4 * Fix incorrect end tag in redirects
5 * deps: encodeurl@~1.0.2
6 - Fix encoding `%` as last character
9 - deps: encodeurl@~1.0.2
10 - deps: statuses@~1.4.0
15 * Fix regression when `root` is incorrectly set to a file
22 - Add 70 new types for file extensions
23 - Add `immutable` option
24 - Fix missing `</html>` in default error & redirects
25 - Set charset as "UTF-8" for .js and .json
26 - Use instance methods on steam to check for listeners
28 - perf: improve path validation speed
35 - perf: improve `If-Match` token parsing
36 * perf: improve slash collapsing
41 * deps: parseurl@~1.3.2
42 - perf: reduce overhead for full URLs
43 - perf: unroll the "fast-path" `RegExp`
45 - Fix handling of modified headers with invalid dates
55 - deps: http-errors@~1.6.2
73 - Fix issue when `Date.parse` does not return `NaN` on invalid date
74 - Fix strict violation in broken environments
79 * Send complete HTML document in redirect response
80 * Set default CSP header in redirect response
82 - Fix false detection of `no-cache` request directive
83 - Fix incorrect result when `If-None-Match` has both `*` and ETags
84 - Fix weak `ETag` matching to match spec
85 - Remove usage of `res._headers` private field
86 - Support `If-Match` and `If-Unmodified-Since` headers
87 - Use `res.getHeaderNames()` when available
88 - Use `res.headersSent` when available
92 - deps: http-errors@~1.6.1
98 - deps: http-errors@~1.5.1
100 - deps: statuses@~1.3.1
105 * Fix redirect error when `req.url` contains raw non-URL characters
111 * Use status code 301 for redirects
113 - Add `acceptRanges` option
114 - Add `cacheControl` option
115 - Attempt to combine multiple ranges into single range
116 - Correctly inherit from `Stream` class
117 - Fix `Content-Range` header in 416 responses when using `start`/`end` options
118 - Fix `Content-Range` header missing from default 416 responses
119 - Ignore non-byte `Range` headers
120 - deps: http-errors@~1.5.0
121 - deps: range-parser@~1.2.0
122 - deps: statuses@~1.3.0
123 - perf: remove argument reassignment
129 - Fix invalid `Content-Type` header when `send.mime.default_type` unset
134 * deps: parseurl@~1.3.1
135 - perf: enable strict mode
140 * deps: escape-html@~1.0.3
141 - perf: enable strict mode
142 - perf: optimize string replacement
143 - perf: use faster string coercion
146 - deps: destroy@~1.0.4
147 - deps: escape-html@~1.0.3
148 - deps: range-parser@~1.0.3
153 * Add `fallthrough` option
154 - Allows declaring this middleware is the final destination
155 - Provides better integration with Express patterns
156 * Fix reading options from options prototype
157 * Improve the default redirect response headers
158 * deps: escape-html@1.0.2
160 - Allow Node.js HTTP server to set `Date` response header
161 - Fix incorrectly removing `Content-Location` on 304 response
162 - Improve the default redirect response headers
163 - Send appropriate headers on default error response
164 - Use `http-errors` for standard emitted errors
165 - Use `statuses` instead of `http` module for status messages
166 - deps: escape-html@1.0.2
169 - deps: on-finished@~2.3.0
170 - perf: enable strict mode
171 - perf: remove unnecessary array allocations
172 * perf: enable strict mode
173 * perf: remove argument reassignment
183 - deps: on-finished@~2.2.1
189 - Throw errors early for invalid `extensions` or `index` options
196 - Fix regression sending zero-length files
202 - Always read the stat size from the file
203 - Fix mutating passed-in `options`
209 * Fix redirect loop in Node.js 0.11.14
211 - Fix root path disclosure
220 - deps: on-finished@~2.2.0
225 * Fix potential open redirect when mounted at root
231 - deps: on-finished@~2.1.1
244 * Fix potential open redirect when mounted at root
245 - Back-ported from v1.7.2
250 * Fix redirect loop when index file serving disabled
264 - deps: range-parser@~1.0.2
276 - Add `lastModified` option
277 - Use `etag` to generate `ETag` header
284 - Fix a path traversal issue when using `root`
285 - Fix malicious path detection for empty string path
296 - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
301 * Fix parsing of weird `req.originalUrl` values
302 * deps: parseurl@~1.3.0
303 * deps: utils-merge@1.0.0
309 - Add `extensions` option
315 - Fix serving index files without root dir
321 - Fix incorrect 403 on Windows and Node.js 0.11
338 * deps: parseurl@~1.2.0
339 - Cache URLs based on original value
340 - Remove no-longer-needed URL mis-parse work-around
341 - Simplify the "fast-path" `RegExp`
343 - Add `dotfiles` option
351 - Cap `maxAge` value to 1 year
357 * deps: parseurl@~1.1.3
358 - faster parsing of href-only URLs
363 * Add `setHeaders` option
364 * Include HTML link in redirect response
366 - Accept string for `maxAge` (converted by `ms`)
372 - Do not throw un-catchable error on file open race condition
373 - Use `escape-html` for HTML escaping
375 - deps: finished@1.2.2
382 - fix "event emitter leak" warnings
384 - deps: finished@1.2.1
389 * use `escape-html` for escaping
391 - Send `max-age` in `Cache-Control` in correct format
397 - Calculate ETag with md5 for reduced collisions
398 - Fix wrong behavior when index file matches directory
399 - Ignore stream errors after request ends
400 - Skip directories in index file search
406 * Accept options directly to `send` module
412 * Resolve relative paths at middleware setup
413 * Use parseurl to parse the URL from request
418 * Do not rely on connect-like environments
428 * Add mime export for back-compat
433 * Genesis from `connect`