chore(release): 5.5.0 [skip ci]

Public Access

# [5.5.0](https://github.com/parse-community/parse-server/compare/5.4.3...5.5.0) (2023-05-20)

### Features

* Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; this fix is released as a patch version given the severity of this vulnerability, however, if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` ([#8537](https://github.com/parse-community/parse-server/issues/8537)) ([196e05f](196e05f047))

This commit is contained in:

semantic-release-bot

2023-05-20 23:22:06 +00:00

parent 196e05f047

commit ac90cb8c35

3 changed files with 9 additions and 2 deletions

									
										2

package-lock.json
									
										generated
									
												View File
												
				@@ -1,6 +1,6 @@

				{

				  "name": "parse-server",

				  "version": "5.4.3",

				  "version": "5.5.0",

				  "lockfileVersion": 1,

				  "requires": true,

				  "dependencies": {

chore(release): 5.5.0 [skip ci]

2 package-lock.json generated Unescape Escape View File

2

package-lock.json generated

View File