Merge pull request from GHSA-xqp8-w826-hh6x
* Added a test case that triggers the query parameter crash * rest.js: validate the explain parameter to keep the nodejs driver from throwing an uncatchable exception and crashing the server (see https://jira.mongodb.org/browse/NODE-3463) RestQuery.js: Check whether explain mode is enabled not by "!== true", but by the "!" operator. explain can have string values. Added tests that validate correct behaviour on different explain values * Refactor the new tests * Simplify the new tests Also do a sanity check on the explain results * Test refactor * Exclude queryPlannerExtended as it is not supported by the testing environment Simplifies the tests * Restrict the changes to mongodb Moved the verification of the explain value from rest.js to MongoStorageAdapter.js Also restricted the relevant unit tests to mongodb * Added changelog entry * reformat changelog entry * Update CHANGELOG.md Co-authored-by: Kartal Kaan Bozdoğan <kartalkaanbozdogan@gmail.com> Co-authored-by: Manuel <5673677+mtrezza@users.noreply.github.com>
This commit is contained in:
Antonio Davi Macedo Coelho de Castro
committed by
GitHub
GitHub
parent
1e0d408ca3
commit
308668c894
13
CHANGELOG.md
13
CHANGELOG.md
@@ -4,7 +4,8 @@ Jump directly to a version:
|
||||
|
||||
| 4.x |
|
||||
|--------------------------------------|
|
||||
| [**4.10.2 (latest release)**](#4102) |
|
||||
| [**4.10.3 (latest release)**](#4103) |
|
||||
| [4.10.2](#4102) |
|
||||
| [4.10.1](#4101) |
|
||||
| [4.10.0](#4100) |
|
||||
| [4.5.2](#452) |
|
||||
@@ -93,7 +94,8 @@ Jump directly to a version:
|
||||
___
|
||||
|
||||
## Unreleased (Master Branch)
|
||||
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.2...master)
|
||||
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.3...master)
|
||||
|
||||
### Breaking Changes
|
||||
- Improved schema caching through database real-time hooks. Reduces DB queries, decreases Parse Query execution time and fixes a potential schema memory leak. If multiple Parse Server instances connect to the same DB (for example behind a load balancer), set the [Parse Server Option](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html) `databaseOptions.enableSchemaHooks: true` to enable this feature and keep the schema in sync across all instances. Failing to do so will cause a schema change to not propagate to other instances and re-syncing will only happen when these instances restart. The options `enableSingleSchemaCache` and `schemaCacheTTL` have been removed. To use this feature with MongoDB, a replica set cluster with [change stream](https://docs.mongodb.com/manual/changeStreams/#availability) support is required. (Diamond Lewis, SebC) [#7214](https://github.com/parse-community/parse-server/issues/7214)
|
||||
- Added file upload restriction. File upload is now only allowed for authenticated users by default for improved security. To allow file upload also for Anonymous Users or Public, set the `fileUpload` parameter in the [Parse Server Options](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html) (dblythy, Manuel Trezza) [#7071](https://github.com/parse-community/parse-server/pull/7071)
|
||||
@@ -101,6 +103,7 @@ ___
|
||||
- Remove support for MongoDB 3.6 which has reached its End-of-Life date and PostgreSQL 10 (Manuel Trezza) [#7315](https://github.com/parse-community/parse-server/pull/7315)
|
||||
- Remove support for Node 10 which has reached its End-of-Life date (Manuel Trezza) [#7314](https://github.com/parse-community/parse-server/pull/7314)
|
||||
- Remove S3 Files Adapter from Parse Server, instead install separately as `@parse/s3-files-adapter` (Manuel Trezza) [#7324](https://github.com/parse-community/parse-server/pull/7324)
|
||||
|
||||
### Notable Changes
|
||||
- Added Parse Server Security Check to report weak security settings (Manuel Trezza, dblythy) [#7247](https://github.com/parse-community/parse-server/issues/7247)
|
||||
- EXPERIMENTAL: Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification (Manuel Trezza) [#7128](https://github.com/parse-community/parse-server/pull/7128)
|
||||
@@ -147,6 +150,12 @@ ___
|
||||
- Add CI check to add changelog entry (Manuel Trezza) [#7512](https://github.com/parse-community/parse-server/pull/7512)
|
||||
- Refactor: uniform issue templates across repos (Manuel Trezza) [#7528](https://github.com/parse-community/parse-server/pull/7528)
|
||||
|
||||
## 4.10.3
|
||||
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.2...4.10.3)
|
||||
|
||||
### Security Fixes
|
||||
- Validate `explain` query parameter to avoid a server crash due to MongoDB bug [NODE-3463](https://jira.mongodb.org/browse/NODE-3463) (Kartal Kaan Bozdogan) [GHSA-xqp8-w826-hh6x](https://github.com/parse-community/parse-server/security/advisories/GHSA-xqp8-w826-hh6x)
|
||||
|
||||
## 4.10.2
|
||||
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.1...4.10.2)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user