joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,066 Commits 2 Branches 18 Tags
3074eb70f5b58bf72b528ae7b7804ed2d90455ce
Commit Graph

1453 Commits

Author SHA1 Message Date
Manuel
3074eb70f5 fix: Cross-Site Scripting (XSS) via HTML pages for password reset and email verification [GHSA-jhgf-2h8h-ggxv](https://github.com/parse-community/parse-server/security/advisories/GHSA-jhgf-2h8h-ggxv) (#9985) 2025-12-14 15:44:04 +01:00
Copilot
8eeab8dc57 feat: Add support for custom HTTP status code and headers to Cloud Function response with Express-style syntax (#9980) 2025-12-14 15:24:51 +01:00
Lucas
f18f3073d7 feat: Add option logLevels.signupUsernameTaken to change log level of username already exists sign-up rejection (#9962) 2025-12-14 01:59:56 +01:00
Manuel
22d4622230 feat: Deprecation DEPPS113: Config option enableInsecureAuthAdapters defaults to false (#9982) 
BREAKING CHANGE: This release changes the config option `enableInsecureAuthAdapters` default to `false` (Deprecation DEPPS13).
 2025-12-14 01:24:00 +01:00
Antoine Cormouls
d5e76b01db feat: Upgrade to @parse/push-adapter 8.1.0 (#9938) 2025-12-12 21:46:17 +01:00
Manuel
c1c7e6976d feat: Deprecation DEPPS12: Database option allowPublicExplain defaults to false (#9975) 
BREAKING CHANGE: This release changes the MongoDB database option `allowPublicExplain` default to `false` (Deprecation DEPPS12).
 2025-12-12 21:07:07 +01:00
Manuel
8f877d42c0 feat: Deprecation DEPPS11: Replace PublicAPIRouter with PagesRouter (#9974) 
BREAKING CHANGE: This release replaces `PublicAPIRouter` with `PagesRouter` (Deprecation DEPPS11).
 2025-12-12 20:55:39 +01:00
Manuel
a2d3dbe972 feat: Deprecation DEPPS10: Encode Parse.Object in Cloud Function and remove option encodeParseObjectInCloudFunction (#9973) 
BREAKING CHANGE: This release encodes `Parse.Object` in Cloud Function and removes option `encodeParseObjectInCloudFunction` (Deprecation DEPPS10).
 2025-12-12 20:46:35 +01:00
Lucas
fa8723b3d1 feat: Update route patterns to use path-to-regexp v8 syntax (#9942) 
BREAKING CHANGE: Route pattern syntax across cloud routes and rate-limiting now use the new path-to-regexp v8 syntax; see the [migration guide](https://github.com/parse-community/parse-server/blob/alpha/9.0.0.md) for more details.
 2025-12-12 19:36:27 +01:00
Manuel
7bb548bf81 feat: Increase required minimum MongoDB version to 7.0.16 (#9971) 
BREAKING CHANGE: This releases increases the required minimum MongoDB version to `7.0.16`.
 2025-12-12 18:51:39 +01:00
Antoine Cormouls
87c7f076eb fix: Upgrade to GraphQL Apollo Server 5 and restrict GraphQL introspection (#9888) 
BREAKING CHANGE: Upgrade to Apollo Server 5 and GraphQL express 5 integration; GraphQL introspection now requires using `masterKey` or setting `graphQLPublicIntrospection: true`.
 2025-12-12 18:35:01 +01:00
Lucas Coratger
3ca85cd4a6 feat: Add GraphQL query cloudConfig to retrieve and mutation updateCloudConfig to update Cloud Config (#9947) 2025-12-03 19:55:30 +01:00
Mattia Faraci
f6ccef1d53 chore: Add objectParser for ObjectTypeAnnotation in Parse Server options (#9912) 2025-12-03 16:10:29 +01:00
Lucas Coratger
47521974ae feat: Add Parse Server option enableSanitizedErrorResponse to remove detailed error messages from responses sent to clients (#9944) 2025-11-28 19:48:35 +01:00
Lucas Coratger
50edb5ab4b fix: Server internal error details leaking in error messages returned to clients (#9937) 2025-11-23 13:51:42 +01:00
Manuel
38c9d2e359 test: Add tests for Parse.Query.includeAll for circular and self-referencing pointers (#9936) 2025-11-23 13:16:22 +01:00
Lucas Coratger
94cee5bfaf feat: Add beforePasswordResetRequest hook (#9906) 2025-11-19 14:57:28 +01:00
Manuel
c22cb0ae58 fix: Deprecation warning logged at server launch for nested Parse Server option even if option is explicitly set (#9934) 2025-11-17 19:43:32 +01:00
Manuel
7b9fa18f96 fix: Queries with object field authData.provider.id are incorrectly transformed to _auth_data_provider.id for custom classes (#9932) 2025-11-17 17:47:39 +01:00
Antoine Cormouls
7d5e9fcf3c fix: Race condition can cause multiple Apollo server initializations under load (#9929) 2025-11-17 16:18:39 +01:00
Antoine Cormouls
dafea21eb3 perf: Parse.Query.include now fetches pointers at same level in parallel (#9861) 2025-11-17 15:42:49 +01:00
Manuel
d3d4003570 fix: GridFSBucketAdapter throws when using some Parse Server specific options in MongoDB database options (#9915) 2025-11-08 18:41:45 +01:00
Lucas Coratger
4456b02280 feat: Add Parse Server option allowPublicExplain to allow Parse.Query.explain without master key (#9890) 2025-11-08 17:02:13 +01:00
Manuel
b760733b98 feat: Add MongoDB client event logging via database option logClientEvents (#9914) 2025-11-08 15:48:29 +01:00
Manuel
cff451eabd feat: Add support for more MongoDB driver options (#9911) 2025-11-07 21:41:59 +01:00
Manuel
1b661e98c8 feat: Add support for MongoDB driver options serverSelectionTimeoutMS, maxIdleTimeMS, heartbeatFrequencyMS (#9910) 2025-11-07 20:11:12 +01:00
Daniel
460a65cf61 feat: Allow option publicServerURL to be set dynamically as asynchronous function (#9803) 2025-11-07 19:18:58 +01:00
Manuel
97763863b7 fix: Uploading a file by providing an origin URL allows for Server-Side Request Forgery (SSRF); fixes vulnerability [GHSA-x4qj-2f4q-r4rx](https://github.com/parse-community/parse-server/security/advisories/GHSA-x4qj-2f4q-r4rx) (#9903) 2025-11-05 14:39:52 +01:00
Manuel
ea91aca142 feat: Add options to skip automatic creation of internal database indexes on server start (#9897) 2025-11-01 18:22:52 +01:00
Manuel
62dd3c565a fix: Indexes _email_verify_token for email verification and _perishable_token password reset are not created automatically (#9893) 2025-11-01 13:52:23 +01:00
mavriel@gmail.com
f49efaf5bb fix: Stale data read in validation query on Parse.Object update causes inconsistency between validation read and subsequent update write operation (#9859) 2025-10-24 20:58:44 +02:00
Antoine Cormouls
eb052d8e6a fix: Error in afterSave trigger for Parse.Role due to name field (#9883) 2025-10-22 14:12:51 +02:00
Antoine Cormouls
1815b019b5 fix: Warning logged when setting option databaseOptions.disableIndexFieldValidation (#9880) 2025-10-16 09:29:02 +02:00
Antoine Cormouls
abfa94cd6d fix: Security upgrade to parse 7.0.1 (#9877) 2025-10-15 18:39:37 +02:00
Antoine Cormouls
64f104e5c5 feat: Add request context middleware for config and dependency injection in hooks (#8480) 2025-10-14 20:16:31 +02:00
EmpiDev
0b4740714c feat: Allow returning objects in Parse.Cloud.beforeFind without invoking database query (#9770) 2025-10-14 18:13:28 +02:00
Antoine Cormouls
1b2347524c feat: Disable index-field validation to create index for fields that don't yet exist (#8137) 2025-10-10 00:03:52 +02:00
Manuel
7cb962a028 feat: Add regex option u for unicode support in Parse.Query.matches for MongoDB (#9867) 2025-10-03 16:38:41 +02:00
Rahul Lanjewar
89fad468c3 feat: Add option keepUnknownIndexes to retain indexes which are not specified in schema (#9857) 2025-10-03 14:35:34 +02:00
Manuel
847a274cdb fix: MongoDB aggregation pipeline with $dateSubtract from $$NOW returns no results (#9822) 2025-07-13 02:44:08 +02:00
Manuel
c58b2eb6eb fix: Data schema exposed via GraphQL API public introspection (GHSA-48q3-prgv-gm4w) (#9819) 2025-07-10 04:25:09 +02:00
Manuel
2c29756038 refactor: Add a few lint rules to test files in /spec (#9815) 2025-07-04 20:24:08 +02:00
Rahul Lanjewar
0db3a6ff27 fix: Parse.Query.containedIn and matchesQuery do not work with nested objects (#9738) 2025-05-03 12:52:31 +02:00
Diamond Lewis
ed69e03acf ci: Fix flaky sendVerificationEmail tests (#9692) 2025-04-15 17:25:42 +01:00
Diamond Lewis
9de6999e25 perf: Add details to error message in Parse.Query.aggregate (#9689) 2025-04-07 21:54:18 +02:00
Diamond Lewis
af40af51f3 ci: Fix flaky LiveQuery tests (#9694) 2025-04-07 04:01:36 +02:00
Daniel
f49c371c13 feat: Upgrade Parse JS SDK from 6.0.0 to 6.1.0 (#9686) 2025-04-02 00:09:53 +01:00
Diamond Lewis
aed918d310 fix: Parse Server doesn't shutdown gracefully (#9634) 2025-03-27 21:38:51 +01:00
Daniel
b2beaa86ff feat: Add Cloud Code triggers Parse.Cloud.beforeFind(Parse.File)and Parse.Cloud.afterFind(Parse.File) (#8700) 2025-03-27 18:22:14 +01:00
Daniel
12b5d781dc feat: Add default ACL (#8701) 2025-03-24 15:15:27 +01:00