webpack/webpack-dev-server (webpack-dev-server)
### [`v2.2.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.2.0)
[Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.5...v2.2.0)
### First webpack-dev-server 2 release
Following the [webpack 2 release](https://togithub.com/webpack/webpack/releases/tag/v2.2.0).
It's equal to the last RC.
If you're curious about the highlights, read this [fancy Medium post](https://medium.com/webpack/whats-new-in-webpack-dev-server-2-0-a66848c3679#.chllx0i0m).
### [`v1.16.5`](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.4...v1.16.5)
[Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.4...v1.16.5)
### [`v1.16.4`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.16.4)
[Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.3...v1.16.4)
### Security fix:
This version contains a security fix, which is also breaking change if you have an insecure configuration.
We are releasing this breaking change as patch version to protect you from attacks.
Sorry if this breaks your setup, but the fix is easy.
We added a check for the correct `Host` header to the webpack-dev-server.
This allowed evil websites to access your assets.
The `Host` header of the request have to match the listening adress or the host provided in the `public` option.
Make sure to provide correct values here.
The response will contain a note when using an incorrect `Host` header.
For usage behind a Proxy or similar setups we also added a `disableHostCheck` option to disable this check.
Only use it when you know what you do. Not recommended.
This version also includes this security fix for webpack-dev-middleware: https://github.com/webpack/webpack-dev-middleware/releases/tag/v1.10.2
Note: This only affect the development server and middleware. webpack and built bundles are not affected.
Credits to Ed Morley from Mozilla for reporting the issue.
### Bugfixes:
- Requests are not blocked when `Host` doesn't match listening host or `public` option.
- Requests to `localhost` or `127.0.0.1` are not blocked.
### Features:
- Added `disableHostCheck` option to disable the host check
### [`v1.16.3`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.16.3)
[Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.2...v1.16.3)
Probably the last release in the v1.x range:
- Backport support for webpack config as a `Promise`.
### [`v1.16.2`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.16.2)
[Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.1...v1.16.2)
- Backport a few fixes from v2:
- Support for PFX files as SSL connection options ([#630](https://togithub.com/webpack/webpack-dev-server/issues/630)).
- Fix edge case where quickly refreshing the browser could result in the server crashing ([#637](https://togithub.com/webpack/webpack-dev-server/issues/637)).
- Webpack bundle assets were not loaded after using the proxy `bypass` feature ([#614](https://togithub.com/webpack/webpack-dev-server/issues/614)).
### [`v1.16.1`](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.0...v1.16.1)
[Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.0...v1.16.1)
### [`v1.16.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.16.0)
[Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.15.2...v1.16.0)
- Backport a few more fixes from v2:
- Add `clientLogLevel` (`--client-log-level` for CLI) option. It controls the log messages shown in the browser. Available levels are `error`, `warning`, `info` or `none` ([#579](https://togithub.com/webpack/webpack-dev-server/issues/579)).
- Limit websocket retries when the server can't be reached ([#589](https://togithub.com/webpack/webpack-dev-server/issues/589)).
### [`v1.15.2`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.15.2)
[Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.15.1...v1.15.2)
- Backport a few fixes from v2 ([#604](https://togithub.com/webpack/webpack-dev-server/issues/604)):
- Using https and manually including the client script resulted in a wrong url for the websocket.
- Manually including the client script didn't work resulted in a wrong url for the websocket in some cases.
- Compatibility with platforms that don't use a hostname (Electron / Ionic).
### [`v1.15.1`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.15.1)
[Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.15.0...v1.15.1)
- Fix the `bypass` config option for proxies ([#563](https://togithub.com/webpack/webpack-dev-server/issues/563)).
- Reverted a change that prevented clicks from registering in the iframe.
- Fix using `*` as a proxy wildcard.
- Avoid accessing `document` when using inline modus ([#577](https://togithub.com/webpack/webpack-dev-server/issues/577)).
### [`v1.15.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.15.0)
[Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.14.1...v1.15.0)
- Use http-proxy-middleware instead of http-proxy. This fixes compatibility with native web sockets ([#359](https://togithub.com/webpack/webpack-dev-server/issues/359)).
- Properly close the server, which fixes issues with the port not freeing up ([#357](https://togithub.com/webpack/webpack-dev-server/issues/357)).
- Add `--stdin` flag, to close the dev server on process exit ([#352](https://togithub.com/webpack/webpack-dev-server/issues/352)).
- Fix issues with incorrect socket urls ([#338](https://togithub.com/webpack/webpack-dev-server/issues/338), [#443](https://togithub.com/webpack/webpack-dev-server/issues/443), [#447](https://togithub.com/webpack/webpack-dev-server/issues/447)).
- Add `--open` flag to open a browser pointing to the server ([#329](https://togithub.com/webpack/webpack-dev-server/issues/329)).
- Add `--public` flag to override the url used for connecting to the web socket ([#368](https://togithub.com/webpack/webpack-dev-server/issues/368)).
- Allow array for `options.contentBase`, so multiple sources are allowed ([#374](https://togithub.com/webpack/webpack-dev-server/issues/374)).
- Add `options.staticOptions` to allow passing through Express static options ([#385](https://togithub.com/webpack/webpack-dev-server/issues/385)).
- Update self-signed certs ([#436](https://togithub.com/webpack/webpack-dev-server/issues/436)).
- Don't reload the app upon proxy errors ([#478](https://togithub.com/webpack/webpack-dev-server/issues/478)).
- Allow running dev-server behind https proxy ([#470](https://togithub.com/webpack/webpack-dev-server/issues/470)).
- Set headers on all requests to support e.g. CORS ([#499](https://togithub.com/webpack/webpack-dev-server/issues/499)).
- Fix `--cacert` flag not doing anything ([#532](https://togithub.com/webpack/webpack-dev-server/issues/532)).
- Allow using Express middleware ([#537](https://togithub.com/webpack/webpack-dev-server/issues/537)).
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
^1.14.1->^2.2.0By merging this PR, the issue #3 will be automatically resolved and closed:
Release Notes
webpack/webpack-dev-server (webpack-dev-server)
### [`v2.2.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.2.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.5...v2.2.0) ### First webpack-dev-server 2 release Following the [webpack 2 release](https://togithub.com/webpack/webpack/releases/tag/v2.2.0). It's equal to the last RC. If you're curious about the highlights, read this [fancy Medium post](https://medium.com/webpack/whats-new-in-webpack-dev-server-2-0-a66848c3679#.chllx0i0m). ### [`v1.16.5`](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.4...v1.16.5) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.4...v1.16.5) ### [`v1.16.4`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.16.4) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.3...v1.16.4) ### Security fix: This version contains a security fix, which is also breaking change if you have an insecure configuration. We are releasing this breaking change as patch version to protect you from attacks. Sorry if this breaks your setup, but the fix is easy. We added a check for the correct `Host` header to the webpack-dev-server. This allowed evil websites to access your assets. The `Host` header of the request have to match the listening adress or the host provided in the `public` option. Make sure to provide correct values here. The response will contain a note when using an incorrect `Host` header. For usage behind a Proxy or similar setups we also added a `disableHostCheck` option to disable this check. Only use it when you know what you do. Not recommended. This version also includes this security fix for webpack-dev-middleware: https://github.com/webpack/webpack-dev-middleware/releases/tag/v1.10.2 Note: This only affect the development server and middleware. webpack and built bundles are not affected. Credits to Ed Morley from Mozilla for reporting the issue. ### Bugfixes: - Requests are not blocked when `Host` doesn't match listening host or `public` option. - Requests to `localhost` or `127.0.0.1` are not blocked. ### Features: - Added `disableHostCheck` option to disable the host check ### [`v1.16.3`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.16.3) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.2...v1.16.3) Probably the last release in the v1.x range: - Backport support for webpack config as a `Promise`. ### [`v1.16.2`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.16.2) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.1...v1.16.2) - Backport a few fixes from v2: - Support for PFX files as SSL connection options ([#630](https://togithub.com/webpack/webpack-dev-server/issues/630)). - Fix edge case where quickly refreshing the browser could result in the server crashing ([#637](https://togithub.com/webpack/webpack-dev-server/issues/637)). - Webpack bundle assets were not loaded after using the proxy `bypass` feature ([#614](https://togithub.com/webpack/webpack-dev-server/issues/614)). ### [`v1.16.1`](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.0...v1.16.1) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.0...v1.16.1) ### [`v1.16.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.16.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.15.2...v1.16.0) - Backport a few more fixes from v2: - Add `clientLogLevel` (`--client-log-level` for CLI) option. It controls the log messages shown in the browser. Available levels are `error`, `warning`, `info` or `none` ([#579](https://togithub.com/webpack/webpack-dev-server/issues/579)). - Limit websocket retries when the server can't be reached ([#589](https://togithub.com/webpack/webpack-dev-server/issues/589)). ### [`v1.15.2`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.15.2) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.15.1...v1.15.2) - Backport a few fixes from v2 ([#604](https://togithub.com/webpack/webpack-dev-server/issues/604)): - Using https and manually including the client script resulted in a wrong url for the websocket. - Manually including the client script didn't work resulted in a wrong url for the websocket in some cases. - Compatibility with platforms that don't use a hostname (Electron / Ionic). ### [`v1.15.1`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.15.1) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.15.0...v1.15.1) - Fix the `bypass` config option for proxies ([#563](https://togithub.com/webpack/webpack-dev-server/issues/563)). - Reverted a change that prevented clicks from registering in the iframe. - Fix using `*` as a proxy wildcard. - Avoid accessing `document` when using inline modus ([#577](https://togithub.com/webpack/webpack-dev-server/issues/577)). ### [`v1.15.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.15.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.14.1...v1.15.0) - Use http-proxy-middleware instead of http-proxy. This fixes compatibility with native web sockets ([#359](https://togithub.com/webpack/webpack-dev-server/issues/359)). - Properly close the server, which fixes issues with the port not freeing up ([#357](https://togithub.com/webpack/webpack-dev-server/issues/357)). - Add `--stdin` flag, to close the dev server on process exit ([#352](https://togithub.com/webpack/webpack-dev-server/issues/352)). - Fix issues with incorrect socket urls ([#338](https://togithub.com/webpack/webpack-dev-server/issues/338), [#443](https://togithub.com/webpack/webpack-dev-server/issues/443), [#447](https://togithub.com/webpack/webpack-dev-server/issues/447)). - Add `--open` flag to open a browser pointing to the server ([#329](https://togithub.com/webpack/webpack-dev-server/issues/329)). - Add `--public` flag to override the url used for connecting to the web socket ([#368](https://togithub.com/webpack/webpack-dev-server/issues/368)). - Allow array for `options.contentBase`, so multiple sources are allowed ([#374](https://togithub.com/webpack/webpack-dev-server/issues/374)). - Add `options.staticOptions` to allow passing through Express static options ([#385](https://togithub.com/webpack/webpack-dev-server/issues/385)). - Update self-signed certs ([#436](https://togithub.com/webpack/webpack-dev-server/issues/436)). - Don't reload the app upon proxy errors ([#478](https://togithub.com/webpack/webpack-dev-server/issues/478)). - Allow running dev-server behind https proxy ([#470](https://togithub.com/webpack/webpack-dev-server/issues/470)). - Set headers on all requests to support e.g. CORS ([#499](https://togithub.com/webpack/webpack-dev-server/issues/499)). - Fix `--cacert` flag not doing anything ([#532](https://togithub.com/webpack/webpack-dev-server/issues/532)). - Allow using Express middleware ([#537](https://togithub.com/webpack/webpack-dev-server/issues/537)).