing

• deps: fresh@0.3.0

  • Add weak ETag matching support

• deps: on-finished@~2.3.0

  • Add defined behavior for HTTP CONNECT requests

  • Add defined behavior for HTTP Upgrade requests

  • deps: ee-first@1.1.1

• perf: enable strict mode

• perf: remove unnecessary array allocations

0.12.3 / 2015-05-13

• deps: debug@~2.2.0

  • deps: ms@0.7.1

• deps: depd@~1.0.1

• deps: etag@~1.6.0

• Improve support for JXcore

• Support "fake" stats objects in environments without fs

• deps: ms@0.7.1

  • Prevent extraordinarily long inputs

• deps: on-finished@~2.2.1

0.12.2 / 2015-03-13

• Throw errors early for invalid extensions or index options

• deps: debug@~2.1.3

  • Fix high intensity foreground color for bold

  • deps: ms@0.7.0

0.12.1 / 2015-02-17

• Fix regression sending zero-length files

0.12.0 / 2015-02-16

• Always read the stat size from the file

• Fix mutating passed-in options

• deps: mime@1.3.4

0.11.1 / 2015-01-20

• Fix root path disclosure

0.11.0 / 2015-01-05

• deps: debug@~2.1.1

• deps: etag@~1.5.1

  • deps: crc@3.2.1

• deps: ms@0.7.0

  • Add milliseconds

  • Add msecs

  • Add secs

  • Add mins

  • Add hrs

  • Add yrs

• deps: on-finished@~2.2.0

0.10.1 / 2014-10-22

• deps: on-finished@~2.1.1

  • Fix handling of pipelined requests

0.10.0 / 2014-10-15

• deps: debug@~2.1.0

  • Implement DEBUG_FD env variable support

• deps: depd@~1.0.0

• deps: etag@~1.5.0

  • Improve string performance

  • Slightly improve speed for weak ETags over 1KB

0.9.3 / 2014-09-24

• deps: etag@~1.4.0

  • Support "fake" stats objects

0.9.2 / 2014-09-15

• deps: depd@0.4.5

• deps: etag@~1.3.1

• deps: range-parser@~1.0.2

0.9.1 / 2014-09-07

• deps: fresh@0.2.4

0.9.0 / 2014-09-07

• Add lastModified option

• Use etag to generate ETag header

• deps: debug@~2.0.0

0.8.5 / 2014-09-04

• Fix malicious path detection for empty string path

0.8.4 / 2014-09-04

• Fix a path traversal issue when using root

0.8.3 / 2014-08-16

• deps: destroy@1.0.3

  • renamed from dethroy

• deps: on-finished@2.1.0

0.8.2 / 2014-08-14

• Work around fd leak in Node.js 0.10 for fs.ReadStream

• deps: dethroy@1.0.2

0.8.1 / 2014-08-05

• Fix extensions behavior when file already has extension

0.8.0 / 2014-08-05

• Add extensions option

0.7.4 / 2014-08-04

• Fix serving index files without root dir

0.7.3 / 2014-07-29

• Fix incorrect 403 on Windows and Node.js 0.11

0.7.2 / 2014-07-27

• deps: depd@0.4.4

  • Work-around v8 generating empty stack traces

0.7.1 / 2014-07-26

• deps: depd@0.4.3

  • Fix exception when global Error.stackTraceLimit is too low

0.7.0 / 2014-07-20

• Deprecate hidden option; use dotfiles option

• Add dotfiles option

• deps: debug@1.0.4

• deps: depd@0.4.2

  • Add TRACE_DEPRECATION environment variable

  • Remove non-standard grey color from color output

  • Support --no-deprecation argument

  • Support --trace-deprecation argument

0.6.0 / 2014-07-11

• Deprecate from option; use root option

• Deprecate send.etag() -- use etag in options

• Deprecate send.hidden() -- use hidden in options

• Deprecate send.index() -- use index in options

• Deprecate send.maxage() -- use maxAge in options

• Deprecate send.root() -- use root in options

• Cap maxAge value to 1 year

• deps: debug@1.0.3

  • Add support for multiple wildcards in namespaces

0.5.0 / 2014-06-28

• Accept string for maxAge (converted by ms)

• Add headers event

• Include link in default redirect response

• Use EventEmitter.listenerCount to count listeners

0.4.3 / 2014-06-11

• Do not throw un-catchable error on file open race condition

• Use escape-html for HTML escaping

• deps: debug@1.0.2

  • fix some debugging output colors on node.js 0.8

• deps: finished@1.2.2

• deps: fresh@0.2.2

0.4.2 / 2014-06-09

• fix "event emitter leak" warnings

• deps: debug@1.0.1

• deps: finished@1.2.1

0.4.1 / 2014-06-02

• Send max-age in Cache-Control in correct format

0.4.0 / 2014-05-27

• Calculate ETag with md5 for reduced collisions

• Fix wrong behavior when index file matches directory

• Ignore stream errors after request ends

  • Goodbye EBADF, read

• Skip directories in index file search

• deps: debug@0.8.1

0.3.0 / 2014-04-24

• Fix sending files with dots without root set

• Coerce option types

• Accept API options in options object

• Set etags to "weak"

• Include file path in etag

• Make "Can't set headers after they are sent." catchable

• Send full entity-body for multi range requests

• Default directory access to 403 when index disabled

• Support multiple index paths

• Support "If-Range" header

• Control whether to generate etags

• deps: mime@1.2.11

0.2.0 / 2014-01-29

• update range-parser and fresh

0.1.4 / 2013-08-11

• update fresh

0.1.3 / 2013-07-08

• Revert "Fix fd leak"

0.1.2 / 2013-07-03

• Fix fd leak

0.1.0 / 2012-08-25

• add options parameter to send() that is passed to fs.createReadStream() [kanongil]

0.0.4 / 2012-08-16

• allow custom "Accept-Ranges" definition

0.0.3 / 2012-07-16

• fix normalization of the root directory. Closes #3

0.0.2 / 2012-07-09

• add passing of req explicitly for now (YUCK)

0.0.1 / 2010-01-03

• Initial release