Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions HISTORY.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
2.3.0 / 2026-06-15
========================

* Security fix for [GHSA-v422-hmwv-36x6](https://github.com/expressjs/body-parser/security/advisories/GHSA-v422-hmwv-36x6)
* fix: use static exports instead of lazy getters to improve ESM compatibility
* feat: add subpath exports for individual parsers
* fix: improve `limit` option validation (#698)
Expand Down Expand Up @@ -108,6 +109,20 @@ This incorporates all changes after 1.19.1 up to 1.20.2.
* `urlencoded` parser now defaults `extended` to `false`
* Use `on-finished` to determine when body read

1.20.6 / 2026-07-09
Comment thread
Phillip9587 marked this conversation as resolved.
===================
* Security fix for [GHSA-v422-hmwv-36x6](https://github.com/expressjs/body-parser/security/advisories/GHSA-v422-hmwv-36x6)
* fix: improve `limit` option validation (#698)
* Invalid `limit` values (e.g. unparseable strings or `NaN`) now throw instead of being silently ignored, which previously disabled size limit enforcement
* `null` and `undefined` fall back to the default 100kb limit

1.20.5 / 2026-04-24
===================
* refactor(json): simplify strict mode error string construction
* fix: extended urlencoded parsing of arrays with >100 elements (#716)
* deps: qs@~6.15.1
*

1.20.4 / 2025-12-01
===================

Expand Down