fix: Authentication provider credentials are usable across Parse Server apps; fixes security vulnerability [GHSA-837q-jhwx-cmpv](https://github.com/parse-community/parse-server/security/advisories/GHSA-837q-jhwx-cmpv) (#9667)

2025-03-21 10:49:09 +01:00
parent c56b2c49b2
commit 5ef0440c8e
59 changed files with 5987 additions and 1680 deletions
--- a/src/Options/Definitions.js
+++ b/src/Options/Definitions.js
@@ -233,6 +233,13 @@ module.exports.ParseServerOptions = {
    action: parsers.booleanParser,
    default: false,
  },
+  enableInsecureAuthAdapters: {
+    env: 'PARSE_SERVER_ENABLE_INSECURE_AUTH_ADAPTERS',
+    help:
+      'Enable (or disable) insecure auth adapters, defaults to true. Insecure auth adapters are deprecated and it is recommended to disable them.',
+    action: parsers.booleanParser,
+    default: true,
+  },
  encodeParseObjectInCloudFunction: {
    env: 'PARSE_SERVER_ENCODE_PARSE_OBJECT_IN_CLOUD_FUNCTION',
    help: