joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix changelog skip 4.5.1

Browse Source
This commit is contained in:
Manuel
2021-08-18 23:03:09 +02:00
parent 3c42584f59
commit a3483d82c8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -4,7 +4,7 @@
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.2...master)
### 4.5.2
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.1...4.5.2)
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.0...4.5.2)
### Security Fixes
- SECURITY FIX: Fixes incorrect session property `authProvider: password` of anonymous users. When signing up an anonymous user, the session field `createdWith` indicates incorrectly that the session has been created using username and password with `authProvider: password`, instead of an anonymous sign-up with `authProvider: anonymous`. This fixes the issue by setting the correct `authProvider: anonymous` for future sign-ups of anonymous users. This fix does not fix incorrect `authProvider: password` for existing sessions of anonymous users. Consider this if your app logic depends on the `authProvider` field. (Corey Baker) [GHSA-23r4-5mxp-c7g5](https://github.com/parse-community/parse-server/security/advisories/GHSA-23r4-5mxp-c7g5)