Release Change Log

4.15.3 - Release date: 2017-05-16

The 4.15.3 patch release including some minor bug fixes:

• Fix error when res.set cannot add charset to Content-Type.

• Fix missing </html> in HTML document.

For a complete list of changes in this release, see History.md.

4.15.2 - Release date: 2017-03-06

The 4.15.2 patch release including a minor bug fix:

• Fix regression parsing keys starting with [ in the extended (default) query parser.

For a complete list of changes in this release, see History.md.

4.15.1 - Release date: 2017-03-05

The 4.15.1 patch release including a minor bug fix:

• Fix compatibility issue when using the datejs 1.x library where the express.static() middleware and res.sendFile() method would incorrectly respond with 412 Precondition Failed.

For a complete list of changes in this release, see History.md.

4.15.0 - Release date: 2017-03-01

The 4.15.0 minor release includes bug fixes, performance improvements, and other minor feature additions, including:

• Starting with this version, Express supports Node.js 7.x.

• The express.static() middleware and res.sendFile() method now support the If-Match and If-Unmodified-Since request headers.

• Update to jshttp/etag module to generate the default ETags for responses which work when Node.js has FIPS-compliant crypto enabled.

• Various auto-generated HTML responses like the default not found and error handlers will respond with complete HTML 5 documents and additional security headers.

For a complete list of changes in this release, see History.md.

4.14.1 - Release date: 2017-01-28

The 4.14.1 patch release includes bug fixes and performance improvements, including:

• Update to pillarjs/finalhandler module fixes an exception when Express handles an Error object which has a headers property that is not an object.

For a complete list of changes in this release, see History.md.

4.14.0 - Release date: 2016-06-16

The 4.14.0 minor release includes bug fixes, security update, performance improvements, and other minor feature additions, including:

• Starting with this version, Express supports Node.js 6.x.

• Update to jshttp/negotiator module fixes a regular expression denial of service vulnerability.

• The res.sendFile() method now accepts two new options: acceptRanges and cacheControl.

  • acceptRanges (defaut is true), enables or disables accepting ranged requests. When disabled, the response does not send the Accept-Ranges header and ignores the contents of the Range request header.

  • cacheControl, (default is true), enables or disables the Cache-Control response header. Disabling it will ignore the maxAge option.

  • res.sendFile has also been updated to handle Range header and redirections better.

• The res.location() method and res.redirect() method will now URL-encode the URL string, if it is not already encoded.

• The performance of the res.json() method and res.jsonp() method have been improved in the common cases.

• The jshttp/cookie module (in addition to a number of other improvements) has been updated and now the res.cookie() method supports the sameSite option to let you specify the SameSite cookie attribute.

  Note

  This attribute has not yet been fully standardized, may change in the future, and many clients may ignore it.

  The possible value for the sameSite option are:

  • true, which sets the SameSite attribute to Strict for strict same site enforcement.
  • false, which does not set the SameSite attribute.
  • 'lax', which sets the SameSite attribute to Lax for lax same site enforcement.
  • 'strict', which sets the SameSite attribute to Strict for strict same site enforcement.

• Absolute path checking on Windows, which was incorrect for some cases, has been fixed.

• IP address resolution with proxies has been greatly improved.

• The req.range() method options object now supports a combine option (false by default), which when true, combines overlapping and adjacent ranges and returns them as if they were specified that way in the header.

For a complete list of changes in this release, see History.md.