Meteor Changelog

v1.9, 2020-01-09

Breaking changes

• Because Node.js 12 no longer supports 32-bit Linux, Meteor 1.9 has alsodropped support for 32-bit Linux. In other words, Meteor 1.9 supports64-bit Mac, Windows, and Linux, as well as 32-bit Windows.

Migration Steps

N/A

Changes

• Node.js has been updated to version12.14.0, which includesseveral major Node.js versions since 8.17.0 (used by Meteor 1.8.3):

  • 12.0.0
  • 11.0.0
  • 10.0.0
  • 9.0.0

• The fibers npm package has been updated to version 4.0.3, whichincludes changesthat may drastically reduce garbage collection pressure resulting fromheavy Fiber usage.

• The pathwatcher npm package has been updated to use a fork of version8.0.2, with PR #128applied.

• The sqlite3 npm package has been updated to version 4.1.0.

• The node-gyp npm package has been updated to version 6.0.1, andnode-pre-gyp has been updated to version 0.14.0.

• The feature that restarts the application up to two times if it crasheson startup has been removed.Feature #335PR #10345

v1.8.3, 2019-12-19

Migration Steps

• If your application uses blaze-html-templates, the Meteor jquerypackage will be automatically installed in your .meteor/packages filewhen you update to Meteor 1.8.3. However, this new version of the Meteorjquery package no longer bundles its own copy of the jquery npmimplementation, so you may need to install jquery from npm by running

  meteor npm i jquery

in your application directory. Symptoms of not installing jquery include a blank browser window, with helpful error messages in the console.

Changes

• Node has been updated to version8.17.0.

• The npm npm package has been updated to version 6.13.4, and ourfork of itspacote dependency has been updated to version 9.5.11, an importantsecurity release.

• Prior to Meteor 1.8.3, installing the jquery package from npm alongwith the Meteor jquery package could result in bundling jQuery twice.Thanks to PR #10498, theMeteor jquery package will no longer provide its own copy of jQuery,but will simply display a warning in the console if the jquery npmpackage cannot be found in your node_modules directory. If you areusing blaze in your application, updating to Meteor 1.8.3 willautomatically add this new version of the Meteor jquery package toyour application if you were not already using it (thanks toPR #10801), but you mightneed to run meteor npm i jquery manually, so that blaze can importjquery from your node_modules directory.

• The meteor-babel npm package has been updated to version 7.7.5.

• The typescript npm package has been updated to version 3.7.3.

v1.8.2, 2019-11-14

Breaking changes

• Module-level variable declarations named require or exports are nolonger automatically renamed, so they may collide with module functionparameters of the same name, leading to errors likeUncaught SyntaxError: Identifier 'exports' has already been declared.See this commentby @SimonSimCity.

Migration Steps

• Be sure to update the @babel/runtime npm package to its latest version(currently 7.7.2):

  meteor npm install @babel/runtime@latest

• New Meteor applications now depend on meteor-node-stubs@1.0.0, so itmay be a good idea to update to the same major version:

  meteor npm install meteor-node-stubs@next

• If you are the author of any Meteor packages, and you encounter errorswhen using those packages in a Meteor 1.8.2 application (for example,module.watch being undefined), we recommend that you bump the minorversion of your package and republish it using Meteor 1.8.2, soMeteor 1.8.2 applications will automatically use the new version of thepackage, as compiled by Meteor 1.8.2:

  cd path/to/your/package
  # Add api.versionsFrom("1.8.2") to Package.onUse in package.js...
  meteor --release 1.8.2 publish

This may not be necessary for all packages, especially those that have been recently republished using Meteor 1.8.1, or local packages in the packages/ directory (which are always recompiled from source). However, republishing packages is a general solution to a wide variety of package versioning and compilation problems, and package authors can make their users' lives easier by handling these issues proactively.

Changes

• Node has been updated to version8.16.2.

• The npm npm package has been updated to version 6.13.0, and ourfork of itspacote dependency has been updated to version 9.5.9.

• New Meteor applications now include an official typescript package,supporting TypeScript compilation of .ts and .tsx modules, which canbe added to existing apps by running meteor add typescript.

• New TypeScript-based Meteor applications can be created by running

  meteor create --typescript new-typescript-app

This app skeleton contains a recommended tsconfig.json file, and should serve as a reference for how to make TypeScript and Meteor work together (to the best of our current knowledge). PR #10695

• When bundling modern client code, the Meteor module system now prefersthe "module" field in package.json (if defined) over the "main"field, which should unlock various import/export-based optimizationssuch as tree shaking in future versions of Meteor. As before, servercode uses only the "main" field, like Node.js, and legacy client codeprefers "browser", "main", and then "module".PR #10541,PR #10765.

• ECMAScript module syntax (import, export, and dynamic import()) isnow supported by default everywhere, including in modules imported fromnode_modules, thanks to the Reifycompiler.

• If you need to import code from node_modules that uses modern syntaxbeyond module syntax, it is now possible to enable recompilation forspecific npm packages using the meteor.nodeModules.recompile option inyour application's package.json file.See PR #10603 for furtherexplanation.

• The Meteor build process is now able to detect whether files changed indevelopment were actually used by the server bundle, so that a fullserver restart can be avoided when no files used by the server bundlehave changed. Client-only refreshes are typically much faster thanserver restarts. Run meteor add autoupdate to enable client refreshes,if you are not already using the autoupdate package.Issue #10449PR #10686

• The mongodb npm package used by the npm-mongo Meteor package hasbeen updated to version 3.2.7.

• The meteor-babel npm package has been updated to version 7.7.0,enabling compilation of the meteor/tools codebase with TypeScript(specifically, version 3.7.2 of the typescript npm package).

• The reify npm package has been updated to version 0.20.12.

• The core-js npm package used by ecmascript-runtime-client andecmascript-runtime-server has been updated to version 3.2.1.

• The terser npm package used by minifier-js (and indirectly bystandard-minifier-js) has been updated to version 4.3.1.

• The node-gyp npm package has been updated to version 5.0.1, andnode-pre-gyp has been updated to 0.13.0.

• The optimism npm package has been updated to version 0.11.3, whichenables caching of thrown exceptions as well as ordinary results, inaddition to performance improvements.

• The pathwatcher npm package has been updated to version 8.1.0.

• The underscore npm package installed in the Meteor dev bundle (for useby the meteor/tools codebase) has been updated from version 1.5.2 toversion 1.9.1, and @types/underscore has been installed for betterTypeScript support.

• In addition to the .js and .jsx file extensions, the ecmascriptcompiler plugin now automatically handles JavaScript modules with the.mjs file extension.

• Add —cordova-server-port option to override local port where Cordova will serve static resources, which is useful when multiple Cordova apps are builtfrom the same application source code, since by default the port is generatedusing the ID from the application's .meteor/.id file.

• The —test-app-path <directory> option for meteor test-packages andmeteor test now accepts relative paths as well as absolute paths.

v1.8.1, 2019-04-03

Breaking changes

• Although we are not aware of any specific backwards incompatibilities,the major upgrade of cordova-android from 6.4.0 to 7.1.4 likelydeserves extra attention, if you use Cordova to build Android apps.

Migration Steps

N/A

Changes

• Node has been updated from version 8.11.4 to version8.15.1, an importantsecurity release,which includes the changes from four other minor releases:
  • 8.15.0
  • 8.14.0, an importantsecurity release
  • 8.12.0
  • 8.13.0

Note: While Node 8.12.0 included changes that may improve the performance of Meteor apps, there have been reports of CPU usage spikes in production due to excessive garbage collection, so this version of Meteor should be considered experimental until those problems have been fixed. Issue #10216

• The npm tool has been upgraded to version6.9.0, and ourfork of itspacote dependency has been updated to version 9.5.0.

• Mongo has been upgraded to version 4.0.6 for 64-bit systems (was 4.0.2),and 3.2.22 for 32-bit systems (was 3.2.19). The mongodb npm packageused by npm-mongo has been updated to version 3.1.13 (was 3.1.6).

• The fibers npm package has been updated to version 3.1.1, a majorupdate from version 2.0.0. Building this version of fibers requires aC++11 compiler, unlike previous versions. If you deploy your Meteor appmanually (without using Galaxy), you may need to update the version ofg++ used when running npm install in the bundle/programs/serverdirectory.

• The meteor-babel npm package has been updated to version 7.3.4.

• Cordova Hot Code Push mechanism is now switching versions explicitly withcall to WebAppLocalServer.switchToPendingVersion instead of trying to switch every time a browser reload is detected. If you use any third party package or have your own HCP routines implemented be sure to callit before forcing a browser reload. If you use the automatic reload fromthe Reload meteor package you do not need to do anything.cordova-plugin-meteor-webapp PR #62

• Multiple Cordova-related bugs have been fixed, including Xcode 10 buildincompatibilities and hot code push errors due to duplicatedimages/assets. PR #10339

• The cordova-android and cordova-ios npm dependencies have beenupdated to 7.1.4 (from 6.4.0) and 4.5.5 (from 4.5.4), respectively.

• Build performance has improved (especially on Windows) thanks toadditional caching implemented by @zodernin PRs #10399,#10452,#10453, and#10454.

• The meteor mongo command no longer uses the —quiet option, so thenormal startup text will be displayed, albeit without the banner aboutMongo's free monitoring service. See thisMongoDB Jira issuefor more details.

• In Meteor packages, client/ and server/ directories no longer haveany special meaning. In application code, client/ directories areignored during the server build, and server/ directories are ignoredduring the client build, as before. This special behavior previouslyapplied to packages as well, but has now been removed.Issue #10393PR #10414

• If your application is using Git for version control, the current Gitcommit hash will now be exposed via the Meteor.gitCommitHash propertywhile the app is running (in both server and client code), and also viathe "gitCommitHash" property in the star.json file located in theroot directory of builds produced by meteor build, for consumption bydeployment tools. If you are not using Git, neither property will bedefined. PR #10442

• The Meteor Tool now uses a more reliable method (the MongoDBisMaster command)to detect when the local development database has started and is ready toaccept read and write operations.PR #10500

• Setting the x-no-compression request header will prevent the webapppackage from compressing responses with gzip, which may be useful ifyour Meteor app is behind a proxy that compresses resources with anothercompression algorithm, such as brotli.PR #10378

v1.8.0.2, 2019-01-07

Breaking changes

N/A

Migration steps

N/A

Changes

• The React tutorialhas been updated to address a number of inaccuracies due to changes inrecent Meteor releases that were not fully incorporated back into thetutorial. As a reminder, Meteor now supports a meteor create —reactcommand that can be used to create a new React-based app quickly.

• Fixed a bug where modules named with .app-tests.js (or .tests.js)file extensions sometimes could not be imported by themeteor.testModule entry point when running the meteor test command(or meteor test —full-app).PR #10402

• The meteor-promise package has been updated to version 0.8.7, whichincludes a committhat should prevent memory leaks when excess fibers are discarded fromthe Fiber pool.

• The meteor-babel npm package has been updated to version 7.2.0,improving source maps for applications with custom .babelrc files.

v1.8.0.1, 2018-11-23

Breaking changes

N/A

Migration steps

N/A

Changes

• The useragent npm package used by webapp and (indirectly) by themodern-browsers package has been updated from 2.2.1 to 2.3.0. Thechromium browser name has been aliased to use the same minimum modernversion as chrome, and browser names are now processedcase-insensitively by the modern-browsers package.PR #10334

• Fixed a module caching bug that allowed findImportedModuleIdentifiersto return the same identifiers for the modern and legacy versions of agiven module, even if the set of imported modules is different (forexample, because Babel injects fewer @babel/runtime/… imports intomodern code). Now the caching is always based on the SHA-1 hash of thegenerated code, rather than trusting the hash provided by compilerplugins. PR #10330

v1.8, 2018-10-08

Breaking changes

N/A

Migration Steps

• Update the @babel/runtime npm package to version 7.0.0 or later:

  meteor npm install @babel/runtime@latest

Changes

• Although Node 8.12.0 has been released, Meteor 1.8 still uses Node8.11.4, due to concerns about excessive garbage collection and CPU usagein production. To enable Galaxy customers to use Node 8.12.0, we areplanning a quick follow-up Meteor 1.8.1 release, which can be obtainedby running the command

  meteor update --release 1.8.1-beta.n

where -beta.n is the latest beta release according to the releases page (currently -beta.6). Issue #10216PR #10248

• Meteor 1.7 introduced a new client bundle called web.browser.legacy inaddition to the web.browser (modern) and web.cordova bundles.Naturally, this extra bundle increased client (re)build times. Sincedevelopers spend most of their time testing the modern bundle indevelopment, and the legacy bundle mostly provides a safe fallback inproduction, Meteor 1.8 cleverly postpones building the legacy bundleuntil just after the development server restarts, so that developmentcan continue as soon as the modern bundle has finished building. Sincethe legacy build happens during a time when the build process wouldotherwise be completely idle, the impact of the legacy build on serverperformance is minimal. Nevertheless, the legacy bundle still getsrebuilt regularly, so any legacy build errors will be surfaced in atimely fashion, and legacy clients can test the new legacy bundle bywaiting a bit longer than modern clients. Applications using theautoupdate or hot-code-push packages will reload modern and legacyclients independently, once each new bundle becomes available.Issue #9948PR #10055

• Compiler plugins that call inputFile.addJavaScript orinputFile.addStylesheet may now delay expensive compilation work bypassing partial options ({ path, hash }) as the first argument,followed by a callback function as the second argument, which will becalled by the build system once it knows the module will actually beincluded in the bundle. For example, here's the old implementation ofBabelCompiler#processFilesForTarget:

  processFilesForTarget(inputFiles) {
    inputFiles.forEach(inputFile => {
      var toBeAdded = this.processOneFileForTarget(inputFile);
      if (toBeAdded) {
        inputFile.addJavaScript(toBeAdded);
      }
    });
  }

and here's the new version:

  processFilesForTarget(inputFiles) {
    inputFiles.forEach(inputFile => {
      if (inputFile.supportsLazyCompilation) {
        inputFile.addJavaScript({
          path: inputFile.getPathInPackage(),
          hash: inputFile.getSourceHash(),
        }, function () {
          return this.processOneFileForTarget(inputFile);
        });
      } else {
        var toBeAdded = this.processOneFileForTarget(inputFile);
        if (toBeAdded) {
          inputFile.addJavaScript(toBeAdded);
        }
      }
    });
  }

If you are an author of a compiler plugin, we strongly recommend using this new API, since unnecessary compilation of files that are not included in the bundle can be a major source of performance problems for compiler plugins. Although this new API is only available in Meteor 1.8, you can use inputFile.supportsLazyCompilation to determine dynamically whether the new API is available, so you can support older versions of Meteor without having to publish multiple versions of your package. PR #9983

• New React-based Meteor applications can now becreated using the command

  meteor create --react new-react-app

Though relatively simple, this application template reflects the ideas of many contributors, especially @dmihal and @alexsicart, and it will no doubt continue to evolve in future Meteor releases. Feature #182PR #10149

• The .meteor/packages file supports a new syntax for overridingproblematic version constraints from packages you do not control.

If a package version constraint in .meteor/packages ends with a !character, any other (non-!) constraints on that package elsewhere inthe application will be weakened to allow any version greater than orequal to the constraint, even if the major/minor versions do not match.

For example, using both CoffeeScript 2 and practicalmeteor:mocha usedto be impossible (or at least very difficult) because of thisapi.versionsFrom("1.3")statement, which unfortunately constrained the coffeescript package toversion 1.x. In Meteor 1.8, if you want to update coffeescript to2.x, you can relax the practicalmeteor:mocha constraint by putting

  coffeescript@2.2.1_1! # note the !

in your .meteor/packages file. The coffeescript version still needs to be at least 1.x, so that practicalmeteor:mocha can count on that minimum. However, practicalmeteor:mocha will no longer constrain the major version of coffeescript, so coffeescript@2.2.1_1 will work.

Feature #208Commit 4a70b12eCommit 9872a3a7

• The npm package has been upgraded to version 6.4.1, and ourfork of itspacote dependency has been rebased against version 8.1.6.

• The node-gyp npm package has been updated to version 3.7.0, and thenode-pre-gyp npm package has been updated to version 0.10.3.

• Scripts run via meteor npm … can now use the meteor command moresafely, since the PATH environment variable will now be set so thatmeteor always refers to the same meteor used to run meteor npm.PR #9941

• Minimongo's behavior for sorting fields containing an arrayis now compatible with the behavior of Mongo 3.6+.Note that this means it is now incompatible with the behavior of earlier MongoDB versions.PR #10214

• Meteor's self-test has been updated to use "headless" Chrome ratherthan PhantomJS for browser tests. PhantomJS can still be forced bypassing the —phantom flag to the meteor self-test command.PR #9814

• Importing a directory containing an index.* file now works fornon-.js file extensions. As before, the list of possible extensions isdefined by which compiler plugins you have enabled.PR #10027

• Any client (modern or legacy) may now request any static JS or CSSweb.browser or web.browser.legacy resource, even if it was built fora different architecture, which greatly simplifies CDN setup if your CDNdoes not forward the User-Agent header to the origin.Issue #9953PR #9965

• Cross-origin dynamic import() requests will now succeed in more cases.PR #9954

• Dynamic CSS modules (which are compiled to JS and handled like any otherJS module) will now be properly minified in production and source mappedin development. PR #9998

• While CSS is only minified in production, CSS files must be mergedtogether into a single stylesheet in both development and production.This merging is cached by standard-minifier-cssso that it does not happen on every rebuild in development, but not allCSS minifier packages use the same caching techniques. Thanks to1ed095c36d,this caching is now performed within the Meteor build tool, so it worksthe same way for all CSS minifier packages, which may eliminate a fewseconds of rebuild time for projects with lots of CSS.

• The meteor-babel npm package used by babel-compiler has been updatedto version 7.1.0. Note: This change requires also updating the@babel/runtime npm package to version 7.0.0-beta.56 or later:

  meteor npm install @babel/runtime@latest

meteor-babel issue #22

• The @babel/preset-env and @babel/preset-react presets will beignored by Meteor if included in a .babelrc file, since Meteor alreadyprovides equivalent/superior functionality without them. However, youshould feel free to leave these plugins in your .babelrc file if theyare needed by external tools.

• The install npm package used by modules-runtime has been updated toversion 0.12.0.

• The reify npm package has been updated to version 0.17.3, whichintroduces the module.link(id, {…}) runtime method as a replacementfor module.watch(require(id), {…}). Note: in future versions ofreify and Meteor, the module.watch runtime API will be removed, butfor now it still exists (and is used to implement module.link), sothat existing code will continue to work without recompilation.

• The uglify-es npm package used by minifier-js has been replaced withterser@3.9.2, a fork ofuglify-es that appears to be (more actively) maintained.Issue #10042

• Mongo has been updated to version 4.0.2 and the mongodb npm packageused by npm-mongo has been updated to version 3.1.6.PR #10058Feature Request #269

• When a Meteor application uses a compiler plugin to process files with aparticular file extension (other than .js or .json), those fileextensions should be automatically appended to imports that do notresolve as written. However, this behavior was not previously enabledfor modules inside node_modules. Thanks to8b04c25390,the same file extensions that are applied to modules outside thenode_modules directory will now be applied to those within it, though.js and .json will always be tried first.

• As foreshadowed in this talkabout Meteor 1.7's modern/legacy bundling system(slides), Meteornow provides an isomorphic implementation of the WHATWG fetch()API, which can be installed by running

  meteor add fetch

This package is a great demonstration of the modern/legacy bundling system, since it has very different implementations in modern browsers, legacy browsers, and Node. PR #10029

• The bundle-visualizerpackagehas received a number of UI improvements thanks to work by@jamesmillerburgess inPR #10025.Feature #310

• Sub-resource integrity hashes (sha512) can now be enabled for static CSSand JS assets by calling WebAppInternals.enableSubresourceIntegrity().PR #9933PR #10050

• The environment variable METEOR_PROFILE=milliseconds now works for thebuild portion of the meteor build and meteor deploy commands.Feature #239

• Babel compiler plugins will now receive a caller option of thefollowing form:

  { name: "meteor", arch }

where arch is the target architecture, e.g. os.*, web.browser, web.cordova, or web.browser.legacy. PR #10211

v1.7.0.5, 2018-08-16

Breaking changes

N/A

Migration Steps

N/A

Changes

• Node has been updated to version8.11.4, an importantsecurity release.

v1.7.0.4, 2018-08-07

Breaking changes

N/A

Migration Steps

N/A

Changes

• The npm package @babel/runtime, which is depended on by most Meteorapps, introduced a breaking change in version 7.0.0-beta.56 with theremoval of the @babel/runtime/helpers/builtin directory. While thischange has clear benefits in the long term, in the short term it hasbeen disruptive for Meteor 1.7.0.x applications that accidentallyupdated to the latest version of @babel/runtime. Meteor 1.7.0.4 is apatch release that provides better warnings about this problem, andensures newly created Meteor applications do not use 7.0.0-beta.56.PR #10134

• The npm package has been upgraded to version 6.3.0, and ourfork of itspacote dependency has been rebased against version 8.1.6.Issue #9940

• The reify npm package has been updated to version 0.16.4.

v1.7.0.3, 2018-06-13

Breaking changes

N/A

Migration Steps

N/A

Changes

• Fixed Issue #9991,introduced inMeteor 1.7.0.2by PR #9977.

v1.7.0.2, 2018-06-13

Breaking changes

N/A

Migration Steps

N/A

Changes

• Node has been updated to version8.11.3, an importantsecurity release.

• The meteor-babel npm package has been updated to version7.0.0-beta.51.

• Meteor apps created with meteor create or meteor create —minimalwill now have a directory called tests/ rather than test/, so thattest code will not be eagerly loaded if you decide to remove themeteor.mainModule configuration from package.json, thanks toPR #9977 by@robfallows.Issue #9961

v1.7.0.1, 2018-05-29

Breaking changes

• The aggregate method of raw Mongo collections now returns anAggregationCursor rather than returning the aggregation resultdirectly. To obtain an array of aggregation results, you will need tocall the .toArray() method of the cursor:

  // With MongoDB 2.x, callback style:
  rawCollection.aggregate(
    pipeline,
    (error, results) => {...}
  );
  // With MongoDB 2.x, wrapAsync style:
  const results = Meteor.wrapAsync(
    rawCollection.aggregate,
    rawCollection
  )(pipeline);
  // With MongoDB 3.x, callback style:
  rawCollection.aggregate(
    pipeline,
    (error, aggregationCursor) => {
      ...
      const results = aggregationCursor.toArray();
      ...
    }
  );
  // With MongoDB 3.x, wrapAsync style:
  const results = Meteor.wrapAsync(
    rawCollection.aggregate,
    rawCollection
  )(pipeline).toArray();

Issue #9936

Migration Steps

• Update @babel/runtime (as well as other Babel-related packages) and meteor-node-stubs to their latest versions:

  meteor npm install @babel/runtime@latest meteor-node-stubs@latest

Changes

• Reverted an optimizationintroduced in Meteor 1.7 to stop scanning node_modules for files thatmight be of interest to compiler plugins, since the intended workarounds(creating symlinks) did not satisfy all existing use cases. We willrevisit this optimization in Meteor 1.8.mozfet/meteor-autoform-materialize#43

• After updating to Meteor 1.7 or 1.7.0.1, you should update the@babel/runtime npm package (as well as other Babel-related packages)to their latest versions, along with the meteor-node-stubs package,by running the following command:

  meteor npm install @babel/runtime@latest meteor-node-stubs@latest

v1.7, 2018-05-28

Breaking changes

N/A

Migration Steps

N/A

Changes

• More than 80% of internet users worldwide have access to a web browserthat natively supports the latest ECMAScript features and keeps itselfupdated automatically, which means new features become available almostas soon as they ship. In other words, the future we envisioned when wefirst began compiling code withBabelis finally here, yet most web frameworks and applications still compilea single client-side JavaScript bundle that must function simultaneouslyin the oldest and the newest browsers the application developer wishesto support.

That choice is understandable, because the alternative is daunting: notonly must you build multiple JavaScript and CSS bundles for differentbrowsers, with different dependency graphs and compilation rules andwebpack configurations, but your server must also be able to detect thecapabilities of each visiting client, so that it can deliver theappropriate assets at runtime. Testing a matrix of different browsersand application versions gets cumbersome quickly, so it's no surprisethat responsible web developers would rather ship a single, well-testedbundle, and forget about taking advantage of modern features untillegacy browsers have disappeared completely.

With Meteor 1.7, this awkward balancing act is no longer necessary,because Meteor now automatically builds two sets of client-side assets,one tailored to the capabilities of modern browsers, and the otherdesigned to work in all supported browsers, thus keeping legacy browsersworking exactly as they did before. Best of all, the entire Meteorcommunity relies on the same system, so any bugs or differences inbehavior can be identified and fixed quickly.

In this system, a "modern" browser can be loosely defined as one withfull native support for async functions and await expressions, whichincludes more than 80% of the world market, and 85% of the US market(source). This standard mayseem extremely strict, since async/await was just finalized inECMAScript 2017,but the statistics clearly justify it. As another example, any modernbrowser can handle native class syntax, though newer syntax like classfields may still need to be compiled for now, whereas a legacy browserwill need compilation for both advanced and basic class syntax. And ofcourse you can safely assume that any modern browser has a nativePromise implementation, because async functions must returnPromises. The list goes on and on.

This boundary between modern and legacy browsers is designed to be tunedover time, not only by the Meteor framework itself but also by eachindividual Meteor application. For example, here's how the minimumversions for native ECMAScript class support might be expressed:

  import { setMinimumBrowserVersions } from "meteor/modern-browsers";
  setMinimumBrowserVersions({
    chrome: 49,
    firefox: 45,
    edge: 12,
    ie: Infinity, // Sorry, IE11.
    mobile_safari: [9, 2], // 9.2.0+
    opera: 36,
    safari: 9,
    electron: 1,
  }, "classes");

The minimum modern version for each browser is simply the maximum of all versions passed to setMinimumBrowserVersions for that browser. The Meteor development server decides which assets to deliver to each client based on the User-Agent string of the HTTP request. In production, different bundles are named with unique hashes, which prevents cache collisions, though Meteor also sets the Vary: User-Agent HTTP response header to let well-behaved clients know they should cache modern and legacy resources separately.

For the most part, the modern/legacy system will transparently determine how your code is compiled, bundled, and delivered—and yes, it works with every existing part of Meteor, including dynamic import() and even the old appcache package. However, if you're writing dynamic code that depends on modern features, you can use the boolean Meteor.isModern flag to detect the status of the current environment (Node 8 is modern, too, of course). If you're writing a Meteor package, you can call api.addFiles(files, "legacy") in your package.js configuration file to add extra files to the legacy bundle, or api.addFiles(files, "client") to add files to all client bundles, or api.addFiles(files, "web.browser") to add files only to the modern bundle, and the same rules apply to api.mainModule. Just be sure to call setMinimumBrowserVersions (in server startup code) to enforce your assumptions about ECMAScript feature support.

We think this modern/legacy system is one of the most powerful features we've added since we first introduced the ecmascript package in Meteor 1.2, and we look forward to other frameworks attempting to catch up.

PR #9439

• Although Meteor does not recompile packages installed in node_modulesby default, compilation of specific npm packages (for example, tosupport older browsers that the package author neglected) can now beenabled in one of two ways:

  • Clone the package repository into your application's importsdirectory, make any modifications necessary, then use npm install tolink the-package into node_modules:

meteor npm install imports/the-package

Meteor will compile the contents of the package exposed viaimports/the-package, and this compiled code will be used when youimport the-package in any of the usual ways:

import stuff from "the-package"
require("the-package") === require("/imports/the-package")
import("the-package").then(...)

This reuse of compiled code is the critical new feature that was addedin Meteor 1.7.

• Install the package normally with meteor npm install the-package,then create a symbolic link to the installed package elsewhere inyour application, outside of node_modules:

meteor npm install the-package
cd imports
ln -s ../node_modules/the-package .

Again, Meteor will compile the contents of the package because theyare exposed outside of node_modules, and the compiled code will beused whenever the-package is imported from node_modules.

Note: this technique also works if you create symbolic links to individual files, rather than linking the entire package directory.

In both cases, Meteor will compile the exposed code as if it was part ofyour application, using whatever compiler plugins you have installed.You can influence this compilation using .babelrc files or any othertechniques you would normally use to configure compilation ofapplication code. PR #9771Feature #6

~Note: since compilation of npm packages can now be enabled using the techniques described above, Meteor will no longer automatically scan node_modules directories for modules that can be compiled by compiler plugins. If you have been using that functionality to import compiled-to-JS modules from node_modules, you should start using the symlinking strategy instead.~ Follow-up note: this optimization was reverted in Meteor 1.7.0.1 (see above).

• Node has been updated to version8.11.2, officially fixinga cause of frequentsegmentation faults in Meteor applications that was introduced in Node8.10.0. Meteor 1.6.1.1 shipped with a custom build of Node that patchedthis problem, but that approach was never intended to be permanent.

• The npm package has been upgraded to version 5.10.0, and ourfork of itspacote dependency has been rebased against version 7.6.1.

• Applications may now specify client and server entry point modules in anewly-supported "meteor" section of package.json:

  "meteor": {
    "mainModule": {
      "client": "client/main.js",
      "server": "server/main.js"
    }
  }

When specified, these entry points override Meteor's default module loading semantics, rendering imports directories unnecessary. If mainModule is left unspecified for either client or server, the default rules will apply for that architecture, as before. To disable eager loading of modules on a given architecture, simply provide a mainModule value of false:

  "meteor": {
    "mainModule": {
      "client": false,
      "server": "server/main.js"
    }
  }

Feature #135PR #9690

• In addition to meteor.mainModule, the "meteor" section ofpackage.json may also specify meteor.testModule to control whichtest modules are loaded by meteor test or meteor test —full-app:

  "meteor": {
    "mainModule": {...},
    "testModule": "tests.js"
  }

If your client and server test files are different, you can expand the testModule configuration using the same syntax as mainModule:

  "meteor": {
    "testModule": {
      "client": "client/tests.js",
      "server": "server/tests.js"
    }
  }

The same test module will be loaded whether or not you use the —full-app option. Any tests that need to detect —full-app should check Meteor.isAppTest. The module(s) specified by meteor.testModule can import other test modules at runtime, so you can still distribute test files across your codebase; just make sure you import the ones you want to run. PR #9714

• The meteor create command now supports a —minimal option, whichcreates an app with as few Meteor packages as possible, in order tominimize client bundle size while still demonstrating advanced featuressuch as server-side rendering. This starter application is a solidfoundation for any application that doesn't need Mongo or DDP.

• The meteor-babel npm package has been updated to version7.0.0-beta.49-1. Note: while Babel has recently implemented support fora new kind of babel.config.js configuration file (see thisPR), and future versions ofMeteor will no doubt embrace this functionality, Meteor 1.7 supportsonly .babelrc files as a means of customizing the default Babelconfiguration provided by Meteor. In other words, if your projectcontains a babel.config.js file, it will be ignored by Meteor 1.7.

• The reify npm package has been updated to version 0.16.2.

• The meteor-node-stubs package, which provides stub implementations forany Node built-in modules used by the client (such as path andhttp), has a new minor version (0.4.1) that may help with Windowsinstallation problems. To install the new version, run

  meteor npm install meteor-node-stubs@latest

• The optimism npm package has been updated to version 0.6.3.

• The minifier-js package has been updated to use uglify-es 3.3.9.

• Individual Meteor self-test's can now be skipped by adjusting theirdefine call to be prefixed by skip. For example,selftest.skip.define('some test', … will skip running "some test".PR #9579

• Mongo has been upgraded to version 3.6.4 for 64-bit systems, and 3.2.19for 32-bit systems. PR #9632

NOTE: After upgrading an application to use Mongo 3.6.4, it has beenobserved (#9591)that attempting to run that application with an older version ofMeteor (via meteor —release X), that uses an older version of Mongo, canprevent the application from starting. This can be fixed by eitherrunning meteor reset, or by repairing the Mongo database. To repair thedatabase, find the mongod binary on your system that lines up with theMeteor release you're jumping back to, and runmongodb —dbpath your-apps-db —repair. For example:

  ~/.meteor/packages/meteor-tool/1.6.0_1/mt-os.osx.x86_64/dev_bundle/mongodb/bin/mongod --dbpath /my-app/.meteor/local/db --repair

PR #9632

• The mongodb driver package has been updated from version 2.2.34 toversion 3.0.7. PR #9790PR #9831Feature #268

• The cordova-plugin-meteor-webapp package depended on by the Meteorwebapp package has been updated to version 1.6.0.PR #9761

• Any settings read from a JSON file passed with the —settings optionduring Cordova run/build/deploy will be exposed in mobile-config.jsvia the App.settings property, similar to Meteor.settings.PR #9873

• The @babel/plugin-proposal-class-properties plugin provided bymeteor-babel now runs with the loose:true option, as required byother (optional) plugins like @babel/plugin-proposal-decorators.Issue #9628

• The underscore package has been removed as a dependency from meteor-base.This opens up the possibility of removing 14.4 kb from production bundles.Since this would be a breaking change for any apps that may have beenusing _ without having any packages that depend on underscorebesides meteor-base, we have added an upgrader that will automaticallyadd underscore to the .meteor/packages file of any project whichlists meteor-base, but not underscore. Apps which do not require thispackage can safely remove it using meteor remove underscore.PR #9596

• Meteor's promise package has been updated to supportPromise.prototype.finally.Issue 9639PR #9663

• Assets made available via symlinks in the public and private directoriesof an application are now copied into Meteor application bundles whenusing meteor build. This means npm package assets that need to be madeavailable publicly can now be symlinked from their node_modules location,in the public directory, and remain available in production bundles.Issue #7013PR #9666

• The facts package has been split into facts-base and facts-ui. Theoriginal facts package has been deprecated.PR #9629

• If the new pseudo tag <meteor-bundled-css /> is used anywhere in the<head /> of an app, it will be replaced by the link to Meteor's bundledCSS. If the new tag isn't used, the bundle will be placed at the top ofthe <head /> section as before (for backwards compatibility).Feature #24PR #9657

v1.6.1.4, 2018-08-16

Breaking changes

N/A

Migration Steps

N/A

Changes

• Node has been updated to version8.11.4, an importantsecurity release.

v1.6.1.3, 2018-06-16

Breaking changes

N/A

Migration Steps

N/A

Changes

• Node has been updated to version8.11.3, an importantsecurity release.

v1.6.1.2, 2018-05-28

Breaking changes

N/A

Migration Steps

N/A

Changes

• Meteor 1.6.1.2 is a very small release intended to fix#9863 by making#9887 available to Windowsusers without forcing them to update to Meteor 1.7 (yet). Thanks verymuch to @zodern for identifying a solutionto this problem. PR #9910

v1.6.1.1, 2018-04-02

Breaking changes

N/A

Migration Steps

• Update @babel/runtime npm package and any custom Babel plugin enabled in .babelrc

  meteor npm install @babel/runtime@latest

Changes

• Node has been updated to version8.11.1, an importantsecurity release,with a critical patchapplied tosolve a segmentation faultproblem that wasintroduced in Node 8.10.0.

• The meteor-babel npm package has been updated to version7.0.0-beta.42, which may require updating any custom Babel pluginsyou've enabled in a .babelrc file, and/or running the followingcommand to update @babel/runtime:

  meteor npm install @babel/runtime@latest

v1.6.1, 2018-01-19

Breaking changes

• Meteor's Node Mongo driver is now configured with theignoreUndefinedconnection option set to true, to make sure fields with undefinedvalues are not first converted to null, when inserted/updated. undefinedvalues are now removed from all Mongo queries and insert/update documents.

This is a potentially breaking change if you are upgrading an existing app from an earlier version of Meteor.

For example:

  // return data pertaining to the current user
  db.privateUserData.find({
      userId: currentUser._id // undefined
  });

Assuming there are no documents in the privateUserData collection with userId: null, in Meteor versions prior to 1.6.1 this query will return zero documents. From Meteor 1.6.1 onwards, this query will now return every document in the collection. It is highly recommend you review all your existing queries to ensure that any potential usage of undefined in query objects won't lead to problems.

Migration Steps

N/A

Changes

• Node has been updated to version8.9.4.

• The meteor-babel npm package (along with its Babel-relateddependencies) has been updated to version 7.0.0-beta.38, a majorupdate from Babel 6. Thanks to the strong abstraction of themeteor-babel package, the most noticeable consequence of the Babel 7upgrade is that the babel-runtime npm package has been replaced by@babel/runtime, which can be installed by running

  meteor npm install @babel/runtime

in your application directory. There's a good chance that the old babel-runtime package can be removed from your package.json dependencies, though there's no harm in leaving it there. Please see this blog post for general information about updating to Babel 7 (note especially any changes to plugins you've been using in any .babelrc files). PR #9440

• Because babel-compiler@7.0.0 is a major version bump for a corepackage, any package that explicitly depends on babel-compiler withapi.use or api.imply will need to be updated and republished inorder to remain compatible with Meteor 1.6.1. One notable example is thepracticalmeteor:mocha package. If you have been using this test-driverpackage, we strongly recommend switching to meteortesting:mochainstead. If you are the author of a package that depends onbabel-compiler, we recommend publishing your updated version using anew major or minor version, so that you can continue releasing patchupdates compatible with older versions of Meteor, if necessary.

• Meteor's Node Mongo driver is now configured with theignoreUndefinedconnection option set to true, to make sure fields with undefinedvalues are not first converted to null, when inserted/updated. undefinedvalues are now removed from all Mongo queries and insert/update documents.Issue #6051PR #9444

• The server-render package now supports passing a Stream object toServerSink methods that previously expected a string, which enablesstreaming server-side rendering with React16:

  import React from "react";
  import { renderToNodeStream } from "react-dom/server";
  import { onPageLoad } from "meteor/server-render";
  import App from "/imports/Server.js";
  onPageLoad(sink => {
    sink.renderIntoElementById("app", renderToNodeStream(
      <App location={sink.request.url} />
    ));
  });

PR #9343

• The cordova-lib package hasbeen updated to version 7.1.0,cordova-android has beenupdated to version 6.4.0 (plus one additionalcommit),and cordova-ios has beenupdated to version 4.5.4. The cordova plugins cordova-plugin-console,cordova-plugin-device-motion, and cordova-plugin-device-orientationhave been deprecatedand will likely be removed in a future Meteor release.Feature Request #196PR #9213Issue #9447PR #9448

• The previously-served /manifest.json application metadata file is nowserved from /browser/manifest.json for web browsers, to avoidconfusion with other kinds of manifest.json files. Cordova clientswill continue to load the manifest file from /cordova/manifest.json,as before. Issue #6674PR #9424

• The bundled version of MongoDB used by meteor run in developmenton 64-bit architectures has been updated to 3.4.10. 32-bit architectureswill continue to use MongoDB 3.2.x versions since MongoDB is no longerproducing 32-bit versions of MongoDB for newer release tracks.PR #9396

• Meteor's internal minifier-css package has been updated to use postcssfor CSS parsing and minifying, instead of the abandoned css-parse andcss-stringify packages. Changes made to the CssTools API exposed by theminifier-css package are mostly backwards compatible (thestandard-minifier-css package that uses it didn't have to change forexample), but now that we're using postcss the AST accepted and returnedfrom certain functions is different. This could impact developers who aretying into Meteor's internal minifier-css package directly. The AST basedfunction changes are:

  • CssTools.parseCss now returns a PostCSSRoot object.
  • CssTools.stringifyCss expects a PostCSS Root object as its firstparameter.
  • CssTools.mergeCssAsts expects an array of PostCSS Root objects as itsfirst parameter.
  • CssTools.rewriteCssUrls expects a PostCSS Root object as its firstparameter.PR #9263

• The _ variable will once again remain bound to underscore (ifinstalled) in meteor shell, fixing a regression introduced by Node 8.PR #9406

• Dynamically import()ed modules will now be fetched from theapplication server using an HTTP POST request, rather than a WebSocketmessage. This strategy has all the benefits of the previous strategy,except that it does not require establishing a WebSocket connectionbefore fetching dynamic modules, in exchange for slightly higher latencyper request. PR #9384

• To reduce the total number of HTTP requests for dynamic modules, rapidsequences of import() calls within the same tick of the event loopwill now be automatically batched into a single HTTP request. In otherwords, the following code will result in only one HTTP request:

  const [
    React,
    ReactDOM
  ] = await Promise.all([
    import("react"),
    import("react-dom")
  ]);

• Thanks to a feature request and pull request from@CaptainN, all available dynamic moduleswill be automatically prefetched after page load and permanently cachedin IndexedDB when the appcache package is in use, ensuring thatdynamic import() will work for offline apps. Although the HTML5Application Cache was deliberately not used for this prefetching, thenew behavior matches the spirit/intention of the appcache package.Feature Request #236PR #9482PR #9434

• The es5-shim library is no longer included in the initial JavaScriptbundle, but is instead injected using a <script> tag in older browsersthat may be missing full support for ECMAScript 5. For the vast majorityof modern browsers that do not need es5-shim, this change will reducethe bundle size by about 10KB (minified, pre-gzip). For testingpurposes, the <script> tag injection can be triggered in any browserby appending ?force_es5_shim=1 to the application URL.PR #9360

• The Tinytest.addAsync API now accepts test functions that returnPromise objects, making the onComplete callback unnecessary:

  Tinytest.addAsync("some async stuff", async function (test) {
    test.equal(shouldReturnFoo(), "foo");
    const bar = await shouldReturnBarAsync();
    test.equal(bar, "bar");
  });

PR #9409

• Line number comments are no longer added to bundled JavaScript files onthe client or the server. Several years ago, before all major browserssupported source maps, we felt it was important to provide line numberinformation in generated files using end-of-line comments like

  some.code(1234); // 123
  more.code(5, 6); // 124

Adding all these comments was always slower than leaving the code unmodified, but recently the comments have begun interacting badly with certain newer ECMAScript syntax, such as multi-line template strings. Since source maps are well supported in most browsers that developers are likely to be using for development, and the line number comments are now causing substantive problems beyond the performance cost, we concluded it was time to stop using them. PR #9323Issue #9160

• Since Meteor 1.3, Meteor has supported string-valued "browser" fieldsin package.json files, to enable alternate entry points for packagesin client JavaScript bundles. In Meteor 1.6.1, we are expanding supportto include object-valued "browser" fields, according to thisunofficial and woefully incomplete (but widely-implemented) "specdocument."We are only supporting the "relative style" of browser replacements,however, and not the "package style" (as detailed in thiscomment),because supporting the package style would have imposed an unacceptableruntime cost on all imports (not just those overridden by a "browser"field).PR #9311Issue #6890

• The Boilerplate#toHTML method from the boilerplate-generator packagehas been deprecated in favor of toHTMLAsync (which returns a Promisethat resolves to a string of HTML) or toHTMLStream (which returns aStream of HTML). Although direct usage of toHTML is unlikely, pleaseupdate any code that calls this method if you see deprecation warningsin development. Issue #9521.

• The npm package has been upgraded to version 5.6.0, and our fork ofits pacote dependency has been rebased against version 7.0.2.

• The reify npm package has been updated to version 0.13.7.

• The minifier-js package has been updated to use uglify-es 3.2.2.

• The request npm package used by both the http package and themeteor command-line tool has been upgraded to version 2.83.0.

• The kexec npm package has been updated to version 3.0.0.

• The moment npm package has been updated to version 2.20.1.

• The rimraf npm package has been updated to version 2.6.2.

• The glob npm package has been updated to version 7.1.2.

• The ignore npm package has been updated to version 3.3.7.

• The escope npm package has been updated to version 3.6.0.

• The split2 npm package has been updated to version 2.2.0.

• The multipipe npm package has been updated to version 2.0.1.

• The pathwatcher npm package has been updated to version 7.1.1.

• The lru-cache npm package has been updated to version 4.1.1.

• The deprecated Meteor.http object has been removed. If yourapplication is still using Meteor.http, you should now use HTTPinstead:

  import { HTTP } from "meteor/http";
  HTTP.call("GET", url, ...);

• The deprecated Meteor.uuid function has been removed. If yourapplication is still using Meteor.uuid, you should run

  meteor npm install uuid

to install the widely used uuid package from npm. Example usage:

  import uuid from "uuid";
  console.log(uuid());

• The log-suppressing flags on errors in ddp-client and ddp-server have beenchanged from expected to _expectedByTest in order to avoid inadvertentlysilencing errors in production.Issue #6912PR #9515

• Provide basic support for iPhone Xstatus bar and launch screens, which includes updates tocordova-plugin-statusbar@2.3.0and cordova-plugin-splashscreen@4.1.0.Issue #9041PR #9375

• Fixed an issue preventing the installation of scoped Cordova packages.For example,

  meteor add cordova:@somescope/some-cordova-plugin@1.0.0

will now work properly. Issue #7336PR #9334

• iOS icons and launch screens have been updated to support iOS 11Issue #9196PR #9198

• Enables passing false to cursor.count() on the client to prevent skipand limit from having an effect on the result.Issue #1201PR #9205

• An onExternalLogin hook has been added to the accounts system, to allowthe customization of OAuth user profile updates.PR #9042

• Accounts.config now supports a bcryptRounds option thatoverrides the default 10 rounds currently used to secure passwords.PR #9044

• Developers running Meteor from an interactive shell within Emacs shouldnotice a substantial performance improvement thanks to automaticdisabling of the progress spinner, which otherwise reacts slowly.PR #9341

• Npm.depends can now specify any http or https URL.Issue #9236PR #9237

• Byte order marks included in —settings files will no longer crash theMeteor Tool.Issue #5180PR #9459

• The accounts-ui-unstyled package has been updated to use <form /> and<button /> tags with its login/signup form, instead of <div />'s. Thischange helps browser's notice login/signup requests, allowing them totrigger their "remember your login/password" functionality.

Note: If your application is styling the login/signup form using a CSS path that includes the replaced div elements (e.g. div.login-form { … or div.login-button { …), your styles will break. You can either update your CSS to use form. / button. or adjust your CSS specificity by styling on class / id attributes only.

Issue #1746PR #9442

• The stylus package has been deprecated and will no longer besupported/maintained.PR #9445

• Support for the meteor admin get-machine command has been removed, andthe build farm has been discontinued. Ever since Meteor 1.4, packageswith binary dependencies have been automatically (re)compiled when theyare installed in an application, assuming the target machine has a basiccompiler toolchain. To see the requirements for this compilation step,consult the platform requirements fornode-gyp.

• Client side Accounts.onLogin callbacks now receive a login detailsobject, with the attempted login type (e.g. { type: password } after asuccessful password based login, { type: resume } after a DDP reconnect,etc.).Issue #5127PR #9512

v1.6.0.1, 2017-12-08

• Node has been upgraded to version8.9.3, an importantsecurity release.

• The npm package has been upgraded to version 5.5.1, which supportsseveral new features, including two-factor authentication, as describedin the release notes.

v1.6, 2017-10-30

• Important note for package maintainers:

With the jump to Node 8, some packages published using Meteor 1.6 may nolonger be compatible with older Meteor versions. In order to maintaincompatibility with Meteor 1.5 apps when publishing your package, you canspecify a release version with the meteor publish command:

  meteor --release 1.5.3 publish

If you're interested in taking advantage of Meteor 1.6 while still supporting older Meteor versions, you can consider publishing for Meteor 1.6 from a new branch, with your package's minor or major version bumped. You can then continue to publish for Meteor 1.5 from the original branch. Note that the 1.6 branch version bump is important so that you can continue publishing patch updates for Meteor 1.5 from the original branch.

Issue #9308

• Node.js has been upgraded to version 8.8.1, which will be enteringlong-term support (LTS) coverage on 31 October 2017, lasting throughDecember 2019 (full schedule).This is a major upgrade from the previous version of Node.js used byMeteor, 4.8.4.

• The npm npm package has been upgraded to version 5.4.2, a majorupgrade from 4.6.1. While this update should be backwards-compatible forexisting Meteor apps and packages, if you are the maintainer of anyMeteor packages, pay close attention to your npm-shrinkwrap.json fileswhen first using this version of npm. For normal Meteor applicationdevelopment, this upgrade primarily affects the version of npm used bymeteor npm … commands. A functional installation of git may berequired to support GitHub repository and/or tarball URLs.Troubleshooting.PR #8835

• In addition to meteor node and meteor npm, which are convenientshorthands for node and npm, meteor npx <command> can be used toexecute commands from a local node_modules/.bin directory or from thenpm cache. Any packages necessary to run the command will beautomatically downloaded. Readabout it, or just try some commands:

  meteor npx cowsay mooooo
  meteor npx uuid
  meteor npx nyancat
  meteor npx yarn

• The meteor debug command has been superseded by the more flexible—inspect and —inspect-brk command-line flags, which work for anyrun, test, or test-packages command.

The syntax of these flags is the same as the equivalent Node.jsflags,with two notable differences:

• The flags affect the server process spawned by the build process,rather than affecting the build process itself.

• The —inspect-brk flag causes the server process to pause just afterserver code has loaded but before it begins to execute, giving thedeveloper a chance to set breakpoints in server code.

Feature Request #194

• On Windows, Meteor can now be installed or reinstalled from scratchusing the command choco install meteor, using theChocolatey package manager. This method ofinstallation replaces the old InstallMeteor.exe installer, which had anumber of shortcomings, and will no longer be supported.

• Fresh installs of Meteor 1.6 on 64-bit Windows machines will now usenative 64-bit Node.js binaries, rather than a 32-bit version of Node.js.In addition to being faster, native 64-bit support will enable Windowsdevelopers to debug asynchronous stack traces more easily in the newNode.js inspector, which is only fully supported by native 64-bitarchitectures. Note that merely running meteor update from a 32-bitversion of Meteor will still install a 32-bit version of Meteor 1.6, soyou should use choco install meteor to get a fresh 64-bit version.PR #9218

• To support developers running on a 32-bit OS, Meteor now supports both 32-and 64-bit versions of Mongo. Mongo 3.2 is the last 32-bit version availablefrom Mongo. Meteor running on a 32-bit OS will use a 32-bit version of Mongo3.2 and 64-bit platforms will receive newer Mongo versions in future releases.PR #9173

• After several reliability improvements, native file watching has beenun-disabled on Windows. Though native file change notifications willprobably never work with network or shared virtual file systems (e.g.,NTFS or Vagrant-mounted disks), Meteor uses an efficient prioritizedpolling system as a fallback for those file systems.

• Various optimizations have reduced the on-disk size of the meteor-toolpackage from 545MB (1.5.2.2) to 219MB.

• The meteor-babel package has been upgraded to version 0.24.6, to takebetter advantage of native language features in Node 8.

• The reify npm package has been upgraded to version 0.12.3.

• The meteor-promise package has been upgraded to version 0.8.6, toenable better handling of UnhandledPromiseRejectionWarnings.

• The node-gyp npm package has been upgraded to version 3.6.2.

• The node-pre-gyp npm package has been updated to version 0.6.36.

• The fibers npm package has been upgraded to version 2.0.0.

• The pathwatcher npm package has been upgraded to version 7.1.0.

• The http-proxy npm package has been upgraded to version 1.16.2.

• The semver npm package has been upgraded to version 5.4.1.

• When running Meteor tool tests (i.e. ./meteor self-test) during thecourse of developing Meteor itself, it is no longer necessary to./meteor npm install -g phantomjs-prebuilt browserstack-webdriver.These will now be installed automatically upon their use.

• You can now run meteor test —driver-package user:package withoutfirst running meteor add user:package.

• iOS icons and launch screens have been updated to support iOS 11Issue #9196PR #9198

v1.5.4.2, 2018-04-02

• Node has been upgraded to version4.9.0, an importantsecurity release.

v1.5.4.1, 2017-12-08

• Node has been upgraded to version4.8.7, an importantsecurity release.

v1.5.4, 2017-11-08

• Node has been updated to version 4.8.6. This release officiallyincludes our fix of a faulty backport of garbage collection-relatedlogic in V8 and ends Meteor's use of a custom Node with that patch.In addition, it includes small OpenSSL updates as announced on theNode blog: https://nodejs.org/en/blog/release/v4.8.6/.[Issue #8648](https://github.com/meteor/meteor/issues/8648)

v1.5.3, 2017-11-04

• Node has been upgraded to version 4.8.5, a recommended securityrelease: https://nodejs.org/en/blog/release/v4.8.5/. While it wasexpected that Node 4.8.5 would also include our fix of a faultybackport of garbage collection-related logic in V8, the timingof this security release has caused that to be delayed until 4.8.6.Therefore, this Node still includes our patch for this issue.Issue #8648

• Various backports from Meteor 1.6, as detailed in thePR for Meteor 1.5.3.Briefly, these involve fixes for:

  • Child imports of dynamically imported modules within packages.#9182
  • Unresolved circular dependencies.#9176
  • Windows temporary directory handling.

v1.5.2.2, 2017-10-02

• Fixes a regression in 1.5.2.1 which resulted in the macOS firewallrepeatedly asking to "accept incoming network connections". While thenode binary in 1.5.2.1 was functionally the same as 1.5.2, it hadbeen recompiled on our build farm (which re-compiles all architecturesat the same time) to ensure compatibility with older (but stillsupported) Linux distributions. Unfortunately, macOS took issue withthe binary having a different 'signature' (but same 'identifier') asone it had already seen, and refused to permanently "allow" it in thefirewall. Our macOS node binaries are now signed with a certificate,hopefully preventing this from occurring again.Issue #9139

• Fixes a regression in accounts-base caused by changes to the (nowdeprecated) connection.onReconnect function which caused users to belogged out shortly after logging in.Issue #9140PR #

• cordova-ios has been updated toversion 4.5.1, to add in iOS 11 / Xcode 9 compatibility.Issue #9098Issue #9126PR #9137

• Includes a follow-up change to the (not commonly necessary)Npm.require which ensures built-in modules are loaded first, whichwas necessary after a change in 1.5.2.1 which reduced its scope.This resolves "Cannot find module crypto" and similar errors.Issue #9136

• A bug that prevented building some binary npm packages on Windows hasbeen fixed. Issue #9153

v1.5.2.1, 2017-09-26

• Updating to Meteor 1.5.2.1 will automatically patch a securityvulnerability in the allow-deny package, since meteor-tool@1.5.2_1requires allow-deny@1.0.9 or later. If for any reason you are notready or able to update to Meteor 1.5.2.1 by running meteor update,please at least run

  meteor update allow-deny

instead. More details about the security vulnerability can be found on the Meteor forums.

• The command-line meteor tool no longer invokes node with the—expose-gc flag. Although this flag allowed the build process to bemore aggressive about collecting garbage, it was also a source ofproblems in Meteor 1.5.2 and Node 4.8.4, from increased segmentationfaults during (the more frequent) garbage collections to occasionalslowness in rebuilding local packages. The flag is likely to return inMeteor 1.6, where it has not exhibited any of the same problems.

• Meteor now supports .meteorignore files, which cause the build systemto ignore certain files and directories using the same pattern syntax as.gitignore files. These filesmay appear in any directory of your app or package, specifying rules forthe directory tree below them. Of course, .meteorignore files are alsofully integrated with Meteor's file watching system, so they can beadded, removed, or modified during development.Feature request #5

• DDP's connection.onReconnect = func feature has been deprecated. Thisfunctionality was previously supported as a way to set a function to becalled as the first step of reconnecting. This approach has proven to beinflexible as only one function can be defined to be called whenreconnecting. Meteor's accounts system was already setting anonReconnect callback to be used internally, which means anyone settingtheir own onReconnect callback was inadvertently overwriting code usedinternally. Moving forward the DDP.onReconnect(callback) method should beused to register callbacks to call when a connection reconnects. Theconnection that is reconnecting is passed as the only argument tocallback. This is used by the accounts system to re-login on reconnectswithout interfering with other code that uses connection.onReconnect.Issue #5665PR #9092

• reactive-dict now supports destroy. destroy will clear the ReactiveDictsdata and unregister the ReactiveDict from data migration.i.e. When a ReactiveDict is instantiated with a name on the client and thereload package is present in the project.Feature Request #76PR #9063

• The webapp package has been updated to support UNIX domain sockets. If aUNIX_SOCKET_PATH environment variable is set with a validUNIX socket file path (e.g. UNIX_SOCKET_PATH=/tmp/socktest.sock), Meteor'sHTTP server will use that socket file for inter-process communication,instead of TCP. This can be useful in cases like using Nginx to proxyrequests back to an internal Meteor application. Leveraging UNIX domainsockets for inter-process communication reduces the sometimes unnecessaryoverhead required by TCP based communication.Issue #7392PR #8702

• The fastclick package (previously included by default in Cordovaapplications through the mobile-experience package) has been deprecated.This package is no longer maintained and has years of outstandingunresolved issues, some of which are impacting Meteor users. Most modernmobile web browsers have removed the 300ms tap delay that fastclick workedaround, as long as the following <head /> meta element is set (whichis generally considered a mobile best practice regardless, and which theMeteor boilerplate generator already sets by default for Cordova apps):<meta name="viewport" content="width=device-width">If anyone is still interested in using fastclick with their application,it can be installed from npm directly (meteor npm install —save fastclick).Reference:Mobile ChromeMobile SafariPR #9039

• Minimongo cursors are now JavaScript iterable objects and can now be iterated overusing for…of loops, spread operator, yield*, and destructuring assignments.PR #8888

v1.5.2, 2017-09-05

• Node 4.8.4 has been patched to includehttps://github.com/nodejs/node/pull/14829, an important PR implementedby our own @abernix (:tada:), which fixes a faulty backport of garbagecollection-related logic in V8 that was causing occasional segmentationfaults during Meteor development and testing, ever since Node 4.6.2(Meteor 1.4.2.3). When Node 4.8.5 is officially released with thesechanges, we will immediately publish a small follow-up release.Issue #8648

• When Meteor writes to watched files during the build process, it nolonger relies on file watchers to detect the change and invalidate theoptimistic file system cache, which should fix a number of problemsrelated by the symptom of endless rebuilding.Issue #8988Issue #8942PR #9007

• The cordova-lib npm package has been updated to 7.0.1, along withcordova-android (6.2.3) and cordova-ios (4.4.0), and various plugins.PR #8919 resolves theumbrella issue #8686, aswell as several Android build issues:#8408,#8424, and#8464.

• The boilerplate-generatorpackage responsible for generating initial HTML documents for Meteorapps has been refactored by @stevenhao to avoid using thespacebars-related packages, which means it is now possible to removeBlaze as a dependency from the server as well as the client.PR #8820

• The meteor-babel package has been upgraded to version 0.23.1.

• The reify npm package has been upgraded to version 0.12.0, whichincludes a minor breakingchangethat correctly skips exports named default in export from "module"declarations. If you have any wrapper modules that re-export anothermodule's exports using export from "./wrapped/module", and thewrapped module has a default export that you want to be included, youshould now explicitly re-export default using a second declaration:

  export * from "./wrapped/module";
  export { default } "./wrapped/module";

• The meteor-promise package has been upgraded to version 0.8.5,and the promise polyfill package has been upgraded to 8.0.1.

• The semver npm package has been upgraded to version 5.3.0.PR #8859

• The faye-websocket npm package has been upgraded to version 0.11.1,and its dependency websocket-driver has been upgraded to a versioncontaining this fix,thanks to @sdarnell.meteor-feature-requests#160

• The uglify-js npm package has been upgraded to version 3.0.28.

• Thanks to PRs #8960 and#9018 by @GeoffreyBooth, acoffeescript-compilerpackage has been extracted from the coffeescript package, similar tohow the babel-compiler package is separate from the ecmascriptpackage, so that other packages (such asvue-coffee)can make use of coffeescript-compiler. All coffeescript-relatedpackages have been moved topackages/non-core,so that they can be published independently from Meteor releases.

• meteor list —tree can now be used to list all transitive packagedependencies (and versions) in an application. Weakly referenced dependenciescan also be listed by using the —weak option. For more information, runmeteor help list.PR #8936

• The star.json manifest created within the root of a meteor build bundlewill now contain nodeVersion and npmVersion which will specify the exactversions of Node.js and npm (respectively) which the Meteor release wasbundled with. The .node_version.txt file will still be written into theroot of the bundle, but it may be deprecated in a future version of Meteor.PR #8956

• A new package called mongo-dev-server has been created and wired intomongo as a dependency. As long as this package is included in a Meteorapplication (which it is by default since all new Meteor apps have mongoas a dependency), a local development MongoDB server is started alongsidethe application. This package was created to provide a way to disable thelocal development Mongo server, when mongo isn't needed (e.g. when usingMeteor as a build system only). If an application has no dependency onmongo, the mongo-dev-server package is not added, which means no localdevelopment Mongo server is started.Feature Request #31PR #8853

• Accounts.config no longer mistakenly allows tokens to expire whenthe loginExpirationInDays option is set to null.Issue #5121PR #8917

• The "env" field is now supported in .babelrc files.PR #8963

• Files contained by client/compatibility/ directories or added withapi.addFiles(files, …, { bare: true }) are now evaluated beforeimporting modules with require, which may be a breaking change if youdepend on the interleaving of bare files with eager module evaluation.PR #8972

• When meteor test-packages runs in a browser, uncaught exceptions willnow be displayed above the test results, along with the usual summary oftest failures, in case those uncaught errors have something to do withlater test failures.Issue #4979PR #9034

v1.5.1, 2017-07-12

• Node has been upgraded to version 4.8.4.

• A new core Meteor package called server-render provides genericsupport for server-side rendering of HTML, as described in the package'sREADME.md.PR #8841

• To reduce the total number of file descriptors held open by the Meteorbuild system, native file watchers will now be started only for filesthat have changed at least once. This new policy means you may have towait up to 5000msfor changes to be detected when you first edit a file, but thereafterchanges will be detected instantaneously. In return for that smallinitial waiting time, the number of open file descriptors will now bebounded roughly by the number of files you are actively editing, ratherthan the number of files involved in the build (often thousands), whichshould help with issues like#8648. If you need todisable the new behavior for any reason, simply set theMETEOR_WATCH_PRIORITIZE_CHANGED environment variable to "false", asexplained in PR #8866.

• All observe and observeChanges callbacks are now bound usingMeteor.bindEnvironment. The same EnvironmentVariables that werepresent when observe or observeChanges was called are now availableinside the callbacks. PR #8734

• A subscription's onReady is now fired again during a re-subscription, evenif the subscription has the same arguments. Previously, when subscribingto a publication the onReady would have only been called if the argumentswere different, creating a confusing difference in functionality. This may bebreaking behavior if an app uses the firing of onReady as an assumptionthat the data was just received from the server. If such functionality isstill necessary, consider usingobserveorobserveChangesPR #8754Issue #1173

• The minimongo and mongo packages are now compliant with the upsert behaviorof MongoDB 2.6 and higher. As a result support for MongoDB 2.4 has been dropped.This mainly changes the effect of the selector on newly inserted documents.PR #8815

• reactive-dict now supports setting initial data when defining a namedReactiveDict. No longer run migration logic when used on the server,this is to prevent duplicate name error on reloads. Initial data is nowproperly serialized.

• accounts-password now uses example.com as a default "from" address insteadof meteor.com. This change could break account-related e-mail notifications(forgot password, activation, etc.) for applications which do not properlyconfigure a "from" domain since e-mail providers will often reject mail sentfrom example.com. Ensure that Accounts.emailTemplates.from is set to aproper domain in all applications.PR #8760

• The accounts-facebook and facebook-oauth packages have been updated touse the v2.9 of the Facebook Graph API for the Login Dialog since the v2.2version will be deprecated by Facebook in July. There shouldn't be a problemregardless since Facebook simply rolls over to the next active version(v2.3, in this case) however this should assist in avoiding deprecationwarnings and should enable any new functionality which has become available.PR #8858

• Add DDP._CurrentPublicationInvocation and DDP._CurrentMethodInvocation.DDP._CurrentInvocation remains for backwards-compatibility. This changeallows method calls from publications to inherit the connection from thethe publication which called the method.PR #8629

Note: If you're calling methods from publications that are using this.connection to see if the method was called from server code or not. These checks will now be more restrictive because this.connection will now be available when a method is called from a publication.

• Fix issue with publications temporarily having DDP._CurrentInvocation set onre-run after a user logged in. This is now provided throughDDP._CurrentPublicationInvocation at all times inside a publication,as described above.PR #8031PR #8629

• Meteor.userId() and Meteor.user() can now be used in both method calls andpublications.PR #8629

• this.onStop callbacks in publications are now run with the publication'scontext and with its EnvironmentVariables bound.PR #8629

• The minifier-js package will now replace process.env.NODE_ENV withits string value (or "development" if unspecified).

• The meteor-babel npm package has been upgraded to version 0.22.0.

• The reify npm package has been upgraded to version 0.11.24.

• The uglify-js npm package has been upgraded to version 3.0.18.

• Illegal characters in paths written in build output directories will nowbe replaced with _s rather than removed, so that file and directorynames consisting of only illegal characters do not become emptystrings. PR #8765.

• Additional "extra" packages (packages that aren't saved in .meteor/packages)can be included temporarily using the —extra-packagesoption. For example: meteor run —extra-packages bundle-visualizer.Both meteor test and meteor test-packages also support the—extra-packages option and commas separate multiple package names.PR #8769

Note: Packages specified using the —extra-packages option override version constraints from .meteor/packages.

• The coffeescript package has been updated to use CoffeeScript version1.12.6. PR #8777

• It's now possible to pipe a series of statements to meteor shell,whereas previously the input had to be an expression; for example:

  > echo 'import pkg from "babel-runtime/package.json";
  quote> pkg.version' |
  pipe> meteor shell
  "6.23.0"

Issue #8823PR #8833

• Any Error thrown by a DDP method with the error.isClientSafeproperty set to true will now be serialized and displayed to theclient, whereas previously only Meteor.Error objects were consideredclient-safe. PR #8756

v1.5, 2017-05-30

• The meteor-base package implies a new dynamic-import package, whichprovides runtime support for the proposed ECMAScript dynamicimport(…) syntax,enabling asynchronous module fetching or "code splitting." If your appdoes not use the meteor-base package, you can use the package bysimply running meteor add dynamic-import. See this blogpostand PR #8327 for moreinformation about how dynamic import(…) works in Meteor, and how touse it in your applications.

• The ecmascript-runtime package, which provides polyfills for variousnew ECMAScript runtime APIs and language features, has been split intoecmascript-runtime-client and ecmascript-runtime-server, to reflectthe different needs of browsers versus Node 4. The client runtime nowrelies on the core-js library found in the node_modules directory ofthe application, rather than a private duplicate installed viaNpm.depends. This is unlikely to be a disruptive change for mostdevelopers, since the babel-runtime npm package is expected to beinstalled, and core-js is a dependency of babel-runtime, sonode_modules/core-js should already be present. If that's not thecase, just run meteor npm install —save core-js to install it.

• The npm npm package has been upgraded to version 4.6.1.

• The meteor-babel npm package has been upgraded to version 0.21.4,enabling the latest Reify compiler and the transform-class-propertiesplugin, among other improvements.

• The reify npm package has been upgraded to version 0.11.21, fixingissue #8595 andimproving compilation and runtime performance.

Note: With this version of Reify, import declarations are compiled to module.watch(require(id), …) instead of module.importSync(id, …) or the older module.import(id, …). The behavior of the compiled code should be the same as before, but the details seemed different enough to warrant a note.

• The install npm package has been upgraded to version 0.10.1.

• The meteor-promise npm package has been upgraded to version 0.8.4.

• The uglify-js npm package has been upgraded to version 3.0.13, fixing#8704.

• If you're using the standard-minifier-js Meteor package, as mostMeteor developers do, it will now produce a detailed analysis of packageand module sizes within your production .js bundle whenever you runmeteor build or meteor run —production. These data are served bythe application web server at the same URL as the minified .js bundle,except with a .stats.json file extension instead of .js. If you'reusing a different minifier plugin, and would like to support similarfunctionality, refer tothesecommitsfor inspiration.

• To visualize the bundle size data produced by standard-minifier-js,run meteor add bundle-visualizer and then start your developmentserver in production mode with meteor run —production. Be sure toremove the bundle-visualizer package before actually deploying yourapp, or the visualization will be displayed to your users.

• If you've been developing an app with multiple versions of Meteor, ortesting with beta versions, and you haven't recently run meteor reset,your .meteor/local/bundler-cache directory may have become quitelarge. This is just a friendly reminder that this directory is perfectlysafe to delete, and Meteor will repopulate it with only the most recentcached bundles.

• Apps created with meteor create —bare now use the static-htmlpackage for processing .html files instead of blaze-html-templates,to avoid large unnecessary dependencies like the jquery package.

• Babel plugins now receive file paths without leading / characters,which should prevent confusion about whether the path should be treatedas absolute. PR #8610

• It is now possible to override the Cordova iOS and/or Androidcompatibility version by setting the METEOR_CORDOVA_COMPAT_VERSION_IOSand/or METEOR_CORDOVA_COMPAT_VERSION_ANDROID environment variables.PR #8581

• Modules in node_modules directories will no longer automatically haveaccess to the Buffer polyfill on the client, since that polyfillcontributed more than 22KB of minified JavaScript to the client bundle,and was rarely used. If you really need the Buffer API on the client,you should now obtain it explicitly with require("buffer").Buffer.Issue #8645.

• Packages in node_modules directories are now considered non-portable(and thus may be automatically rebuilt for the current architecture), iftheir package.json files contain any of the following install hooks:install, preinstall, or postinstall. Previously, a package wasconsidered non-portable only if it contained any .node binary modules.Issue #8225

v1.4.4.6, 2018-04-02

• Node has been upgraded to version4.9.0, an importantsecurity release.The Node v4.x release line will exit the Node.js Foundation'slong-term support (LTS) status on April 30,

  • We strongly advise updating to a version of Meteor using a newerversion of Node which is still under LTS status, such as Meteor 1.6.xwhich uses Node 8.x.
• The npm package has been upgraded to version4.6.1.

v1.4.4.5, 2017-12-08

• Node has been upgraded to version4.8.7, an importantsecurity release.

v1.4.4.4, 2017-09-26

• Updating to Meteor 1.4.4.4 will automatically patch a securityvulnerability in the allow-deny package, since meteor-tool@1.4.4_4requires allow-deny@1.0.9 or later. If for any reason you are notready or able to update to Meteor 1.4.4.4 by running meteor update,please at least run

  meteor update allow-deny

instead. More details about the security vulnerability can be found on the Meteor forums.

v1.4.4.3, 2017-05-22

• Node has been upgraded to version 4.8.3.

• A bug in checking body lengths of HTTP responses that was affectingGalaxy deploys has been fixed.PR #8709.

v1.4.4.2, 2017-05-02

• Node has been upgraded to version 4.8.2.

• The npm npm package has been upgraded to version 4.5.0.Note that when using npm scripts there has been a change regardingwhat happens when SIGINT (Ctrl-C) is received. Read morehere.

• Fix a regression which prevented us from displaying a helpful banner whenrunning meteor debug because of a change in Node.js.

• Update node-inspector npm to 1.1.1, fixing a problem encountered when tryingto press "Enter" in the inspector console.Issue #8469

• The email package has had its mailcomposer npm package swapped witha Node 4 fork of nodemailer due to its ability to support connection poolingin a similar fashion as the original mailcomposer.Issue #8591PR #8605

Note: The MAIL_URL should be configured with a scheme which matches the protocol desired by your e-mail vendor/mail-transport agent. For encrypted connections (typically listening on port 465), this means using smtps://. Unencrypted connections or those secured through a STARTTLS connection upgrade (typically using port 587 and sometimes port 25) should continue to use smtp://. TLS/SSL will be automatically enabled if the mail provider supports it.

• A new Tracker.inFlush() has been added to provide a global Tracker"flushing" state.PR #8565.

• The meteor-babel npm package has been upgraded to version 0.20.1, andthe reify npm package has been upgraded to version 0.7.4, fixingissue #8595.(This was fixed between full Meteor releases, but is being mentioned here.)

v1.4.4.1, 2017-04-07

• A change in Meteor 1.4.4 to remove "garbage" directories asynchronouslyin files.renameDirAlmostAtomically had unintended consequences forrebuilding some npm packages, so that change was reverted, and thosedirectories are now removed before files.renameDirAlmostAtomicallyreturns. PR #8574

v1.4.4, 2017-04-07

• Node has been upgraded to version 4.8.1.

• The npm npm package has been upgraded to version 4.4.4.It should be noted that this version reduces extra noisepreviously included in some npm errors.

• The node-gyp npm package has been upgraded to 3.6.0 whichadds support for VS2017 on Windows.

• The node-pre-gyp npm package has been updated to 0.6.34.

• Thanks to the outstanding efforts of @sethmurphy18, the minifier-jspackage now uses Babili instead ofUglifyJS, resolving numerouslong-standing bugs due to UglifyJS's poor support for ES2015+ syntax.Issue #8378PR #8397

• The meteor-babel npm package has been upgraded to version 0.19.1, andreify has been upgraded to version 0.6.6, fixing several subtle bugsintroduced by Meteor 1.4.3 (see below), includingissue #8461.

• The Reify module compiler is now a Babel plugin, making it possible forother custom Babel plugins configured in .babelrc or package.jsonfiles to run before Reify, fixing bugs that resulted from running Reifybefore other plugins in Meteor 1.4.3.Issue #8399Issue #8422meteor-babel issue #13

• Two new export … from … syntax extensions are now supported:

  export * as namespace from "./module"
  export def from "./module"

Read the ECMA262 proposals here:

• https://github.com/leebyron/ecmascript-export-ns-from

• https://github.com/leebyron/ecmascript-export-default-from

  • When Meteor.call is used on the server to invoke a method thatreturns a Promise object, the result will no longer be the Promiseobject, but the resolved value of the Promise.Issue #8367

Note: if you actually want a Promise when calling Meteor.call or Meteor.apply on the server, use Meteor.callAsync and/or Meteor.applyAsync instead. Issue #8367, https://github.com/meteor/meteor/commit/0cbd25111d1249a61ca7adce23fad5215408c821

• The mailcomposer and smtp-connection npms have been updated to resolve anissue with the encoding of long header lines.Issue #8425PR #8495

• Accounts.config now supports an ambiguousErrorMessages option whichenabled generalization of messages produced by the accounts-* packages.PR #8520

• A bug which caused account enrollment tokens to be deleted too soon was fixed.Issue #8218PR #8474

• On Windows, bundles built during meteor build or meteor deploy willmaintain the executable bit for commands installed in thenode_modules.bin directory.PR #8503

• On Windows, the upgrades to Node.js, npm and mongodb are now in-sync withother archs again after being mistakenly overlooked in 1.4.3.2. An adminscript enhancement has been applied to prevent this from happening again.PR #8505

v1.4.3.2, 2017-03-14

• Node has been upgraded to version 4.8.0.

• The npm npm package has been upgraded to version 4.3.0.

• The node-gyp npm package has been upgraded to 3.5.0.

• The node-pre-gyp npm package has been updated to 0.6.33.

• The bundled version of MongoDB used by meteor run in developmenthas been upgraded to 3.2.12.

• The mongodb npm package used by the npm-mongo Meteor package hasbeen updated to version 2.2.24.PR #8453Issue #8449

• The check package has had its copy of jQuery.isPlainObjectupdated to a newer implementation to resolve an issue where thenodeType property of an object couldn't be checked, fixing#7354.

• The standard-minifier-js and minifier-js packages now have improvederror capturing to provide more information on otherwise unhelpful errorsthrown when UglifyJS encounters ECMAScript grammar it is not familiar with.#8414

• Similar in behavior to Meteor.loggingIn(), accounts-base now offers areactive Meteor.loggingOut() method (and related Blaze helpers,loggingOut and loggingInOrOut).PR #8271Issue #1331Issue #769

• Using length as a selector field name and with a Number as a valuein a Mongo.Collection transformation will no longer cause odd results.#8329.

• observe-sequence (and thus Blaze) now properly supports Arrays which werecreated in a vm or across frame boundaries, even if they were sub-classed.Issue #8160PR #8401

• Minimongo now supports $bitsAllClear, $bitsAllSet, $bitsAnySet and$bitsAnyClear.#8350

• A new Development.md document has been created to providean easier path for developers looking to make contributions to Meteor Core(that is, the meteor tool itself) along with plenty of helpful remindersfor those that have already done so

• The suggestion to add a {oauth-service}-config-ui package will no longer bemade on the console if service-configuration package is already installed.Issue #8366PR #8429

• Meteor.apply's throwStubExceptions option is now properly documented inthe documentation whereas it was previously only mentioned in the Guide.Issue #8435PR #8443

• DDPRateLimiter.addRule now accepts a callback which will be executed aftera rule is executed, allowing additional actions to be taken if necessary.Issue #5541PR #8237

• jquery is no longer a dependency of the http package.#8389

• jquery is no longer in the default package list after runningmeteor create, however is still available thanks to blaze-html-templates.If you still require jQuery, the recommended approach is to install it fromnpm with meteor npm install —save jquery and then import-ing it into yourapplication.#8388

• The shell-server package (i.e. meteor shell) has been updated to moregracefully handle recoverable errors (such as SyntaxErrors) in the samefashion as the Node REPL.Issue #8290PR #8446

• The webapp package now reveals a WebApp.connectApp to make it easier toprovide custom error middleware.#8403

• The meteor update —all-packages command has been properly documented incommand-line help (i.e. meteor update —help).PR #8431Issue #8154

• Syntax errors encountered while scanning package.json files for binarydependencies are now safely and silently ignored.Issue #8427PR #8468

v1.4.3.1, 2017-02-14

• The meteor-babel npm package has been upgraded to version 0.14.4,fixing #8349.

• The reify npm package has been upgraded to version 0.4.9.

• Partial npm-shrinkwrap.json files are now disregarded when(re)installing npm dependencies of Meteor packages, fixing#8349. Furtherdiscussion of the new npm behavior can be foundhere.

v1.4.3, 2017-02-13

• Versions of Meteor corepackagesare once again constrained by the current Meteor release.

Before Meteor 1.4, the current release dictated the exact version of every installed core package, which meant newer core packages could not be installed without publishing a new Meteor release. In order to support incremental development of core packages, Meteor 1.4 removed all release-based constraints on core package versions (#7084). Now, in Meteor 1.4.3, core package versions must remain patch-compatible with the versions they had when the Meteor release was published. This middle ground restores meaning to Meteor releases, yet still permits patch updates to core packages.

• The cordova-lib npm package has been updated to 6.4.0, along withcordova-android (6.1.1) and cordova-ios (4.3.0), and various plugins.#8239

• The coffeescript Meteor package has been moved frompackages/coffeescript to packages/non-core/coffeescript, so that itwill not be subject to the constraints described above.

• CoffeeScript source maps should be now be working properly in development.#8298

• The individual account "service" packages (facebook, google, twitter,github, meteor-developer, meetup and weibo) have been split into:

  • <service>-oauth (which interfaces with the <service> directly) and
  • <service>-config-ui (the Blaze configuration templates for accounts-ui)This means you can now use accounts-<service> without needing Blaze.

If you are using accounts-ui and accounts-<service>, you will probablyneed to install the <service>-config-ui package if you want to configure itusing the Accounts UI.

• Issue #7715
• PR(facebook) #7728
• PR(google) #8275
• PR(twitter) #8283
• PR(github) #8303
• PR(meteor-developer) #8305
• PR(meetup) #8321
• PR(weibo) #8302
  • The url and http packages now encode to a less error-proneformat which more closely resembles that used by PHP, Ruby, jQuery.paramand others. Objects and Arrays can now be encoded, however, if you havepreviously relied on Arrays passed as params being simply join-ed withcommas, you may need to adjust your HTTP.call implementations.#8261 and#8342.

• The npm npm package is still at version 4.1.2 (as it was when Meteor1.4.3 was originally published), even though npm was downgraded to3.10.9 in Meteor 1.4.2.7.

• The meteor-babel npm package has been upgraded to version 0.14.3,fixing #8021 and#7662.

• The reify npm package has been upgraded to 0.4.7.

• Added support for frame-ancestors CSP option in browser-policy.#7970

• You can now use autoprefixer with stylus files added via packages.#7727

• Restored #8213after those changes were reverted inv1.4.2.5.

• npm dependencies of Meteor packages will now be automatically rebuilt ifthe npm package's package.json file has "scripts" section containing apreinstall, install, or postinstall command, as well as when thenpm package contains any .node files. Discussionhere.

• The meteor create command now runs meteor npm install automaticallyto install dependencies specified in the default package.json file.#8108

v1.4.2.7, 2017-02-13

• The npm npm package has been downgraded from version 4.1.2 back toversion 3.10.9, reverting the upgrade in Meteor 1.4.2.4.

v1.4.2.6, 2017-02-08

• Fixed a critical bugthat was introduced by the fix forIssue #8136, whichcaused some npm packages in nested node_modules directories to beomitted from bundles produced by meteor build and meteor deploy.

v1.4.2.5, 2017-02-03

• Reverted #8213 as thechange was deemed too significant for this release.

Note: The decision to revert the above change was made late in the Meteor 1.4.2.4 release process, before it was ever recommended but too late in the process to avoid the additional increment of the version number. See #8311 for additional information. This change will still be released in an upcoming version of Meteor with a more seamless upgrade.

v1.4.2.4, 2017-02-02

• Node has been upgraded to version 4.7.3.

• The npm npm package has been upgraded from version 3.10.9 to 4.1.2.

Note: This change was later deemed too substantial for a point release and was reverted in Meteor 1.4.2.7.

• Fix for Issue #8136.

• Fix for Issue #8222.

• Fix for Issue #7849.

• The version of 7-zip included in the Windows dev bundle has beenupgraded from 1602 to 1604 in an attempt to mitigateIssue #7688.

• The "main" field of package.json modules will no longer beoverwritten with the value of the optional "browser" field, now thatthe install npm package can make sense of the "browser" field atruntime. If you experience module resolution failures on the clientafter updating Meteor, make sure you've updated the modules-runtimeMeteor package to at least version 0.7.8.#8213

v1.4.2.3, 2016-11-17

• Style improvements for meteor create —full.#8045

Note: Meteor 1.4.2.2 was finalized before #8045 was merged, but those changes were deemed important enough to skip recommending 1.4.2.2 and instead immediately release 1.4.2.3.

v1.4.2.2, 2016-11-15

• Node has been upgraded to version 4.6.2.

• meteor create now has a new —full option, which generates an larger app,demonstrating development techniques highlighted in theMeteor Guide

Issue #6974PR #7807

• Minimongo now supports $min, $max and partially supports $currentDate.

Issue #7857PR #7858

• Fix for Issue #5676PR #7968

• It is now possible for packages to specify a lazy main module:

  Package.onUse(function (api) {
    api.mainModule("client.js", "client", { lazy: true });
  });

This means the client.js module will not be evaluated during app startup unless/until another module imports it, and will not even be included in the client bundle if no importing code is found. Note 1: packages with lazy main modules cannot use api.export to export global symbols to other packages/apps. Note 2: packages with lazy main modules should be restricted to Meteor 1.4.2.2 or later via api.versionsFrom("1.4.2.2"), since older versions of Meteor cannot import lazy main modules using import "meteor/<package name>" but must explicitly name the module: import "meteor/<package name>/client.js".

v1.4.2.1, 2016-11-08

• Installing the babel-runtime npm package in your applicationnode_modules directory is now required for most Babel-transformed codeto work, as the Meteor babel-runtime package no longer attempts toprovide custom implementations of Babel helper functions. To installthe babel-runtime package, simply run the command

  meteor npm install --save babel-runtime

in any Meteor application directory. The Meteor babel-runtime package version has been bumped to 1.0.0 to reflect this major change. #7995

• File system operations performed by the command-line tool no longer usefibers unless the METEOR_DISABLE_FS_FIBERS environment variable isexplicitly set to a falsy value. For larger apps, this change results insignificant build performance improvements due to the creation of fewerfibers and the avoidance of unnecessary asyncronous delays.https://github.com/meteor/meteor/pull/7975/commits/ca4baed90ae0675e55c93976411d4ed91f12dd63

• Running Meteor as root is still discouraged, and results in a fatalerror by default, but the —allow-superuser flag now works as claimed.#7959

• The dev_bundle\python\python.exe executable has been restored to theWindows dev bundle, which may help with meteor npm rebuild commands.#7960

• Changes within linked npm packages now trigger a partial rebuild,whereas previously (in 1.4.2) they were ignored.#7978

• Miscellaneous fixed bugs:#2876#7154#7956#7974#7999#8005#8007

v1.4.2, 2016-10-25

• This release implements a number of rebuild performance optimizations.As you edit files in development, the server should restart and rebuildmuch more quickly, especially if you have many node_modules files.See https://github.com/meteor/meteor/pull/7668 for more details.

Note: the METEOR_PROFILE environment variable now provides data for server startup time as well as build time, which should make it easier to tell which of your packages are responsible for slow startup times. Please include the output of METEOR_PROFILE=10 meteor run with any GitHub issue about rebuild performance.

• npm has been upgraded to version 3.10.9.

• The cordova-lib npm package has been updated to 6.3.1, along withcordova-android (5.2.2) and cordova-ios (4.2.1), and various plugins.

• The node-pre-gyp npm package has been updated to 0.6.30.

• The lru-cache npm package has been updated to 4.0.1.

• The meteor-promise npm package has been updated to 0.8.0 for betterasynchronous stack traces.

• The meteor tool is now prevented from running as root as this isnot recommended and can cause issues with permissions. In some environments,(e.g. Docker), it may still be desired to run as root and this can bepermitted by passing —unsafe-perm to the meteor command.#7821

• Blaze-related packages have been extracted tometeor/blaze, and the mainmeteor/meteor repository nowrefers to them via git submodules (see#7633).When running meteor from a checkout, you must now update thesesubmodules by running

  git submodule update --init --recursive

in the root directory of your meteor checkout.

• Accounts.forgotPassword and .verifyEmail no longer throw errors if callback is provided. Issue #5664Origin PR #5681Merged PR

• The default content security policy (CSP) for Cordova now includes ws:and wss: WebSocket protocols.#7774

• meteor npm commands are now configured to use dev_bundle/.npm as thenpm cache directory by default, which should make npm commands lesssensitive to non-reproducible factors in the external environment.https://github.com/meteor/meteor/pull/7668/commits/3313180a6ff33ee63602f7592a9506012029e919

• The meteor test command now supports the —no-release-check flag.https://github.com/meteor/meteor/pull/7668/commits/7097f78926f331fb9e70a06300ce1711adae2850

• JavaScript module bundles on the server no longer include transitivenode_modules dependencies, since those dependencies can be evaluateddirectly by Node. This optimization should improve server rebuild timesfor apps and packages with large node_modules directories.https://github.com/meteor/meteor/pull/7668/commits/03c5346873849151cecc3e00606c6e5aa13b3bbc

• The standard-minifier-css package now does basic caching for theexpensive mergeCss function.https://github.com/meteor/meteor/pull/7668/commits/bfa67337dda1e90610830611fd99dcb1bd44846a

• The coffeescript package now natively supports import and exportdeclarations. #7818

• Due to changes in how Cordova generates version numbers for iOS and Androidapps, you may experience issues with apps updating on user devices. To avoidthis, consider managing the buildNumber manually usingApp.info('buildNumber', 'XXX'); in mobile-config.js. There are additionalconsiderations if you have been setting android:versionCode orios-CFBundleVersion. See#7205 and#6978 for more information.

v1.4.1.3, 2016-10-21

• Node has been updated to version 4.6.1:https://nodejs.org/en/blog/release/v4.6.1/

• The mongodb npm package used by the npm-mongo Meteor package hasbeen updated to version 2.2.11.#7780

• The fibers npm package has been upgraded to version 1.0.15.

• Running Meteor with a different —port will now automaticallyreconfigure the Mongo replica set when using the WiredTiger storageengine, instead of failing to start Mongo.#7840.

• When the Meteor development server shuts down, it now attempts to killthe mongod process it spawned, in addition to killing any runningmongod processes when the server first starts up.https://github.com/meteor/meteor/pull/7668/commits/295d3d5678228f06ee0ab6c0d60139849a0ea192

• The meteor <command> … syntax will now work for any commandinstalled in dev_bundle/bin, except for Meteor's own commands.

• Incomplete package downloads will now fail (and be retried severaltimes) instead of silently succeeding, which was the cause of thedreaded Error: ENOENT: no such file or directory, open… os.jsonerror. #7806

v1.4.1.2, 2016-10-04

• Node has been upgraded to version 4.6.0, a recommended security release:https://nodejs.org/en/blog/release/v4.6.0/

• npm has been upgraded to version 3.10.8.

v1.4.1.1, 2016-08-24

• Update the version of our Node MongoDB driver to 2.2.8 to fix a bug inreconnection logic, leading to some update and remove commands beingtreated as inserts. #7594

v1.4.1, 2016-08-18

• Node has been upgraded to 4.5.0.

• npm has been upgraded to 3.10.6.

• The meteor publish-for-arch command is no longer necessary whenpublishing Meteor packages with binary npm dependencies. Instead, binarydependencies will be rebuilt automatically on the installation side.Meteor package authors are not responsible for failures due to compilertoolchain misconfiguration, and any compilation problems with theunderlying npm packages should be taken up with the authors of thosepackages. That said, if a Meteor package author really needs or wants tocontinue using meteor publish-for-arch, she should publish her packageusing an older release: e.g. meteor —release 1.4 publish.#7608

• The .meteor-last-rebuild-version.json files that determine if a binarynpm package needs to be rebuilt now include more information from theprocess object, namely process.{platform,arch,versions} instead ofjust process.versions. Note also that the comparison of versions nowignores differences in patch versions, to avoid needless rebuilds.

• The npm-bcrypt package now uses a pure-JavaScript implementation bydefault, but will prefer the native bcrypt implementation if it isinstalled in the application's node_modules directory. In other words,run meteor install —save bcrypt in your application if you need orwant to use the native implementation of bcrypt.#7595

• After Meteor packages are downloaded from Atmosphere, they will now beextracted using native tar or 7z.exe on Windows, instead of thehttps://www.npmjs.com/package/tar library, for a significant performanceimprovement. #7457

• The npm tar package has been upgraded to 2.2.1, though it is now onlyused as a fallback after native tar and/or 7z.exe.

• The progress indicator now distinguishes between downloading,extracting, and loading newly-installed Meteor packages, instead oflumping all of that work into a "downloading" status message.

• Background Meteor updates will no longer modify the ~/.meteor/meteorsymbolic link (or AppData\Local.meteor\meteor.bat on Windows).Instead, developers must explicitly type meteor update to begin usinga new version of the meteor script.

• Password Reset tokens now expire (after 3 days by default — can be modified via Accounts.config({ passwordResetTokenExpirationInDays: …}). PR #7534

• The google package now uses the email scope as a mandatory field insteadof the profile scope. The profile scope is still added by default if therequestPermissions option is not specified to maintain backwardcompatibility, but it is now possible to pass an empty array torequestPermissions in order to only request the email scope, whichreduces the amount of permissions requested from the user in the Googlepopup. PR #6975

• Added Facebook.handleAuthFromAccessToken in the case where you get the FBaccessToken in some out-of-band way. PR #7550

• Accounts.onLogout gets { user, connection } context in a similar fashionto Accounts.onLogin. Issue #7397PR #7433

• The node-gyp and node-pre-gyp tools will now be installed inbundle/programs/server/node_modules, to assist with rebuilding binarynpm packages when deploying an app to Galaxy or elsewhere.#7571

• The standard-minifier-{js,css} packages no longer minify .js or .cssfiles on the server. #7572

• Multi-line input to meteor shell, which was broken by changes to therepl module in Node 4, works again.#7562

• The implementation of the command-line meteor tool now forbidsmisbehaving polyfill libraries from overwriting global.Promise.#7569

• The oauth-encryption package no longer depends on thenpm-node-aes-gcm package (or any special npm packages), because theNode 4 crypto library natively supports the aes-128-gcm algorithm.#7548

• The server-side component of the meteor shell command has been movedinto a Meteor package, so that it can be developed independently fromthe Meteor release process, thanks to version unpinning.#7624

• The meteor shell command now works when running meteor test.

• The meteor debug command no longer pauses at the first statementin the Node process, yet still reliably stops at custom breakpointsit encounters later.

• The meteor-babel package has been upgraded to 0.12.0.

• The meteor-ecmascript-runtime package has been upgraded to 0.2.9, tosupport several additional stage 4proposals.

• A bug that prevented @-scoped npm packages from getting bundled fordeployed apps has been fixed.#7609.

• The meteor update command now supports an —all-packages flag toupdate all packages (including indirect dependencies) to their latestcompatible versions, similar to passing the names of all your packagesto the meteor update command.#7653

• Background release updates can now be disabled by invoking eithermeteor —no-release-check or METEOR_NO_RELEASE_CHECK=1 meteor.#7445

v1.4.0.1, 2016-07-29

• Fix issue with the 1.4 tool springboarding to older releases (see Issue #7491)

• Fix issue with running in development on Linux 32bit Issue #7511

v1.4, 2016-07-25

• Node has been upgraded to 4.4.7.

• The meteor-babel npm package has been upgraded to 0.11.7.

• The reify npm package has been upgraded to 0.3.6.

• The bcrypt npm package has been upgraded to 0.8.7.

• Nested import declarations are now enabled for package code as well asapplication code. 699cf1f38e9b2a074169515d23983f74148c7223

• Meteor has been upgraded to support Mongo 3.2 by default (the bundled versionused by meteor run has been upgraded). Internally it now uses the 2.2.4version of the mongodb npm driver, and has been tested against at Mongo 3.2server. Issue #6957

Mongo 3.2 defaults to the new WiredTiger storage engine. You can update yourdatabase following the instructions here:https://docs.mongodb.com/v3.0/release-notes/3.0-upgrade/.In development, you can also just use meteor reset to remove your olddatabase, and Meteor will create a new WiredTiger database for you. The Mongodriver will continue to work with the old MMAPv1 storage engine however.

The new version of the Mongo driver has been tested with MongoDB versions from2.6 up. Mongo 2.4 has now reached end-of-life(https://www.mongodb.com/support-policy), and is no longer supported.

If you are setting MONGO_OPLOG_URL, especially in production, ensure you arepassing in the replicaSet argument (see #7450)

• Custom Mongo options can now be specified using theMongo.setConnectionOptions(options) API.#7277

• On the server, cursor.count() now takes a single argument applySkipLimit(see the corresponding Mongo documentation)

• Fix for regression caused by #5837 which incorrectly rewrotenetwork-path references (e.g. //domain.com/image.gif) in CSS URLs.#7416

• Added Angular2 boilerplate example #7364

v1.3.5.1, 2016-07-18

• This release fixed a small bug in 1.3.5 that prevented updating appswhose .meteor/release files refer to releases no longer installed in~/.meteor/packages/meteor-tool. 576468eae8d8dd7c1fe2fa381ac51dee5cb792cd

v1.3.5, 2016-07-16

• Failed Meteor package downloads are now automatically resumed from thepoint of failure, up to ten times, with a five-second delay betweenattempts. #7399

• If an app has no package.json file, all packages in node_moduleswill be built into the production bundle. In other words, make sure youhave a package.json file if you want to benefit from devDependenciespruning. 7b2193188fc9e297eefc841ce6035825164f0684

• Binary npm dependencies of compiler plugins are now automaticallyrebuilt when Node/V8 versions change.#7297

• Because .meteor/local is where purely local information should bestored, the .meteor/dev_bundle link has been renamed to.meteor/local/dev_bundle.

• The .meteor/local/dev_bundle link now corresponds exactly to.meteor/release even when an app is using an older version ofMeteor. d732c2e649794f350238d515153f7fb71969c526

• When recompiling binary npm packages, the npm rebuild command nowreceives the flags —update-binary and —no-bin-links, in additionto respecting the $METEOR_NPM_REBUILD_FLAGS environment variable.#7401

• The last solution found by the package version constraint solver is nowstored in .meteor/local/resolver-result-cache.json so that it need notbe recomputed every time Meteor starts up.

• If the $GYP_MSVS_VERSION environment variable is not explicitlyprovided to meteor {node,npm}, the node-gyp tool will infer theappropriate version (though it still defaults to "2015").

v1.3.4.4, 2016-07-10

• Fixed #7374.

• The default loglevel for internal npm commands (e.g., those related toNpm.depends) has been set to "error" instead of "warn". Note that thischange does not affect meteor npm … commands, which can be easilyconfigured using .npmrc files or command-line flags.0689cae25a3e0da3615a402cdd0bec94ce8455c8

v1.3.4.3, 2016-07-08

• Node has been upgraded to 0.10.46.

• npm has been upgraded to 3.10.5.

• The node-gyp npm package has been upgraded to 3.4.0.

• The node-pre-gyp npm package has been upgraded to 0.6.29.

• The ~/.meteor/meteor symlink (or AppData\Local.meteor\meteor.bat onWindows) will now be updated properly after meteor update succeeds. This waspromised in v1.3.4.2but not fully delivered.

• The .meteor/dev_bundle symbolic link introduced inv1.3.4.2is now updated whenever .meteor/release is read.

• The .meteor/dev_bundle symbolic link is now ignored by.meteor/.gitignore.

v1.3.4.2, 2016-07-07

• The meteor node and meteor npm commands now respect.meteor/release when resolving which versions of node and npm toinvoke. Note that you must meteor update to 1.3.4.2 before this logicwill take effect, but it will work in all app directories afterupdating, even those pinned to older versions.#7338

• The Meteor installer now has the ability to resume downloads, soinstalling Meteor on a spotty internet connection should be morereliable. #7348

• When running meteor test, shared directories are symlinked (orjunction-linked on Windows) into the temporary test directory, notcopied, leading to much faster test start times after the initial build.The directories: .meteor/local/{bundler-cache,isopacks,plugin-cache}

• App.appendToConfig allows adding custom tags to config.xml.#7307

• When using ROOT_URL with a path, relative CSS URLs are rewritenaccordingly. #5837

• Fixed bugs:#7149#7296#7309#7312

v1.3.4.1, 2016-06-23

• Increased the default HTTP timeout for requests made by the meteorcommand-line tool to 60 seconds (previously 30), and disabled thetimeout completely for Galaxydeploys.

• Minor bug fixes: #7281#7276

v1.3.4, 2016-06-22

• The version of npm used by meteor npm and when installingNpm.depends dependencies of Meteor packages has been upgraded from2.15.1 to 3.9.6, which should lead to much flatter node_modulesdependency trees.

• The meteor-babel npm package has been upgraded to 0.11.6, and is nowinstalled using npm@3.9.6, fixing bugs arising from Windows pathlimits, such as #7247.

• The reify npm package has been upgraded to 0.3.4, fixing#7250.

• Thanks to caching improvements for thefiles.{stat,lstat,readdir,realpath} methods andPackageSource#_findSources, development server restart times are nolonger proportional to the number of files in node_modulesdirectories. #7253#7008

• When installed via InstallMeteor.exe on Windows, Meteor can now beeasily uninstalled through the "Programs and Features" control panel.

• HTTP requests made by the meteor command-line tool now have a timeoutof 30 seconds, which can be adjusted by the $TIMEOUT_SCALE_FACTORenvironment variable. #7143

• The request npm dependency of the http package has been upgradedfrom 2.53.0 to 2.72.0.

• The —headless option is now supported by meteor test andmeteor test-packages, in addition to meteor self-test.#7245

• Miscellaneous fixed bugs:#7255#7239

v1.3.3.1, 2016-06-17

• Fixed bugs:#7226#7181#7221#7215#7217

• The node-aes-gcm npm package used by oauth-encryption has beenupgraded to 0.1.5. #7217

• The reify module compiler has been upgraded to 0.3.3.

• The meteor-babel package has been upgraded to 0.11.4.

• The pathwatcher npm package has been upgraded to 6.7.0.

• In CoffeeScript files with raw JavaScript enclosed by backticks, thecompiled JS will no longer contain require calls inserted by Babel.#7226

• Code related to the Velocity testing system has been removed.#7235

• Allow smtps:// in MAIL_URL #7043

• Adds Accounts.onLogout() a hook directly analogous to Accounts.onLogin(). PR #6889

v1.3.3, 2016-06-10

• Node has been upgraded from 0.10.43 to 0.10.45.

• npm has been upgraded from 2.14.22 to 2.15.1.

• The fibers package has been upgraded to 1.0.13.

• The meteor-babel package has been upgraded to 0.10.9.

• The meteor-promise package has been upgraded to 0.7.1, a breakingchange for code that uses Promise.denodeify, Promise.nodeify,Function.prototype.async, or Function.prototype.asyncApply, sincethose APIs have been removed.

• Meteor packages with binary npm dependencies are now automaticallyrebuilt using npm rebuild whenever the version of Node or V8 changes,making it much simpler to use Meteor with different versions of Node.5dc51d39ecc9e8e342884f3b4f8a489f734b4352

• *.min.js files are no longer minified during the build process.PR #6986Issue #5363

• You can now pick where the .meteor/local directory is created by setting the METEOR_LOCAL_DIR environment variable. This lets you run multiple instances of the same Meteor app.PR #6760Issue #6532

• Allow using authType in Facebook login PR #5694

• Adds flush() method to Tracker to force recomputation PR #4710

• Adds defineMutationMethods option (default: true) to new Mongo.Collection to override default behavior that sets up mutation methods (/collection/[insert|update…]) PR #5778

• Allow overridding the default warehouse url by specifying METEOR_WAREHOUSE_URLBASE PR #7054

• Allow _id in $setOnInsert in Minimongo: https://github.com/meteor/meteor/pull/7066

• Added support for $eq to Minimongo: https://github.com/meteor/meteor/pull/4235

• Insert a Date header into emails by default: https://github.com/meteor/meteor/pull/6916/files

• meteor test now supports setting the bind address using —port IP:PORT the same as meteor run PR #6964Issue #6961

• Meteor.apply now takes a noRetry option to opt-out of automatically retrying non-idempotent methods on connection blips: PR #6180

• DDP callbacks are now batched on the client side. This means that after a DDP message arrives, the local DDP client will batch changes for a minimum of 5ms (configurable via bufferedWritesInterval) and a maximum of 500ms (configurable via bufferedWritesMaxAge) before calling any callbacks (such as cursor observe callbacks).

• PhantomJS is no longer included in the Meteor dev bundle (#6905). If youpreviously relied on PhantomJS for local testing, the spiderablepackage, Velocity tests, or testing Meteor from a checkout, you shouldnow install PhantomJS yourself, by running the following commmand:meteor npm install -g phantomjs-prebuilt

• The babel-compiler package now looks for .babelrc files andpackage.json files with a "babel" section. If found, these files maycontribute additional Babel transforms that run before the usualbabel-preset-meteor set of transforms. In other words, if you don'tlike the way babel-preset-meteor handles a particular kind of syntax,you can add your preferred transform plugins to the "presets" or"plugins" section of your .babelrc or package.json file. #6351

• When BabelCompiler cannot resolve a Babel plugin or preset package in.babelrc or package.json, it now merely warns instead ofcrashing. #7179

• Compiler plugins can now import npm packages that are visible to theirinput files using inputFile.require(id). b16e8d50194b37d3511889b316345f31d689b020

• import statements in application modules now declare normal variablesfor the symbols that are imported, making it significantly easier toinspect imported variables when debugging in the browser console or inmeteor shell.

• import statements in application modules are no longer restricted tothe top level, and may now appear inside conditional statements(e.g. if (Meteor.isServer) { import … }) or in nested scopes.

• import statements now work as expected in meteor shell. #6271

• Commands installed in dev_bundle/lib/node_modules/.bin (such asnode-gyp and node-pre-gyp) are now available to scripts run bymeteor npm. e95dfe410e1b43e8131bc2df9d2c29decdd1eaf6

• When building an application using meteor build, "devDependencies"listed in package.json are no longer copied into the bundle. #6750

• Packages tested with meteor test-packages now have access to localnode_modules directories installed in the parent application or in thepackage directory itself. #6827

• You no longer need to specify DEPLOY_HOSTNAME=galaxy.meteor.com to runmeteor deploy (and similar commands) against Galaxy. The AWS us-east-1Galaxy is now the default for DEPLOY_HOSTNAME. If your app's DNS points toanother Galaxy region, meteor deploy will detect that automatically aswell. #7055

• The coffeescript plugin now passes raw JavaScript code enclosed byback-ticks to BabelCompiler, enabling all ECMAScript features(including import and export) within CoffeeScript. #6000 #6691

• The coffeescript package now implies the same runtime environment asecmascript (ecmascript-runtime, babel-runtime, and promise, butnot modules). #7184

• When Meteor packages install npm dependencies, theprocess.env.NPM_CONFIG_REGISTRY environment variable is nowrespected. #7162

• files.rename now always executes synchronously. 9856d1d418a4d19c0adf22ec9a92f7ce81a23b05

• "Bare" files contained by client/compatibility/ directories or addedwith api.addFiles(path, …, { bare: true }) are no longer compiled byBabel. https://github.com/meteor/meteor/pull/7033#issuecomment-225126778

• Miscellaneous fixed bugs: #6877 #6843 #6881

v1.3.2.4, 2016-04-20

Meteor 1.3.2.4 was published because publishing 1.3.2.3 failed in an unrecoverable way. Meteor 1.3.2.4 contains no additional changes beyond the changes in 1.3.2.3.

v1.3.2.3, 2016-04-20

• Reverted accidental changes included in 1.3.2.1 and 1.3.2.2 thatimproved DDP performance by batching updates, but broke some packagesthat relied on private methods of the DDP client Connection class. Seehttps://github.com/meteor/meteor/pull/5680 for more details. Thesechanges will be reinstated in 1.3.3.

v1.3.2.2, 2016-04-18

• Fixed bugs #6819 and #6831.

v1.3.2.1, 2016-04-15

• Fixed faulty comparison of .sourcePath and .targetPath properties offiles scanned by the ImportScanner, which caused problems for appsusing the tap:i18n package. 6e792a7cf25847b8cd5d5664a0ff45c9fffd9e57

v1.3.2, 2016-04-15

• The meteor/meteor repository now includes a Roadmap.md file:https://github.com/meteor/meteor/blob/devel/Roadmap.md

• Running npm install in bundle/programs/server when deploying an appalso rebuilds any binary npm dependencies, fixing #6537. SetMETEOR_SKIP_NPM_REBUILD=1 to disable this behavior if necessary.

• Non-.js(on) files in node_modules (such as .less and .scss) arenow processed by compiler plugins and may be imported by JS. #6037

• The jquery package can now be completely removed from any app (#6563),and uses <app>/node_modules/jquery if available (#6626).

• Source maps are once again generated for all bundled JS files, even ifthey are merely identity mappings, so that the files appear distinct inthe browser, and stack traces make more sense. #6639

• All application files in imports directories are now considered lazy,regardless of whether the app is using the modules package. This couldbe a breaking change for 1.3.2 apps that do not use modules orecmascript but contain imports directories. Workaround: move filesout of imports, or rename imports to something else.

• The npm-bcrypt package has been upgraded to use the latest version(0.8.5) of the bcrypt npm package.

• Compiler plugins can call addJavaScript({ path }) multiple times withdifferent paths for the same source file, and module.id will reflectthis path instead of the source path, if they are different. #6806

• Fixed bugs: https://github.com/meteor/meteor/milestones/Release%201.3.2

• Fixed unintended change to Match.Optional which caused it to behave the same as the new Match.Maybe and incorrectly matching null where it previously would not have allowed it. #6735

v1.3.1, 2016-04-03

• Long isopacket node_modules paths have been shortened, fixing upgradeproblems on Windows. #6609

• Version 1.3.1 of Meteor can now publish packages for earlier versions ofMeteor, provided those packages do not rely on modules. #6484 #6618

• The meteor-babel npm package used by babel-compiler has been upgraded toversion 0.8.4. c8d12aed4e725217efbe86fa35de5d5e56d73c83

• The meteor node and meteor npm commands now return the same exitcodes as their child processes. #6673 #6675

• Missing module warnings are no longer printed for Meteor packages, orfor require calls when require is not a free variable, fixinghttps://github.com/practicalmeteor/meteor-mocha/issues/19.

• Cordova iOS builds are no longer built by Meteor, but merely preparedfor building. 88d43a0f16a484a5716050cb7de8066b126c7b28

• Compiler plugin errors were formerly silenced for files not explicitlyadded in package.js. Now those errors are reported when/if the files areimported by the ImportScanner. be986fd70926c9dd8eff6d8866205f236c8562c4

v1.3, 2016-03-27

ES2015/Modules

• Enable ES2015 and CommonJS modules in Meteor apps and packages, onboth client and server. Also let you install modules in apps andpackage by running npm install. See: https://github.com/meteor/meteor/blob/master/packages/modules/README.md

• Enable ES2015 generators and ES2016 async/await in the ecmascriptpackage.

• Inherit static getters and setters in subclasses, when using theecmascript package. #5624

• Report full file paths on compiler errors when using theecmascript package. #5551

• Now possible to import or require files with a .json fileextension. #5810

• process.env.NODE_ENV is now defined on both client and server aseither development or production, which also determines the booleanflags Meteor.isDevelopment and Meteor.isProduction.

• Absolute identifiers for app modules no longer have the /app/ prefix,and absolute identifiers for Meteor packages now have the prefix/node_modules/meteor/ instead of just /node_modules/, meaning youshould import {Blaze} from "meteor/blaze" instead of from "blaze".

• Package variables imported by application code are once again exposedglobally, allowing them to be accessed from the browser console or frommeteor shell. #5868

• Fixed global variable assignment analysis during linking. #5870 #5819

• Changes to files in node_modules will now trigger a restart of thedevelopment server, just like any other file changes. #5815

• The meteor package now exports a global variable (a la Node) thatprovides a reliable reference to the global object for all Meteor code.

• Packages in local node_modules directories now take precedence overMeteor packages of the same name. #5933

• Upgraded babel-compiler to Babel 6, with the following set of plugins:https://github.com/meteor/babel-preset-meteor/blob/master/index.js

• Lazy CSS modules may now be imported by JS: 12c946ee651a93725f243f790c7919de3d445a19

• Packages in the top-level node_modules directory of an app can now beimported by Meteor packages: c631d3ac35f5ca418b93c454f521989855b8ec72

• Added support for wildcard import and export statements. #5872 #5897

• Client-side stubs for built-in Node modules are now providedautomatically if the meteor-node-stubs npm package is installed. #6056

• Imported file extensions are now optional for file types handled bycompiler plugins. #6151

• Upgraded Babel packages to ~6.5.0: 292824da3f8449afd1cd39fcd71acd415c809c0fNote: .babelrc files are now ignored (#6016), but may be reenabled (#6351).

• Polyfills now provided for process.nextTick and process.platform. #6167 #6198 #6055 efe53de492da6df785f1cbef2799d1d2b492a939

• The meteor test-app command is now meteor test [—full-app]:ab5ab15768136d55c76d51072e746d80b45ec181

• New apps now include a package.json file.c51b8cf7ffd8e7c9ca93768a2df93e4b552c199c

• require.resolve is now supported.https://github.com/benjamn/install/commit/ff6b25d6b5511d8a92930da41db73b93eb1d6cf8

• JSX now enabled in .js files processed by the ecmascript compilerplugin. #6151

• On the server, modules contained within node_modules directories arenow loaded using the native Node require function. #6398

• All <script> tag(s) for application and package code now appear at theend of the <body> rather than in the <head>. #6375

• The client-side version of process.env.NODE_ENV (and other environmentvariables) now matches the corresponding server-side values. #6399

Performance

• Don't reload package catalog from disk on rebuilds unless packagedependencies changed. #5747

• Improve minimongo performance on updating documents when there aremany active observes. #5627

Platform

• Upgrade to Node v0.10.41.

• Allow all types of URLs that npm supports in Npm.dependsdeclarations.

• Split up standard-minifiers in separate CSS(standard-minifiers-css) and JS minifiers(standard-minifiers-js). standard-minifiers now acts as anumbrella package for these 2 minifiers.

• Allow piping commands to meteor shell via STDIN. #5575

• Let users set the CAFILE environment variable to override the SSLroot certificate list. #4757 #5523

• force-ssl is now marked production only.

Cordova

• Cordova dependencies have been upgraded to the latest versions(cordova-lib 6.0.0, cordova-ios 4.0.1, and cordova-android 5.1.0).

• iOS apps now require iOS 8 or higher, and building for iOS requires Xcode 7.2to be installed.

• Building for Android now requires Android SDK 23 to be installed. You may alsoneed to create a new AVD for the emulator.

• Building Cordova Android apps on Windows is now supported. #4155

• The Crosswalk plugin has been updated to 1.4.0.

• Cordova core plugins are now pinned to minimal versions known to be compatiblewith the included platforms. A warning is printed asking people to upgradetheir dependencies if they specify an older version, but we'll always usethe pinned version regardless.

• The plugin used for file serving and hot code push has been completelyrewritten. Among many other improvements, it downloads updates incrementally,can recover from downloading faulty JavaScript code, and is much morereliable and performant.See cordova-plugin-meteor-webappfor more a more detailed description of the new design.

• If the callbacks added with Meteor.startup() do not complete within a settime, we consider a downloaded version faulty and will fallback to the lastknown good version. The default timeout is 20 seconds, but this can beconfigured by setting App.setPreference("WebAppStartupTimeout", "10000");(in milliseconds) in mobile-config.js.

• We now use WKWebView on iOS by default, even on iOS 8 (which works becausewe do not use file:// URLs).

• We now use localhost instead of meteor.local to serve files from. Sincelocalhost is considered a secure origin, this means the web view won'tdisable web platform features that it otherwise would.

• The local server port now lies between 12000-13000 and is chosen based onthe appId, to both be consistent and lessen the chance of collisions betweenmultiple Meteor Cordova apps installed on the same device.

• The plugin now allows for local file access on both iOS and Android, using aspecial URL prefix (http://localhost:<port>/local-filesystem/<path&gt;).

• App icon and launch image sizes have been updated. Low resolution sizes fornow unsupported devices have been deprecated, and higher resolution versionshave been added.

• We now support the modern Cordova whitelist mechanism. App.accessRule hasbeen updated with new options.

• meteor build now supports a —server-only option to avoid buildingthe mobile apps when ios or android platforms have been added. It stillbuilds the web.cordova architecture in the server bundle however, so it canbe served for hot code pushes.

• meteor run now always tries to use an autodetected IP address as themobile ROOT_URL, even if we're not running on a device. This avoids a situationwhere an app already installed on a device connects to a restarted developmentserver and receives a localhost ROOT_URL. #5973

• Fixed a discrepancy between the way we calculated client hashes during a mobilebuild and on the server, which meant a Cordova app would always download anew version the first time it started up.

• In Cordova apps, Meteor.startup() now correctly waits for thedevice to be ready before firing the callback.

Accounts

• Make Accounts.forgotPassword treat emails as case insensitive, asthe rest of the accounts system does.

Blaze

• Don't throw in certain cases when calling a template helper with anempty data context. #5411 #5736

• Improve automatic blocking of URLs in attribute values to alsoinclude vbscript: URLs.

Check

• Introduced new matcher Match.Maybe(type) which will also match (permit) null in addition to undefined. This is a suggested replacement (where appropriate) for Match.Optional which did not permit null. This prevents the need to use Match.OneOf(null, undefined, type). #6220

Testing

• Packages can now be marked as testOnly to only run as part of apptesting with meteor test. This is achieved by settingtestOnly: true to Package.describe.

Uncategorized

• Remove warning in the simple-todos-react example app. #5716

• Fix interaction between browser-policy and oauth packages. #5628

• Add README.md to the tinytest package. #5750

• Don't crash when calling ReactiveDict.prototype.clear if aproperty with a value wasn't previously accessed. #5530 #5602

• Move DDPRateLimiter to the server only, since it won't work if itis called from the client. It will now error if referenced from theclient at all.

• Don't call function more than once when passing a Match.Whereargument to check. #5630 #5651

• Fix empty object argument check in this.subscribe intemplates. #5620

• Make HTTP.call not crash on undefined content. #5565 #5601

• Return observe handle fromMongo.Collection.prototype._publishCursor. #4983 #5615

• Add 'Did you mean?' reminders for some CLI commands to help Railsdevelopers. #5593

• Make internal shell scripts compatible with other Unix-likesystems. #5585

• Add a _pollingInterval option to coll.find() that can be used inconjunction with _disableOplog: true. #5586

• Expose Tinytest internals which can be used to extend it. #3541

• Improve error message from check when passing in null. #5545

• Split up standard-minifiers in separate CSS (standard-minifier-css) and JSminifiers(standard-minifier-js). standard-minifiers now acts as an umbrella package for these2 minifiers.

• Detect new Facebook user-agent in the spiderable package. #5516

• Match.ObjectIncluding now really requires plain objects. #6140

• Allow git+ URL schemes for npm dependencies. #844

• Expose options disableOplog, pollingIntervalMs, andpollingThrottleMs to Cursor.find for tuning observe parameterson the server.

• Expose dynamicHead and dynamicBody hooks in boilerplate generation allowing code to inject content into the body and head tags from the server. #3860

• Add methods of the form BrowserPolicy.content.allow<ContentType>BlobUrl() to BrowserPolicy #5141

• Move <script> tags to end of <body> to enable 'loading' UI to be inserted into the boilerplate #6375

• Adds WebAppInternals.setBundledJsCssUrlRewriteHook allowing apps to supply a hook function that can create a dynamic bundledJsCssPrefix at runtime. This is useful if you're using a CDN by giving you a way to ensure the CDN won't cache broken js/css resources during an app upgrade.

Patches contributed by GitHub users vereed, mitar, nathan-muir,robfallows, skishore, okland, Primigenus, zimme, welelay, rgoomar,bySabi, mbrookes, TomFreudenberg, TechPlexEngineer, zacharydenton,AlexeyMK, gwendall, dandv, devgrok, brianlukoff.

v.1.2.1, 2015-10-26

• coll.insert() now uses a faster (but cryptographically insecure)algorithm to generate document IDs when called outside of a methodand an _id field is not explicitly passed. With this change, thereare no longer two algorithms used to generate documentIDs. Random.id() can still be used to generate cryptographicallysecure document IDs. #5161

• The ecmascript-collections package has been renamed toecmascript-runtime and now includes a more complete selection ofES2015 polyfills and shims from core-js.The complete list can be foundhere.

• Check type of onException argument to bindEnvironment. #5271

• WebApp's PORT environment variable can now be a named pipe to better supportdeployment on IIS on Windows. 4413

• Template.dynamic can be now used as a block helper:{{#Template.dynamic}} … {{/Template.dynamic}} #4756

• Collection#allow/deny now throw errors when passed falsy values. #5442

• source-map has been updated to a newer patch version, which fixes major bugsin particular around loading bundles generated by Webpack. #5411

• check now returns instead of throwing errors internally, which should makeit much faster. check is used in many core Meteor packages, so this shouldresult in small performance improvements across the framework. #4584

• The userEmail option to Meteor.loginWithMeteorDeveloperAccount has beenrenamed to loginHint, and now supports Google accounts as well. The oldoption still works for backwards compatibility. #2422#5313

• The old addFiles API for adding package assets no longer throws an error,making it easier to share packages between pre- and post-1.2 versions ofMeteor. #5458

• Normally, you can't deploy to free meteor.com hosting or Galaxy from anon-Linux machine if you have local non-published packages with binarydependencies, nor can you run meteor build —architecture SomeOtherArch. Asa temporary workaround, if you set the METEOR_BINARY_DEP_WORKAROUNDvariable, you will be able to deploy to Galaxy (but not free meteor.comhosting), and tarballs built with meteor build will contain aprograms/server/setup.sh shell script which should be run on the server toinstall those packages.

v1.2.0.2, 2015-09-28

• Update Crosswalk plugin for Cordova to 1.3.1. #5267

• Fix meteor add for a Cordova plugin using a Git URL with SHA.

• Upgraded the promise package to use meteor-promise@0.5.0, which usesthe global Promise constructor in browsers that define it natively.

• Fix error in assigning attributes to <body> tag when using Blaze templatesor static-html. #5232

v1.2.0.1, 2015-09-22

• Fix incorrect publishing of packages with exports but no source. #5228

v1.2, 2015-09-21

There are quite a lot of changes in Meteor 1.2. See theWiki fora shorter list of breaking changes you should be aware of when upgrading.

Core Packages

• meteor-platform has been deprecated in favor of the smaller meteor-base,with apps listing their other dependencies explicitly. The v1.2 upgraderwill rewrite meteor-platform in existing apps. meteor-base puts fewersymbols in the global namepsace, so it's no longer true that all appshave symbols like Random and EJSON in the global namespace.

• New packages: ecmascript, es5-shim, ecmascript-collections, promise,static-html, jshint, babel-compiler

• No longer include the json package by default, which contains code forJSON.parse and JSON.stringify. (The last browser to not support JSONnatively was Internet Explorer 7.)

• autoupdate has been renamed hot-code-push

Meteor Accounts

• Login attempts are now rate-limited by default. This can be turned offusing Accounts.removeDefaultRateLimit().

• loginWithPassword now matches username or email in a case insensitivemanner. If there are multiple users with a username or email only differingin case, a case sensitive match is required. #550

• loginWithGithub now requests user:email scope by default, and attemptsto fetch the user's emails. If no public email has been set, we use theprimary email instead. We also store the complete list of emails. #4545

• When an account's email address is verified, deactivate other verificationtokens. #4626

• Fix bug where blank page is shown when an expired login token ispresent. #4825

• Fix OAuth1Binding.prototype.call when making requests to Twitterwith a large parameter set.

• Directions for setting up Google OAuth in accounts-ui have been updated tomatch Google's new requirements.

• Add Accounts.oauth.unregisterService method, and ensure that users can onlylog in with currently registered services. #4014

• The accounts-base now defines reusable AccountsClient andAccountsServer constructors, so that users can create multipleindependent instances of the Accounts namespace. #4233

• Create an index for Meteor.users onservices.email.verificationTokens.token (instead ofemails.validationTokens.token, which never was used for anything). #4482

• Remove an IE7-specific workaround from accounts-ui. #4485

Livequery

• Improved server performance by reducing overhead of processing oplog afterdatabase writes. Improvements are most noticeable in case when a method isdoing a lot of writes on collections with plenty of active observers. #4694

Mobile

• The included Cordova tools have been updated to the latest version 5.2.0.This includes Cordova Android 4.1 and Cordova iOS 3.9. These updates mayrequire you to make changes to your app. For details, see the Cordova releasenotes for for the different versions.

• Thanks to Cordova Android's support for pluggable web views, it is nowpossible to install the Crosswalk plugin, whichoffers a hugely improved web view on older Android versions.You can add the plugin to your app with meteor add crosswalk.

• The bundled Android tools have been removed and a system-wide install of theAndroid SDK is now required. This should make it easier to keep thedevelopment toolchain up to date and helps avoid some difficult to diagnosefailures. If you don't have your own Android tools installed already, you canfind more information about installing the Android SDK for Macor Linux.

• As part of moving to npm, many Cordova plugins have been renamed. Meteorshould perform conversions automatically, but you may want to be aware of thisto avoid surprises. See herefor more information.

• Installing plugins from the local filesystem is now supported using file://URLs, which should make developing your own plugins more convenient. It isalso needed as a temporary workaround for using the Facebook plugin.Relative references are interpreted relative to the Meteor project directory.(As an example,meteor add cordova:phonegap-facebook-plugin@file://../phonegap-facebook-pluginwould attempt to install the plugin from the same directory you Meteor projectdirectory is located in.)

• Meteor no longer supports installing Cordova plugins from tarball URLs, butdoes support Git URLs with a SHA reference (likehttps://github.com/apache/cordova-plugin-file#c452f1a67f41cb1165c92555f0e721fbb07329cc).Existing GitHub tarball URLs are converted automatically.

• Allow specifying a buildNumber in App.info, which is used to set theandroid-versionCode and ios-CFBundleVersion in the config.xml of theCordova project. The build number is used to differentiate betweendifferent versions of the app, and should be incremented before distributinga built app to stores or testing services. #4048

• Other changes include performance enhancements when building and running,and improved requirements checking and error reporting.

• Known issue: we do not currently show logging output when running on theiOS Simulator. As a workaround, you can meteor run ios-device to open theproject in Xcode and watch the output there.

Templates/Blaze

• New syntax: Handlebars sub-expressions are now supported — as in,{{helper (anotherHelper arg1 arg2)}} — as well as new block helper forms#each .. in .. and #let x=y. Seehttps://github.com/meteor/meteor/tree/devel/packages/spacebars

• Add a special case for the new react-template-helper package — don't lettemplates use {{> React}} with siblings since React.render assumes it'sbeing rendered into an empty container element. (This lets us throw the errorwhen compiling templates rather than when the app runs.)

• Improve parsing of <script> and <style> tags. #3797

• Fix a bug in observe-sequence. The bug was causing unnecessary rerenderingsin an instance of #each block helper followed by false "duplicate ids"warnings. #4049

• TemplateInstance#subscribe now has a new connection option, whichspecifies which connection should be used when making the subscription. Thedefault is Meteor.connection, which is the connection used when callingMeteor.subscribe.

• Fix external <script> tags in body or templates. #4415

• Fix memory leak. #4289

• Avoid recursion when materializing DOM elements, to avoid stack overflowerrors in certain browsers. #3028

• Blaze and Meteor's built-in templating are now removable usingmeteor remove blaze-html-templates. You can add back support for statichead and body tags in .html files by using the static-html package.

DDP

• Websockets now support thepermessage-deflateextension, which compresses data on the wire. It is enabled by default on theserver. To disable it, set $SERVER_WEBSOCKET_COMPRESSION to 0. To configurecompression options, set $SERVER_WEBSOCKET_COMPRESSION to a JSON object thatwill be used as an argument todeflate.configure.Compression is supported on the client side by Meteor's Node DDP client and bybrowsers including Chrome, Safari, and Firefox 37.

• The ddp package has been split into ddp-client and ddp-server packages;using ddp is equivalent to using both. This allows you to use the Node DDPclient without adding the DDP server to your app. #4191#3452

• On the client, Meteor.call now takes a throwStubExceptions option; if set,exceptions thrown by method stubs will be thrown instead of logged, and themethod will not be invoked on the server. #4202

• sub.ready() should return true inside that subscription's onReadycallback. #4614

• Fix method calls causing broken state when socket is reconnecting. #5104

Isobuild

• Build plugins will no longer process files whose names match the extensionexactly (with no extra dot). If your build plugin needs to match filenamesexactly, you should use the new build plugin API in this release whichsupplies a special filenames option. #3985

• Adding the same file twice in the same package is now an error. Previously,this could either lead to the file being included multiple times, or to abuild time crash.

• You may now specify the bare option for JavaScript files on the server.Previous versions only allowed this on the client. #3681

• Ignore node_modules directories in apps instead of processing them as Meteorsource code. #4457#4452

• Backwards-incompatible change for package authors: Static assets in package.js files must now beexplicitly declared by using addAssets instead of addFiles. Previously,any file that didn't have a source handler was automatically registered as aserver-side asset. The isAsset option to addFiles is also deprecated infavor of addAssets.

• Built files are now always annotated with line number comments, to improve thedebugging experience in browsers that don't support source maps.

• There is a completely new API for defining build plugins that cache theiroutput. There are now special APIs for defining linters and minifiers inaddition to compilers. The core Meteor packages for less, coffee, stylusand html files have been updated to use this new API. Read more on theWiki page.

CSS

• LESS and Stylus now support cross-package imports.

• CSS concatenation and minification is delegated to the standard-minifierspackage, which is present by default (and added to existing apps by the v1.2upgrader).

• CSS output is now split into multiple stylesheets to avoid hitting limits onrules per stylesheet in certain versions of Internet Explorer. #1876

Mongo

• The oplog observe driver now properly updates queries when you drop adatabase. #3847

• MongoID logic has been moved out of minimongo into a new package calledmongo-id.

• Fix Mongo upserts with dotted keys in selector. #4522

meteor command-line tool

• You can now create three new example apps with the command line tool. Theseare the apps from the official tutorials at http://meteor.com/tutorials, whichdemonstrate building the same app with Blaze, Angular, and React. Try theseapps with:

  meteor create --example simple-todos
  meteor create --example simple-todos-react
  meteor create --example simple-todos-angular

• meteor shell no longer crashes when piped from another command.

• Avoid a race condition in meteor —test and work with newer versions of theVelocity package. #3957

• Improve error handling when publishing packages. #3977

• Improve messaging around publishing binary packages. #3961

• Preserve the value of _ in meteor shell. #4010

• meteor mongo now works on OS X when certain non-ASCII characters are in thepathname, as long as the pgrep utility is installed (it ships standard withOS X 10.8 and newer). #3999

• meteor run no longer ignores (and often reverts) external changes to.meteor/versions which occur while the process is running. #3582

• Fix crash when downloading two builds of the same package versionsimultaneously. #4163

• Improve messages printed by meteor update, displaying list of packagesthat are not at the latest version available.

• When determining file load order, split file paths on path separatorbefore comparing path components alphabetically. #4300

• Fix inability to run mongod due to lack of locale configuration on someplatforms, and improve error message if the failure still occurs. #4019

• New meteor lint command.

Minimongo

• The $push query modifier now supports a $position argument. #4312

• c.update(selector, replacementDoc) no longer shares mutable state betweenreplacementDoc and Minimongo internals. #4377

Email

• Email.send now has a new option, attachments, in the same style asmailcomposer.Details here.

Tracker

• New Tracker.Computation#onStop method. #3915

• ReactiveDict has two new methods, clear and all. clear resetsthe dictionary as if no items had been added, meaning all calls to get willreturn undefined. all converts the dictionary into a regular JavaScriptobject with a snapshot of the keys and values. Inside an autorun, allregisters a dependency on any changes to the dictionary. #3135

Utilities

• New beforeSend option to HTTP.call on the client allows you to directlyaccess the XMLHttpRequest object and abort the call. #4419#3243#3266

• Parse application/javascript and application/x-javascript HTTP replies asJSON too. #4595

• Match.test from the check package now properly compares boolean literals,just like it does with Numbers and Strings. This applies to the checkfunction as well.

• Provide direct access to the mailcomposer npm module used by the emailpackage on EmailInternals.NpmModules. Allow specifying a MailComposerobject to Email.send instead of individual options. #4209

• Expose Spiderable.requestTimeoutMs from spiderable package toallow apps to set the timeout for running phantomjs.

• The spiderable package now reports the URL it's trying to fetch on failure.

Other bug fixes and improvements

• Upgraded dependencies:

  • Node: 0.10.40 (from 0.10.36)
  • uglify-js: 2.4.20 (from 2.4.17)
  • http-proxy: 1.11.1 (from 1.6.0)

• Meteor.loginWithGoogle now supports prompt. Choose a prompt to always bedisplayed on Google login.

• Upgraded coffeescript package to depend on NPM packagescoffeescript@1.9.2 and source-map@0.4.2. #4302

• Upgraded fastclick to 1.0.6 to fix an issue in iOS Safari. #4393

• Fix Error: Can't render headers after they are sent to the client. #4253#4750

• Meteor.settings.public is always available on client and server,and modifications made on the server (for example, during app initialization)affect the value seen by connecting clients. #4704

Windows

• Increase the buffer size for netstat when looking for running Mongo servers. #4125

• The Windows installer now always fetches the latest available version ofMeteor at runtime, so that it doesn't need to be recompiled for every release.

• Fix crash in meteor mongo on Windows. #4711

v1.1.0.3, 2015-08-03

Accounts

• When using Facebook API version 2.4, properly fetch email and other fields.Facebook recently forced all new apps to use version 2.4 of their API. #4743

v1.1.0.2, 2015-04-06

meteor command-line tool

• Revert a change in 1.1.0.1 that caused meteor mongo to fail on some Linuxsystems. #4115, #4124, #4134

v1.1.0.1, 2015-04-02

Blaze

• Fix a regression in 1.1 in Blaze Templates: an error happening when View isinvalidated immediately, causing a client-side crash (accessingdestroyMembers of undefined). #4097

v1.1, 2015-03-31

Windows Support

• The Meteor command line tool now officially supports Windows 7, Windows 8.1,Windows Server 2008, and Windows Server 2012. It can run from PowerShell orCommand Prompt.

• There is a native Windows installer that will be available for download fromhttps://www.meteor.com/install starting with this release.

• In this release, Meteor on Windows supports all features available on Linuxand Mac except building mobile apps with PhoneGap/Cordova.

• The meteor admin get-machine command now supports an additionalarchitecture, os.windows.x86_32, which can be used to build binary packagesfor Windows.

Version Solver

• The code that selects compatible package versions for meteor updateand resolves conflicts on meteor add has been rewritten from the ground up.The core solver algorithm is now based on MiniSat, an open-source SAT solver,improving performance and maintainability.

• Refresh the catalog instead of downgrading packages when the versions in.meteor/versions aren't in the cache. #3653

• Don't downgrade packages listed in .meteor/packages, or upgrade to a newmajor version, unless the new flag —allow-incompatible-update is passedas an override.

• Error messages are more detailed when constraints are unsatisfiable.

• Prefer "patched" versions of new indirect dependencies, and take patchesto them on meteor update (for example, 1.0.1 or 1.0.0_1 over 1.0.0).

• Version Solver is instrumented for profiling (METEOR_PROFILE=1 in theenvironment).

• Setting the METEOR_PRINT_CONSTRAINT_SOLVER_INPUT environment variableprints information useful for diagnosing constraint solver bugs.

Tracker

• Schedule the flush cycle using a better technique than setTimeout whenavailable. #3889

• Yield to the event loop during the flush cycle, unless we're executing asynchronous Tracker.flush(). #3901

• Fix error reporting not being source-mapped properly. #3655

• Introduce a new option for Tracker.autorun - onError. This callback can beused to handle errors caught in the reactive computations. #3822

Blaze

• Fix stack overflow from nested templates and helpers by avoiding recursionduring rendering. #3028

meteor command-line tool

• Don't fail if npm prints more than 200K. #3887

Other bug fixes and improvements

• Upgraded dependencies:

  • uglify-js: 2.4.17 (from 2.4.13)

Patches contributed by GitHub users hwillson, mitar, murillo128, Primigenus,rjakobsson, and tmeasday.

v1.0.5, 2015-03-25

• This version of Meteor now uses version 2.2 of the Facebook API forauthentication, instead of 1.0. If you use additional Facebook API methodsbeyond login, you may need to request new permissions.

Facebook will automatically switch all apps to API version 2.0 on April30th, 2015. Please make sure to update your application's permissions and APIcalls by that date.

For more details, seehttps://github.com/meteor/meteor/wiki/Facebook-Graph-API-Upgrade

v1.0.4.2, 2015-03-20

• Fix regression in 1.0.4 where using Cordova for the first time in a projectwith hyphens in its directory name would fail. #3950

v1.0.4.1, 2015-03-18

• Fix regression in 1.0.4 where meteor publish-for-arch only worked forpackages without colons in their name. #3951

v1.0.4, 2015-03-17

Mongo Driver

• Meteor is now tested against MongoDB 2.6 by default (and the bundled versionused by meteor run has been upgraded). It should still work fine withMongoDB 2.4. Previous versions of Meteor mostly worked with MongoDB 2.6, witha few caveats:

  • Some upsert invocations did not work with MongoDB in previous versions ofMeteor.
  • Previous versions of Meteor required setting up a special "user-definedrole" with access to the system.replset table to use the oplog observedriver with MongoDB 2.6. These extra permissions are not required withthis version of Meteor.The MongoDB command needed to set up user permissions for the oplog observedriver is slightly different in MongoDB 2.6; seehttps://github.com/meteor/meteor/wiki/Oplog-Observe-Driver for details.

We have also tested Meteor against the recently-released MongoDB 3.0.0.While we are not shipping MongoDB 3.0 with Meteor in this release (preferringto wait until its deployment is more widespread), we believe that Meteor1.0.4 apps will work fine when used with MongoDB 3.0.0 servers.

• Fix 0.8.1 regression where failure to connect to Mongo at startup would log amessage but otherwise be ignored. Now it crashes the process, as it did before0.8.1. #3038

• Use correct transform for allow/deny rules in update when different ruleshave different transforms. #3108

• Provide direct access to the collection and database objects from the npmMongo driver via new rawCollection and rawDatabase methods onMongo.Collection. #3640

• Observing or publishing an invalid query now throws an error instead ofeffectively hanging the server. #2534

Livequery

• If the oplog observe driver gets too far behind in processing the oplog, skipentries and re-poll queries instead of trying to keep up. #2668

• Optimize common cases faced by the "crossbar" data structure (used by oplogtailing and DDP method write tracking). #3697

• The oplog observe driver recovers from failed attempts to apply the modifierfrom the oplog (eg, because of empty field names).

Minimongo

• When acting as an insert, c.upsert({_id: 'x'}, {foo: 1}) now uses the _idof 'x' rather than a random _id in the Minimongo implementation ofupsert, just like it does for c.upsert({_id: 'x'}, {$set: {foo: 1}}).(The previous behavior matched a bug in the MongoDB 2.4 implementation ofupsert that is fixed in MongoDB 2.6.) #2278

• Avoid unnecessary work while paused in minimongo.

• Fix bugs related to observing queries with field filters: changed callbacksshould not trigger unless a field in the filter has changed, and changedcallbacks need to trigger when a parent of an included field isunset. #2254#3571

• Disallow setting fields with empty names in minimongo, to match MongoDB 2.6semantics.

DDP

• Subscription handles returned from Meteor.subscribe andTemplateInstance#subscribe now have a subscriptionId property to identifywhich subscription the handle is for.

• The onError callback to Meteor.subscribe has been replaced with a moregeneral onStop callback that has an error as an optional first argument.The onStop callback is called when the subscription is terminated forany reason. onError is still supported for backwards compatibility. #1461

• The return value from a server-side Meteor.call or Meteor.apply is now aclone of what the function returned rather than sharing mutable state. #3201

• Make it easier to use the Node DDP client implementation without running a webserver too. #3452

Blaze

• Template instances now have a subscribe method that functions exactly likeMeteor.subscribe, but stops the subscription when the template is destroyed.There is a new method on Template instances called subscriptionsReady()which is a reactive function that returns true when all of the subscriptionsmade with TemplateInstance#subscribe are ready. There is also a built-inhelper that returns the same thing and can be accessed withTemplate.subscriptionsReady inside any template.

• Add onRendered, onCreated, and onDestroyed methods toTemplate. Assignments to Template.foo.rendered and so forth are deprecatedbut are still supported for backwards compatibility.

• Fix bug where, when a helper or event handler was called from inside a customblock helper, Template.instance() returned the Template.contentBlocktemplate instead of the actual user-defined template, making it difficult touse Template.instance() for local template state.

• Template.instance() now works inside Template.body. #3631

• Allow specifying attributes on <body> tags in templates.

• Improve performance of rendering large arrays. #3596

Isobuild

• Support Npm.require('foo/bar'). #3505#3526

• In package.js files, Npm.require can only require built-in Node modules(and dev bundle modules, though you shouldn't depend on that), not the modulesfrom its own Npm.depends. Previously, such code would work but only on thesecond time a package.js was executed.

• Ignore vim swap files in the public and private directories. #3322

• Fix regression in 1.0.2 where packages might not be rebuilt when the compilerversion changes.

Meteor Accounts

• The accounts-password Accounts.emailTemplates can now specify arbitraryemail headers. The from address can now be set separately on theindividual templates, and is a function there rather than a staticstring. #2858#2854

• Add login hooks on the client: Accounts.onLogin andAccounts.onLoginFailure. #3572

• Add a unique index to the collection that stores OAuth login configuration toensure that only one configuration exists per service. #3514

• On the server, a new optionAccounts.setPassword(user, password, { logout: false }) overrides thedefault behavior of logging out all logged-in connections for the user. #3846

Webapp

• spiderable now supports escaped #! fragments. #2938

• Disable appcache on Firefox by default. #3248

• Don't overly escape Meteor.settings.public and other parts ofmeteor_runtime_config. #3730

• Reload the client program on SIGHUP or Node-specific IPC messages, notSIGUSR2.

meteor command-line tool

• Enable tab-completion of global variables in meteor shell. #3227

• Improve the stability of meteor shell. #3437#3595#3591

• meteor login —email no longer takes an ignored argument. #3532

• Fix regression in 1.0.2 where meteor run —settings s would ignore errorsreading or parsing the settings file. #3757

• Fix crash in meteor publish in some cases when the package is inside anapp. #3676

• Fix crashes in meteor search —show-all and meteor search —maintainer.#3636

• Kill PhantomJS processes after meteor —test, and only run the apponce. #3205#3793

• Give a better error when Mongo fails to start up due to a full disk. #2378

• After killing existing mongod servers, also clear the mongod.lock file.

• Stricter validation for package names: they cannot begin with a hyphen, endwith a dot, contain two consecutive dots, or start or end with a colon. (Nopackages on Atmosphere fail this validation.) Additionally, meteor create—package applies the same validation as meteor publish and disallowspackages with multiple colons. (Packages with multiple colons likelocal-test:iron:router are used internally by meteor test-packages so thatis not a strict validation rule.)

• meteor create —package now no longer creates a directory with the fullname of the package, since Windows file systems cannot have colon charactersin file paths. Instead, the command now creates a directory named the sameas the second part of the package name after the colon (without the usernameprefix).

Meteor Mobile

• Upgrade the Cordova CLI dependency from 3.5.1 to 4.2.0. See the release notesfor the 4.x series of the Cordova CLI on ApacheCordova.

• Related to the recently discovered attackvectorsin Android Cordova apps, Meteor Cordova apps no longer allow access to alldomains by default. If your app access external resources over XHR, you needto add them to the whitelist of allowed domains with the newly addedApp.accessRulemethod in yourmobile-config.js file.

• Upgrade Cordova Plugins dependencies in Meteor Core packages:

  • org.apache.cordova.file: from 1.3.0 to 1.3.3
  • org.apache.cordova.file-transfer: from 0.4.4 to 0.5.0
  • org.apache.cordova.splashscreen: from 0.3.3 to 1.0.0
  • org.apache.cordova.console: from 0.2.10 to 0.2.13
  • org.apache.cordova.device: from 0.2.11 to 0.3.0
  • org.apache.cordova.statusbar: from 0.1.7 to 0.1.10
  • org.apache.cordova.inappbrowser: from 0.5.1 to 0.6.0
  • org.apache.cordova.inappbrowser: from 0.5.1 to 0.6.0
• Use the newer ios-sim binary, compiled with Xcode 6 on OS X Mavericks.

Tracker

• Use Session.set({k1: v1, k2: v2}) to set multiple values at once.

Utilities

• Provide direct access to all options supported by the request npm module viathe new server-only npmRequestOptions option to HTTP.call. #1703

Other bug fixes and improvements

• Many internal refactorings towards supporting Meteor on Windows are in thisrelease.

• Remove some packages used internally to support legacy MDG systems(application-configuration, ctl, ctl-helper, follower-livedata,dev-bundle-fetcher, and star-translate).

• Provide direct access to some npm modules used by core packages on theNpmModules field of WebAppInternals, MongoInternals, andHTTPInternals.

• Upgraded dependencies:

  • node: 0.10.36 (from 0.10.33)
  • Fibers: 1.0.5 (from 1.0.1)
  • MongoDB: 2.6.7 (from 2.4.12)
  • openssl in mongo: 1.0.2 (from 1.0.1j)
  • MongoDB driver: 1.4.32 (from 1.4.1)
  • bson: 0.2.18 (from 0.2.7)
  • request: 2.53.0 (from 2.47.0)

Patches contributed by GitHub users 0a-, awatson1978, awwx, bwhitty,christianbundy, d4nyll, dandv, DanielDent, DenisGorbachev, fay-jai, gsuess,hwillson, jakozaur, meonkeys, mitar, netanelgilad, queso, rbabayoff, RobertLowe,romanzolotarev, Siilwyn, and tmeasday.

v.1.0.3.2, 2015-02-25

• Fix regression in 1.0.3 where the meteor tool could crash when downloadingthe second build of a given package version; for example, when running meteordeploy on an OSX or 32-bit Linux system for an app containing a binarypackage. #3761

v.1.0.3.1, 2015-01-20

• Rewrite meteor show and meteor search to show package information forlocal packages and to show if the package is installed for non-localpackages. Introduce the —show-all flag, and deprecate the—show-unmigrated and —show-old flags. Introduce the —ejson flag tooutput an EJSON object.

• Support README.md files inmeteor publish. Take in the documentation file inpackage.js (set to README.md by default) and upload it to the server atpublication time. Excerpt the first non-header Markdown section for use inmeteor show.

• Support updates of package version metadata after that version has beenpublished by running meteor publish —update from the package directory.

• Add meteor test-packages —velocity (similar to meteor run —test). #3330

• Fix meteor update <packageName> to update <packageName> even if it's anindirect dependency of your app. #3282

• Fix stack trace when a browser tries to use the server like a proxy. #1212

• Fix inaccurate session statistics and possible multiple invocation ofConnection.onClose callbacks.

• Switch CLI tool filesystem calls from synchronous to yielding (pro: moreconcurrency, more responsive to signals; con: could introduce concurrencybugs)

• Don't apply CDN prefix on Cordova. #3278#3311

• Don't try to refresh client app in the runner unless the app actually has theautoupdate package. #3365

• Fix custom release banner logic. #3353

• Apply HTTP followRedirects option to non-GET requests. #2808

• Clean up temporary directories used by package downloads sooner. #3324

• If the tool knows about the requested release but doesn't know about the buildof its tool for the platform, refresh the catalog rather than failingimmediately. #3317

• Fix meteor —get-ready to not add packages to your app.

• Fix some corner cases in cleaning up app processes in the runner. Dropundocumented —keepalive support. #3315

• Fix CSS autoupdate when $ROOT_URL has a non-trivial path. #3111

• Save Google OAuth idToken to the User service info object.

• Add git info to meteor —version.

• Correctly catch a case of illegal Tracker.flush during Tracker.autorun. #3037

• Upgraded dependencies:

  • jquery: 1.11.2 (from 1.11.0)

Patches by GitHub users DanielDent, DanielDornhardt, PooMaster, Primigenus,Tarang, TomFreudenberg, adnissen, dandv, fay-jai, knownasilya, mquandalle,ogourment, restebanez, rissem, smallhelm and tmeasday.

v1.0.2.1, 2014-12-22

• Fix crash in file change watcher. #3336

• Allow meteor test-packages packages/* even if not all package directorieshave tests. #3334

• Fix typo in meteor shell output. #3326

v1.0.2, 2014-12-19

Improvements to the meteor command-line tool

• A new command called meteor shell attaches an interactive terminal toan already-running server process, enabling inspection and execution ofserver-side data and code, with dynamic tab completion of variable namesand properties. To see meteor shell in action, type meteor run in anapp directory, then (in another terminal) type meteor shell in thesame app directory. You do not have to wait for the app to start beforetyping meteor shell, as it will automatically connect when the serveris ready. Note that meteor shell currently works for local developmentonly, and is not yet supported for apps running on remote hosts.

• We've done a major internal overhaul of the meteor command-line tool with aneye to correctness, maintainability, and performance. Some details include:

  • Refresh the package catalog for build commands only when an erroroccurs that could be fixed by a refresh, not for every build command.
  • Never run the constraint solver to select package versions more than onceper build.
  • Built packages ("isopacks") are now cached inside individual app directoriesinstead of inside their source directories.
  • meteor run starts Mongo in parallel with building the application.
  • The constraint solver no longer leaves a versions.json file in yourpackages source directories; when publishing a package that is not inside anapp, it will leave a .versions file (with the same format as.meteor/versions) which you should check into source control.
  • The constraint solver's model has been simplified so that plugins must usethe same version of packages as their surrounding package when built fromlocal source.

• Using meteor debug no longer requires manually continuing the debugger whenyour app restarts, and it no longer overwrites the symbol _ inside your app.

• Output from the command-line tool is now word-wrapped to the width of yourterminal.

• Remove support for the undocumented earliestCompatibleVersion feature of thepackage system.

• Reduce CPU usage and disk I/O bandwidth by using kernel file-system changenotification events where possible. On file systems that do not support theseevents (NFS, Vagrant Virtualbox shared folders, etc), file changes will onlybe detected every 5 seconds; to detect changes more often in these cases (butuse more CPU), set the METEOR_WATCH_FORCE_POLLING environmentvariable. #2135

• Reduce CPU usage by fixing a check for a parent process in meteorrun that was happening constantly instead of every few seconds. #3252

• Fix crash when two plugins defined source handlers for the sameextension. #3015#3180

• Fix bug (introduced in 0.9.3) where the warning about using experimentalversions of packages was printed too often.

• Fix bug (introduced in 1.0) where meteor update —patch crashed.

• Fix bug (introduced in 0.9.4) where banners about new releases could beprinted too many times.

• Fix crash when a package version contained a dot-separated pre-release partwith both digits and non-digits. #3147

• Corporate HTTP proxy support is now implemented using our websocket library'snew built-in implementation instead of a custom implementation. #2515

Blaze

• Add default behavior for Template.parentData with no arguments. Thisselects the first parent. #2861

• Fix Blaze.remove on a template's view to correctly remove the DOMelements when the template was inserted usingBlaze.renderWithData. #3130

• Allow curly braces to be escaped in Spacebars. Use the specialsequences {{| and {{{| to insert a literal {{ or {{{.

Meteor Accounts

• Allow integration with OAuth1 servers that require additional queryparameters to be passed with the access token. #2894

• Expire a user's password reset and login tokens in all circumstances whentheir password is changed.

Other bug fixes and improvements

• Some packages are no longer released as part of the core release process:amplify, backbone, bootstrap, d3, jquery-history, and jquery-layout. Thismeans that new versions of these packages can be published outside of the fullMeteor release cycle.

• Require plain objects as the update parameter when doing replacementsin server-side collections.

• Fix audit-argument-checks spurious failure when an argument is NaN. #2914

Upgraded dependencies

• node: 0.10.33 (from 0.10.29)
• source-map-support: 0.2.8 (from 0.2.5)
• semver: 4.1.0 (from 2.2.1)
• request: 2.47.0 (from 2.33.0)
• tar: 1.0.2 (from 1.0.1)
• source-map: 0.1.40 (from 0.1.32)
• sqlite3: 3.0.2 (from 3.0.0)
• phantomjs npm module: 1.9.12 (from 1.8.1-1)
• http-proxy: 1.6.0 (from a fork of 1.0.2)
• esprima: 1.2.2 (from an unreleased 1.1-era commit)
• escope: 1.0.1 (from 1.0.0)
• openssl in mongo: 1.0.1j (from 1.0.1g)
• faye-websocket: 0.8.1 (from using websocket-driver instead)
• MongoDB: 2.4.12 (from 2.4.9)

Patches by GitHub users andylash, anstarovoyt, benweissmann, chrisbridgett,colllin, dandv, ecwyne, graemian, JamesLefrere, kevinchiu, LyuGGang, matteodem,mitar, mquandalle, musically-ut, ograycode, pcjpcj2, physiocoder, rgoomar,timhaines, trusktr, Urigo, and zol.

v1.0.1, 2014-12-09

• Fix a security issue in allow/deny rules that could result in dataloss. If your app uses allow/deny rules, or uses packages that useallow/deny rules, we recommend that you update immediately.

v1.0, 2014-10-28

New Features

• Add the meteor admin get-machine command to make it easier topublish packages with binary dependencies for allarchitectures. meteor publish no longer publishes buildsautomatically if your package has binary NPM dependencies.

• New localmarket example, highlighting Meteor's support for mobileapp development.

• Restyle the leaderboard example, and optimize it for both desktopand mobile.

Performance

• Reduce unnecessary syncs with the package server, which speeds upstartup times for many commands.

• Speed up meteor deploy by not bundling unnecessary files andprograms.

• To make Meteor easier to use on slow or unreliable networkconnections, increase timeouts for DDP connections that the Meteortool uses to communicate with the package server. #2777, #2789.

Mobile App Support

• Implemented reasonable default behavior for launch screens on mobileapps.

• Don't build for Android when only the iOS build is required, andvice versa.

• Fix bug that could cause mobile apps to stop being able to receive hotcode push updates.

• Fix bug where Cordova clients connected to http://example.com insteadof https://example.com when https:// was specified in the—mobile-server option. #2880

• Fix stack traces when attempting to build or run iOS apps on Linux.

• Print a warning when building an app with mobile platforms andoutputting the build into the source tree. Outputting a build into thesource tree can cause subsequent builds to fail because they willtreat the build output as source files.

• Exit from meteor run when new Cordova plugins or platforms areadded, since we don't support hot code push for new plugins orplatforms.

• Fix quoting of arguments to Cordova plugins.

• The accounts-twitter package now works in Cordova apps in localdevelopment. For workarounds for other login providers in localdevelopment mode, seehttps://github.com/meteor/meteor/wiki/OAuth-for-mobile-Meteor-clients.

Packaging

• meteor publish-for-arch can publish packages built with different Meteorreleases.

• Fix default api.versionsFrom field in packages created with meteorcreate —package.

• Fix bug where changes in an app's .meteor/versions file would notcause the app to be rebuilt.

Other bug fixes and improvements

• Use TLSv1 in the spiderable package, for compatibility with serversthat have disabled SSLv3 in response to the POODLE bug.

• Work around the meteor run proxy occasionally running out of sockets.

• Fix bug with regular expressions in minimongo. #2817

• Add READMEs for several core packages.

• Include protocols in URLs printed by meteor deploy.

• Improve error message for limited ordered observe. #1643

• Fix missing dependency on random in the autoupdate package. #2892

• Fix bug where all CSS would be removed from connected clients if aCSS-only change is made between local development server restarts orwhen deploying with meteor deploy.

• Increase height of the Google OAuth popup to the Google-recommendedvalue.

• Fix the layout of the OAuth configuration dialog when used withBootstrap.

• Allow build plugins to override the 'bare' option on added sourcefiles. #2834

Patches by GitHub users DenisGorbachev, ecwyne, mitar, mquandalle,Primigenus, svda, yauh, and zol.

v0.9.4.1, 2014-12-09 (backport)

• Fix a security issue in allow/deny rules that could result in dataloss. If your app uses allow/deny rules, or uses packages that useallow/deny rules, we recommend that you update immediately.Backport from 1.0.1.

v0.9.4, 2014-10-13

New Features

• The new meteor debug command and —debug-port command line optionto meteor run allow you to easily use node-inspector to debug yourserver-side code. Add a debugger statement to your code to create abreakpoint.

• Add new a meteor run —test command that runsVelocity tests in yourapp .

• Add new callbacks Accounts.onResetPasswordLink,Accounts.onEnrollmentLink, and Accounts.onEmailVerificationLinkthat make it easier to build custom user interfaces on top of theaccounts system. These callbacks should be registered beforeMeteor.startup fires, and will be called if the URL matches a linkin an email sent by Accounts.resetPassword, etc. Seehttps://docs.meteor.com/#Accounts-onResetPasswordLink.

• A new configuration file for mobile apps,<APP>/mobile-config.js. This allows you to set app metadata, icons,splash screens, preferences, and PhoneGap/Cordova plugin settingswithout needing a cordova_build_override directory. Seehttps://docs.meteor.com/#mobileconfigjs.

API Changes

• Rename {{> UI.dynamic}} to {{> Template.dynamic}}, and likewisewith UI.contentBlock and UI.elseBlock. The UI namespace is nolonger used anywhere except for backwards compatibility.

• Deprecate the Template.someTemplate.myHelper = … syntax in favorof Template.someTemplate.helpers(…). Using the older syntax stillworks, but prints a deprecation warning to the console.

• Package.registerBuildPlugin its associated functions have been addedto the public API, cleaned up, and documented. The new function isidentical to the earlier _transitional_registerBuildPlugin except forminor backwards-compatible API changes. Seehttps://docs.meteor.com/#Package-registerBuildPlugin

• Rename the showdown package to markdown.

• Deprecate the amplify, backbone, bootstrap, and d3 integrationpackages in favor of community alternatives. These packages will nolonger be maintained by MDG.

Tool Changes

• Improved output from meteor build to make it easier to publishmobile apps to the App Store and Play Store. See the wiki pages forinstructions on how to publish youriOSandAndroidapps.

• Packages can now be marked as debug-mode only by adding debugOnly:true to Package.describe. Debug-only packages are not included inthe app when it is bundled for production (meteor build or meteorrun —production). This allows package authors to build packagesspecifically for testing and debugging without increasing the size ofthe resulting app bundle or causing apps to ship with debugfunctionality built in.

• Rework the process for installing mobile development SDKs. There isnow a meteor install-sdk command that automatically install whatsoftware it can and points to documentation for the parts thatrequire manual installation.

• The .meteor/cordova-platforms file has been renamed to.meteor/platforms and now includes the default server andbrowser platforms. The default platforms can't currently be removedfrom a project, though this will be possible in the future. The oldfile will be automatically migrated to the new one when the app is runwith Meteor 0.9.4 or above.

• The unipackage.json file inside downloaded packages has been renamedto isopack.json and has an improved forwards-compatible format. Tomaintain backwards compatibility with previous releases, packages willbe built with both files.

• The local package metadata cache now uses SQLite, which is much fasterthan the previous implementation. This improves meteor command linetool startup time.

• The constraint solver used by the client to find compatible versionsof packages is now much faster.

• The —port option to meteor run now requires a numeric port(e.g. meteor run —port example.com is no longer valid).

• The —mobile-port option meteor run has been reworked. The optionis now —mobile-server in meteor run and —server in meteorbuild. —server is required for meteor build in apps with mobileplatforms installed. —mobile-server defaults to an automaticallydetected IP address on port 3000, and —server requires a hostnamebut defaults to port 80 if a port is not specified.

• Operations that take longer than a few seconds (e.g. downloadingpackages, installing the Android SDK, etc) now show a progress bar.

• Complete support for using an HTTP proxy in the meteor command linetool. Now all DDP connections can work through a proxy. Use the standardhttp_proxy environment variable to specify your proxy endpoint. #2515

Bug Fixes

• Fix behavior of ROOT_URL with path ending in /.

• Fix source maps when using a ROOT_URL with a path. #2627

• Change the mechanism that the Meteor tool uses to clean up app serverprocesses. The new mechanism is more resilient to slow app bundles andother CPU-intensive tasks. #2536, #2588.

Patches by GitHub users cryptoquick, Gaelan, jperl, meonkeys, mitar,mquandalle, prapicault, pscanf, richguan, rick-golden-healthagen,rissem, rosh93, rzymek, and timoabend

v0.9.3.1, 2014-09-30

• Don't crash when failing to contact the package server. #2713

• Allow more than one dash in package versions. #2715

v0.9.3, 2014-09-25

More Package Version Number Flexibility

• Packages now support relying on multiple major versions of theirdependencies (eg blaze@1.0.0 || 2.0.0). Additionally, you can nowcall api.versionsFrom(<release>) multiple times, or with an array(eg api.versionsFrom([<release1>, <release2>]). Meteor willinterpret this to mean that the package will work with packages fromall the listed releases.

• Support for "wrapped package" version numbers. There is now a fieldin version numbers. The field must be an integer, and versions withthe _ are sorted after versions without. This allows using theupstream version number as the Meteor package version number and beingable to publish multiple version of the Meteor package (e.g.jquery@1.11.1_2).

Note: packages using the || operator or the _ symbol in theirversions or dependencies will be invisible to pre-0.9.3 users. Meteorversions 0.9.2 and before do not understand the new version formats andwill not be able to use versions of packages that use the new features.

Other Command-line Tool Improvements

• More detailed constraint solver output. Meteor now tells you whichconstraints prevent upgrading or adding new packages. This will makeit much easier to update your app to new versions.

• Better handling of pre-release versions (e.g. versions with-). Pre-release packages will now be included in an app if and onlyif there is no way to meet the app's constraints without using apre-release package.

• Add meteor admin set-unmigrated to allow maintainers to hidepre-0.9.0 packages in meteor search and meteor show. This will notstop users from continuing to use the package, but it helps preventnew users from finding old non-functional packages.

• Progress bars for time-intensive operations, like downloading largepackages.

Other Changes

• Offically support Meteor.wrapAsync (renamed fromMeteor._wrapAsync). Additionally, Meteor.wrapAsync now lets youpass an object to bind as this in the wrapped call. Seehttps://docs.meteor.com/#meteor_wrapasync.

• The reactive-dict package now allows an optional name argument toenable data persistence during hot code push.

Patches by GitHub users evliu, meonkeys, mitar, mizzao, mquandalle,prapicault, waitingkuo, wulfmeister.

v0.9.2.2, 2014-09-17

• Fix regression in 0.9.2 that prevented some users from accessing theMeteor development server in their browser. Specifically, 0.9.2unintentionally changed the development mode server's default bindhost to localhost instead of 0.0.0.0. #2596

v0.9.2.1, 2014-09-15

• Fix versions of packages that were published with -cordova versionsin 0.9.2 (appcache, fastclick, htmljs, logging, mobile-status-bar,routepolicy, webapp-hashing).

v0.9.2, 2014-09-15

This release contains our first support for building mobile apps inMeteor, for both iOS and Android. This support comes via anintegration with Apache's Cordova/PhoneGap project.

• You can use Cordova/PhoneGap packages in your application or insidea Meteor package to access a device's native functions directly fromJavaScript code.

• The meteor add-platform and meteor run commands now let youlaunch the app in the iOS or Android simulator or run it on anattached hardware device.

• This release extends hot code push to support live updates intoinstalled native apps.

• The meteor bundle command has been renamed to meteor build andnow outputs build projects for the mobile version of the targetedapp.

• Seehttps://github.com/meteor/meteor/wiki/Meteor-Cordova-Phonegap-integrationfor more information about how to get started building mobile appswith Meteor.

  • Better mobile support for OAuth login: you can now use aredirect-based flow inside UIWebViews, and the existing popup-basedflow has been adapted to work in Cordova/PhoneGap apps.

Bug fixes and minor improvements

• Fix sorting on non-trivial keys in Minimongo. #2439

• Bug fixes and performance improvements for the package system'sconstraint solver.

• Improved error reporting for misbehaving oplog observe driver. #2033#2244

• Drop deprecated source map linking format used for older versions ofFirefox. #2385

• Allow Meteor tool to run from a symlink. #2462

• Assets added via a plugin are no longer considered source files. #2488

• Remove support for long deprecated SERVER_ID environmentvariable. Use AUTOUPDATE_VERSION instead.

• Fix bug in reload-safetybelt package that resulted in reload loops inChrome with cookies disabled.

• Change the paths for static assets served from packages. The :character is replaced with the _ character in package names so as toallow serving on mobile devices and ease operation on Windows. Forexample, assets from the abc:bootstrap package are now served at/packages/abc_bootstrap instead of /packages/abc:bootstrap.

• Also change the paths within a bundled Meteor app to allow fordifferent client architectures (eg mobile). For example,bundle/programs/client is now bundle/programs/web.browser.

Patches by GitHub users awwx, mizzao, and mquandalle.

v0.9.1.1, 2014-09-06

• Fix backwards compatibility for packages that had weak dependencieson packages renamed in 0.9.1 (ui, deps, livedata). #2521

• Fix error when using the reactive-dict package without the mongopackage.

v0.9.1, 2014-09-04

Organizations in Meteor developer accounts

Meteor 0.9.1 ships with organizations support in Meteor developeraccounts. Organizations are teams of users that make it easy tocollaborate on apps and packages.

Create an organization athttps://www.meteor.com/account-settings/organizations. Run the meteorauthorized command in your terminal to give an organizationpermissions to your apps. To add an organization as a maintainer ofyour packages, use the meteor admin maintainers command. You canalso publish packages with an organization's name in the package nameprefix instead of your own username.

One backwards incompatible change for templates

• Templates can no longer be named "body" or "instance".

Backwards compatible Blaze API changes

• New public and documented APIs:

  • Blaze.toHTMLWithData()
  • Template.currentData()
  • Blaze.getView()
  • Template.parentData() (previously UI._parentData())
  • Template.instance() (previously UI._templateInstance())
  • Template.body (previously UI.body)
  • new Template (previously Template.create)
  • Blaze.getData() (previously UI.getElementData, or Blaze.getCurrentData with no arguments)

• Deprecate the ui package. Instead, use the blaze package. TheUI and Blaze symbols are now the same.

• Deprecate UI.insert. UI.render and UI.renderWithData nowrender a template and place it in the DOM.

• Add an underscore to some undocumented Blaze APIs to make theminternal. Notably: Blaze._materializeView, Blaze._createView,Blaze._toText, Blaze._destroyView, Blaze._destroyNode,Blaze._withCurrentView, Blaze._DOMBackend,Blaze._TemplateWith

• Document Views. Views are the machinery powering DOM updates inBlaze.

• Expose view property on template instances.

Backwards compatible renames

• Package renames
  • livedata -> ddp
  • mongo-livedata -> mongo
  • standard-app-packages -> meteor-platform
• Symbol renames
  • Meteor.Collection -> Mongo.Collection
  • Meteor.Collection.Cursor -> Mongo.Cursor
  • Meteor.Collection.ObjectID -> Mongo.ObjectID
  • Deps -> Tracker

Other

• Add reactive-var package. Lets you define a single reactivevariable, like a single key in Session.

• Don't throw an exception in Chrome when cookies and local storageare blocked.

• Bump DDP version to "1". Clients connecting with version "pre1" or"pre2" should still work.

• Allow query parameters in OAuth1 URLs. #2404

• Fix meteor list if not all packages on server. Fixes #2468

Patch by GitHub user mitar.

v0.9.0.1, 2014-08-27

• Fix issues preventing hot code reload from automatically reloading webapps intwo cases: when the old app was a pre-0.9.0 app, and when the app usedappcache. (In both cases, an explicit reload still worked.)

• Fix publishing packages containing a plugin with platform-specific code butno platform-specific code in the main package.

• Fix meteor add package@version when the package was already added with adifferent version constraint.

• Improve treatment of pre-release packages (packages with a dash in theirversion). Guarantee that they will not be chosen by the constraint solverunless explicitly requested. meteor list won't suggest that you update tothem.

• Fix slow spiderable executions.

• Fix dev-mode client-only restart when client files changed very soon afterserver restart.

• Fix stack trace on meteor add constraint solver failure.

• Fix "access-denied" stack trace when publishing packages.

v0.9.0, 2014-08-26

Meteor 0.9.0 introduces the Meteor Package Server. Incorporating lessons fromour community's Meteorite tool, Meteor 0.9.0 allows users to develop and publishMeteor packages to a central repository. The meteor publish command is used topublish packages. Non-core packages can now be added with meteor add, and youcan specify version constraints on the packages you use. Binary packages can bepublished for additional architectures with meteor publish-for-arch, whichallows cross-platform deploys and bundling. You can search for packages withmeteor search and display information on them with meteor show, or you canuse the Atmosphere web interface developed by Percolate Studio athttps://atmospherejs.com/

See https://docs.meteor.com/#writingpackages andhttps://docs.meteor.com/#packagejs for more details.

Other packaging-related changes:

• meteor list now lists the packages your app is using, which was formerly thebehavior of meteor list —using. To search for packages you are notcurrently using, use meteor search. The concept of an "internal" package(which did not show up in meteor list) no longer exists.

• To prepare a bundle created with meteor bundle for execution on aserver, you now run npm install with no arguments instead of havingto specify a few specific npm modules and their versionsexplicitly. See the README in the generated bundle for more details.

• All under_score-style package.js APIs (Package.on_use, api.add_files,etc) have been replaced with camelCase names (Package.onUse,api.addFiles, etc). The old names continue to work for now.

• There's a new archMatching option to Plugin.registerSourceHandler, whichshould be used by any plugin whose output is only for the client or only forthe server (eg, CSS and HTML templating packages); this allows Meteor to avoidrestarting the server when files processed by these plugins change.

Other changes:

• When running your app with the local development server, changes that onlyaffect the client no longer require restarting the server. Changes that onlyaffect CSS no longer require the browser to refresh the page, both in localdevelopment and in some production environments. #490

• When a call to match fails in a method or subscription, log thefailure on the server. (This matches the behavior described in our docs)

• The appcache package now defaults to functioning on all browsersthat support the AppCache API, rather than a whitelist of browsers.The main effect of this change is that appcache is now enabled bydefault on Firefox, because Firefox no longer makes a confusingpopup. You can still disable individual browsers withAppCache.config. #2241

• The forceApprovalPrompt option can now be specified in Accounts.ui.configin addition to Meteor.loginWithGoogle. #2149

• Don't leak websocket clients in server-to-server DDP in some cases (and fix"Got open from inactive client"error). https://github.com/faye/websocket-driver-node/pull/8

• Updated OAuth url for login with Meetup.

• Allow minimongo changed callbacks to mutate their oldDocumentargument. #2231

• Fix upsert called from client with no callback. #2413

• Avoid a few harmless exceptions in OplogObserveDriver.

• Refactor observe-sequence package.

• Fix spiderable race condition.

• Re-apply our fix of NPM bug https://github.com/npm/npm/issues/3265 which gotaccidentally reverted upstream.

• Workaround for a crash in recent Safariversions. https://github.com/meteor/meteor/commit/e897539adb

• Upgraded dependencies:

  • less: 1.7.4 (from 1.7.1)
  • tar: 1.0.1 (from 0.1.19)
  • fstream: 1.0.2 (from 0.1.25)

Patches by GitHub users Cangit, dandv, ImtiazMajeed, MaximDubrovin, mitar,mquandalle, rcy, RichardLitt, thatneat, and twhy.

v0.8.3.1, 2014-12-09 (backport)

• Fix a security issue in allow/deny rules that could result in dataloss. If your app uses allow/deny rules, or uses packages that useallow/deny rules, we recommend that you update immediately.Backport from 1.0.1.

v0.8.3, 2014-07-29

Blaze

• Refactor Blaze to simplify internals while preserving the publicAPI. UI.Component has been replaced with Blaze.View.

• Fix performance issues and memory leaks concerning event handlers.

• Add UI.remove, which removes a template after UI.render/UI.insert.

• Add this.autorun to the template instance, which is like Deps.autorunbut is automatically stopped when the template is destroyed.

• Create <a> tags as SVG elements when they have xlink:hrefattributes. (Previously, <a> tags inside SVGs were never created asSVG elements.) #2178

• Throw an error in {{foo bar}} if foo is missing or not a function.

• Cursors returned from template helpers for #each should implementthe observeChanges method and don't have to be Minimongo cursors(allowing new custom data stores for Blaze like Miniredis).

• Remove warnings when {{#each}} iterates over a list of strings,numbers, or other items that contains duplicates. #1980

Meteor Accounts

• Fix regression in 0.8.2 where an exception would be thrown ifMeteor.loginWithPassword didn't have a callback. Callbacks toMeteor.loginWithPassword are now optional again. #2255

• Fix OAuth popup flow in mobile apps that don't supportwindow.opener. #2302

• Fix "Email already exists" error with MongoDB 2.6. #2238

mongo-livedata and minimongo

• Fix performance issue where a large batch of oplog updates could blockthe node event loop for long periods. #2299.

• Fix oplog bug resulting in error message "Buffer inexplicably empty". #2274

• Fix regression from 0.8.2 that caused collections to appear empty inreactive findOne() or fetch queries that run before a mutatorreturns. #2275

Miscellaneous

• Stop including code by default that automatically refreshes the pageif JavaScript and CSS don't load correctly. While this code is usefulin some multi-server deployments, it can cause infinite refresh loopsif there are errors on the page. Add the reload-safetybelt packageto your app if you want to include this code.

• On the server, Meteor.startup(c) now calls c immediately if theserver has already started up, matching the client behavior. #2239

• Add support for server-side source maps when debugging withnode-inspector.

• Add WebAppInternals.addStaticJs() for adding static JavaScript codeto be served in the app, inline if allowed by browser-policy.

• Make the tinytest/run method return immediately, so that waitmethod calls from client tests don't block on server tests completing.

• Log errors from method invocations on the client if there is nocallback provided.

• Upgraded dependencies:

  • node: 0.10.29 (from 0.10.28)
  • less: 1.7.1 (from 1.6.1)

Patches contributed by GitHub users Cangit, cmather, duckspeaker, zol.

v0.8.2, 2014-06-23

Meteor Accounts

• Switch accounts-password to use bcrypt to store passwords on theserver. (Previous versions of Meteor used a protocol called SRP.)Users will be transparently transitioned when they log in. Thistransition is one-way, so you cannot downgrade a production app onceyou upgrade to 0.8.2. If you are maintaining an authenticating DDPclient:

  • Clients that use the plaintext password login handler (i.e. callthe login method with argument { password: <plaintextpassword> }) will continue to work, but users will not betransitioned from SRP to bcrypt when logging in with this loginhandler.
  • Clients that use SRP will no longer work. These clients shouldinstead directly call the login method, as inMeteor.loginWithPassword. The argument to the login methodcan be either:
    • { password: <plaintext password> }, or
    • { password: { digest: <password hash>, algorithm: "sha-256" } },where the password hash is the hex-encoded SHA256 hash of theplaintext password.

• Show the display name of the currently logged-in user after followingan email verification link or a password reset link in accounts-ui.

• Add a userEmail option to Meteor.loginWithMeteorDeveloperAccountto pre-fill the user's email address in the OAuth popup.

• Ensure that the user object has updated token information beforeit is passed to email template functions. #2210

• Export the function that serves the HTTP response at the end of anOAuth flow as OAuth._endOfLoginResponse. This function can beoverridden to make the OAuth popup flow work in certain mobileenvironments where window.opener is not supported.

• Remove support for OAuth redirect URLs with a redirect queryparameter. This OAuth flow was never documented and never fullyworked.

Blaze

• Blaze now tracks individual CSS rules in style attributes and won'toverwrite changes to them made by other JavaScript libraries.

• Add {{> UI.dynamic}} to make it easier to dynamically render atemplate with a data context.

• Add UI._templateInstance() for accessing the current templateinstance from within a block helper.

• Add UI._parentData(n) for accessing parent data contexts fromwithin a block helper.

• Add preliminary API for registering hooks to run when Blaze intends toinsert, move, or remove DOM elements. For example, you can use thesehooks to animate nodes as they are inserted, moved, or removed. To usethem, you can set the _uihooks property on a container DOMelement. _uihooks is an object that can have any subset of thefollowing three properties:

  • insertElement: function (node, next): called when Blaze intendsto insert the DOM element node before the element next
  • moveElement: function (node, next): called when Blaze intends tomove the DOM element node before the element next
  • removeElement: function (node): called when Blaze intends toremove the DOM element nodeNote that when you set one of these functions on a containerelement, Blaze will not do the actual operation; it's yourresponsibility to actually insert, move, or remove the node (bycalling $(node).remove(), for example).

• The findAll method on template instances now returns a vanillaarray, not a jQuery object. The $ method continues toreturn a jQuery object. #2039

• Fix a Blaze memory leak by cleaning up event handlers when a templateinstance is destroyed. #1997

• Fix a bug where helpers used by {{#with}} were still re-running whentheir reactive data sources changed after they had been removed fromthe DOM.

• Stop not updating form controls if they're focused. If a field isedited by one user while another user is focused on it, it will justlose its value but maintain its focus. #1965

• Add _nestInCurrentComputation option to UI.render, fixing a bug in{{#each}} when an item is added inside a computation that subsequentlygets invalidated. #2156

• Fix bug where "=" was not allowed in helper arguments. #2157

• Fix bug when a template tag immediately follows a Spacebars blockcomment. #2175

Command-line tool

• Add —directory flag to meteor bundle. Setting this flag outputs adirectory rather than a tarball.

• Speed up updates of NPM modules by upgrading Node to include our fix forhttps://github.com/npm/npm/issues/3265 instead of passing —force tonpm install.

• Always rebuild on changes to npm-shrinkwrap.json files. #1648

• Fix uninformative error message when deploying to long hostnames. #1208

• Increase a buffer size to avoid failing when running MongoDB due to alarge number of processes running on the machine, and fix the errormessage when the failure does occur. #2158

• Clarify a meteor mongo error message when using the MONGO_URLenvironment variable. #1256

Testing

• Run server tests from multiple clients serially instead of inparallel. This allows testing features that modify global serverstate. #2088

Security

• Add Content-Type headers on JavaScript and CSS resources.

• Add X-Content-Type-Options: nosniff header tobrowser-policy-content's default policy. If you are usingbrowser-policy-content and you don't want your app to send thisheader, then call BrowserPolicy.content.allowContentTypeSniffing().

• Use Meteor.absoluteUrl() to compute the redirect URL in the force-sslpackage (instead of the host header).

Miscellaneous

• Allow check to work on the server outside of a Fiber. #2136

• EJSON custom type conversion functions should not be permitted to yield. #2136

• The legacy polling observe driver handles errors communicating with MongoDBbetter and no longer gets "stuck" in some circumstances.

• Automatically rewind cursors before calls to fetch, forEach, or map. Onthe client, don't cache the return value of cursor.count() (consistentlywith the server behavior). cursor.rewind() is now a no-op. #2114

• Remove an obsolete hack in reporting line numbers for LESS errors. #2216

• Avoid exceptions when accessing localStorage in certain InternetExplorer configurations. #1291, #1688.

• Make handle.ready() reactively stop, where handle is asubscription handle.

• Fix an error message from audit-argument-checks after login.

• Make the DDP server send an error if the client sends a connectmessage with a missing or malformed support field. #2125

• Fix missing jquery dependency in the amplify package. #2113

• Ban inserting EJSON custom types as documents. #2095

• Fix incorrect URL rewrites in stylesheets. #2106

• Upgraded dependencies:

  • node: 0.10.28 (from 0.10.26)
  • uglify-js: 2.4.13 (from 2.4.7)
  • sockjs server: 0.3.9 (from 0.3.8)
  • websocket-driver: 0.3.4 (from 0.3.2)
  • stylus: 0.46.3 (from 0.42.3)

Patches contributed by GitHub users awwx, babenzele, Cangit, dandv,ducdigital, emgee3, felixrabe, FredericoC, jbruni, kentonv, mizzao,mquandalle, subhog, tbjers, tmeasday.

v0.8.1.3, 2014-05-22

• Fix a security issue in the spiderable package. spiderable nowuses the ROOT_URL environment variable instead of the Host header todetermine which page to snapshot.

• Fix hardcoded Twitter URL in oauth1 package. This fixes a regressionin 0.8.0.1 that broke Atmosphere packages that do OAuth1logins. #2154.

• Add credentialSecret argument to Google.retrieveCredential, whichwas forgotten in a previous release.

• Remove nonexistent -a and -r aliases for —add and —remove inmeteor help authorized. #2155

• Add missing underscore dependency in the oauth-encryption package. #2165

• Work around IE8 bug that caused some apps to fail to render whenminified. #2037.