Skip to content

docs: include security fix in 2.3.0 changes#748

Open
UlisesGascon wants to merge 1 commit into
masterfrom
UlisesGascon-patch-1
Open

docs: include security fix in 2.3.0 changes#748
UlisesGascon wants to merge 1 commit into
masterfrom
UlisesGascon-patch-1

Conversation

@UlisesGascon

Copy link
Copy Markdown
Member

@Phillip9587 Phillip9587 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should integrade 1.x versions into main changelog

Comment thread HISTORY.md
- it is left `undefined` unless a body is parsed
* `urlencoded` parser now defaults `extended` to `false`
* Use `on-finished` to determine when body read

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
1.20.6 / 2026-07-09
===================
* Security fix for [GHSA-v422-hmwv-36x6](https://github.com/expressjs/body-parser/security/advisories/GHSA-v422-hmwv-36x6)
* fix: improve `limit` option validation (#698)
* Invalid `limit` values (e.g. unparseable strings or `NaN`) now throw instead of being silently ignored, which previously disabled size limit enforcement
* `null` and `undefined` fall back to the default 100kb limit
1.20.5 / 2026-04-24
===================
* refactor(json): simplify strict mode error string construction
* fix: extended urlencoded parsing of arrays with >100 elements (#716)
* deps: qs@~6.15.1
*

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my opinion, no. It just adds maintenance burden by having to keep both histories in sync. I was actually thinking about removing the v1 changelog altogether and replacing it with a link to the v1 branch and its history.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants