Back to Explore

expressjs/express

GitHub
1 updates · last 90 days1 watchersOpen source

Last release: 3 weeks ago

Express is a fast, unopinionated, minimalist web framework for Node.js, useful for building HTTP servers, single page applications, websites, hybrid apps, and public HTTP APIs. It provides robust routing, high performance focus, HTTP helpers, and view support for 14+ template engines.

Project status

  • Express appears actively maintained, with a recent upstream push on 2026-06-02 and multiple recent updates in the v4 and v5 series.
  • The apparent update cadence is moderate, with a v4.22.2 update on 2026-05-11 and v5 updates clustering in 2025-12 (v5.2.0, then a quick follow up v5.2.1 on the same date).

AI summary generated Today

AI-generated from public sources. May be inaccurate. Report

Recent updates

  • v4.22.2

    3 weeks ago

    Express v4.22.2 primarily fixes query parsing so that repeated query keys (and related array notations) once again parse beyond 20 items, allowing up to 1000 elements. It also updates a few dependencies (notably qs and body-parser) and includes CI/test maintenance changes.

  • v4.22.1

    6 months ago

    Express v4.22.1 is a quick follow-up release that reverts part of the prior v4.22.0 behavior related to the extended query parser. The release notes state the earlier breaking change for CVE-2024-51999 was fully reverted, and the changelog/history entries reflect that this is a revert rather than a new fix.

    Breaking

  • v5.2.1

    6 months ago

    Express v5.2.1 reverts an earlier change from v5.2.0 that was described as a breaking modification related to the extended query parser. The release notes frame this as a revert of a security fix attempt tied to CVE-2024-51999 (rejected, no actual security vulnerability).

    Breaking

  • v5.2.0

    6 months ago

    v5.2.0 is primarily described as a security release (CVE-2024-51999) plus a handful of small refactors and CI/dependency updates. However, the code diff shows much larger internal rewrites around routing, request query parsing, and several response/request helper behaviors that are not reflected in the release notes.

    SecurityFeatures

  • 4.22.0

    6 months ago

    Express 4.22.0 includes a security fix for CVE-2024-51999 and several CI/testing updates, including adding newer Node versions to the test matrix. The code diff also shows changes to query parsing and a deprecation warning related to `res.location("back")` that are not described in the release notes.

    BreakingSecurity

  • v5.1.0

    3/31/2025

    Express v5.1.0 is a maintenance release with many internal refactors and CI/build updates, plus a couple of user-facing response features. The code diff also shows several deeper behavioral changes around routing and request parsing that are not covered in the release notes.

    SecurityFeatures

  • 4.21.2

    12/5/2024

    Express 4.21.2 mainly updates package metadata and bumps the path-to-regexp dependency to 0.1.12. The only functional code-related change indicated in the diff is the dependency upgrade, which can alter routing path handling behavior.

    Features

  • v5.0.1

    10/8/2024

    Express v5.0.1 is a maintenance release with no user-facing API changes called out in the notes. The notable developer-relevant update is a dependency lock adjustment for the `cookie` package to address a published CVE.

    Security

  • 4.21.1

    10/8/2024

    Release 4.21.1 is described as a security backport for CVE-2024-47764 applied to the 4.x branch. The actual diff is limited to updating the release metadata (History.md) and bumping the Express package version and a dependency.

    Security

  • 4.21.0

    9/11/2024

    Express 4.21.0 primarily deprecates the "back" magic string used for redirect-related behavior, and bumps a few internal dependencies (finalhandler, serve-static, and qs). The code change adds an explicit deprecation warning when handling res.location("back").