joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,894 Commits 2 Branches 18 Tags
4c1befabf2e40bf3cf41b8b3db257435684f7a62
Commit Graph

3894 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Manuel
4c1befabf2 fix: server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3)) [skip release] (#8237) 2022-10-15 00:54:08 +02:00
Manuel
1a2b1b9bc1 fix: authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration appIds is set as a string (e.g. abc) instead of an array of strings (e.g. ["abc"]) ([GHSA-r657-33vp-gp22](https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22)) [skip release] (#8188) 2022-09-20 23:03:21 +02:00
Manuel
83cdc89be9 fix: session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) [skip release] (#8181) 2022-09-20 02:36:54 +02:00
Manuel
f0db4ca4a4 fix: brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) (#8145) [skip release] 2022-09-02 21:43:09 +02:00
Manuel
636d16e0f9 fix: protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] (#8075) 2022-06-30 12:53:31 +02:00
Manuel
1a04a347cf fix: invalid file request not properly handled [skip release] (#8061) 2022-06-18 02:15:08 +02:00
Manuel
4c2aa63fd2 fix: certificate in Apple Game Center auth adapter not validated [skip release] (#8055) 2022-06-17 19:32:30 +02:00
semantic-release-bot
ed7a25d5be chore(release): 5.3.0-beta.1 [skip ci] 
# [5.3.0-beta.1](https://github.com/parse-community/parse-server/compare/5.2.1...5.3.0-beta.1) (2022-06-17)

### Bug Fixes

* afterSave trigger removes pointer in Parse object ([#7913](https://github.com/parse-community/parse-server/issues/7913)) ([47d796e](47d796ea58))
* auto-release process may fail if optional back-merging task fails ([#8051](https://github.com/parse-community/parse-server/issues/8051)) ([cf925e7](cf925e75e8))
* custom database options are not passed to MongoDB GridFS ([#7911](https://github.com/parse-community/parse-server/issues/7911)) ([b1e5565](b1e5565b22))
* depreciate allowClientClassCreation defaulting to true ([#7925](https://github.com/parse-community/parse-server/issues/7925)) ([38ed96a](38ed96ace5))
* errors in GraphQL do not show the original error but a general `Unexpected Error` ([#8045](https://github.com/parse-community/parse-server/issues/8045)) ([0d81887](0d818879c2))
* interrupted WebSocket connection not closed by LiveQuery server ([#8012](https://github.com/parse-community/parse-server/issues/8012)) ([2d5221e](2d5221e480))
* live query role cache does not clear when a user is added to a role ([#8026](https://github.com/parse-community/parse-server/issues/8026)) ([199dfc1](199dfc1722))
* peer dependency mismatch for GraphQL dependencies ([#7934](https://github.com/parse-community/parse-server/issues/7934)) ([0a6faa8](0a6faa81fa))
* return correct response when revert is used in beforeSave ([#7839](https://github.com/parse-community/parse-server/issues/7839)) ([19900fc](19900fcdf8))
* security upgrade @parse/fs-files-adapter from 1.2.1 to 1.2.2 ([#7948](https://github.com/parse-community/parse-server/issues/7948)) ([3a70fda](3a70fda679))
* security upgrade moment from 2.29.1 to 2.29.2 ([#7931](https://github.com/parse-community/parse-server/issues/7931)) ([731c550](731c550714))
* security upgrade parse push adapter from 4.1.0 to 4.1.2 ([#7893](https://github.com/parse-community/parse-server/issues/7893)) ([93667b4](93667b4e84))
* websocket connection of LiveQuery interrupts frequently ([#8048](https://github.com/parse-community/parse-server/issues/8048)) ([03caae1](03caae1e61))

### Features

* add MongoDB 5.1 compatibility ([#7682](https://github.com/parse-community/parse-server/issues/7682)) ([022a856](022a85619d))
* add MongoDB 5.2 support ([#7894](https://github.com/parse-community/parse-server/issues/7894)) ([5bfa716](5bfa7160d9))
* add support for Node 17 and 18 ([#7896](https://github.com/parse-community/parse-server/issues/7896)) ([3e9f292](3e9f292d84))
* align file trigger syntax with class trigger; use the new syntax `Parse.Cloud.beforeSave(Parse.File, (request) => {})`, the old syntax `Parse.Cloud.beforeSaveFile((request) => {})` has been deprecated ([#7966](https://github.com/parse-community/parse-server/issues/7966)) ([c6dcad8](c6dcad8d16))
* replace GraphQL Apollo with GraphQL Yoga ([#7967](https://github.com/parse-community/parse-server/issues/7967)) ([1aa2204](1aa2204aeb))
* selectively enable / disable default authentication adapters ([#7953](https://github.com/parse-community/parse-server/issues/7953)) ([c1e808f](c1e808f9e8))
* upgrade mongodb from 4.4.1 to 4.5.0 ([#7991](https://github.com/parse-community/parse-server/issues/7991)) ([e692b5d](e692b5dd82))

### Performance Improvements

* reduce database operations when using the constant parameter in Cloud Function validation ([#7892](https://github.com/parse-community/parse-server/issues/7892)) ([041197f](041197fb4c))
 2022-06-17 12:36:46 +00:00
Manuel
b9a69381d2 build: release 2022-06-17 14:26:47 +02:00
semantic-release-bot
2235678de3 chore(release): 5.3.0-alpha.18 [skip ci] 
# [5.3.0-alpha.18](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.17...5.3.0-alpha.18) (2022-06-17)

### Bug Fixes

* auto-release process may fail if optional back-merging task fails ([#8051](https://github.com/parse-community/parse-server/issues/8051)) ([cf925e7](cf925e75e8))
 2022-06-17 12:14:50 +00:00
Manuel
cf925e75e8 fix: auto-release process may fail if optional back-merging task fails (#8051) 2022-06-17 14:02:25 +02:00
semantic-release-bot
16c7656188 chore(release): 5.3.0-alpha.17 [skip ci] 
# [5.3.0-alpha.17](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.16...5.3.0-alpha.17) (2022-06-17)

### Bug Fixes

* errors in GraphQL do not show the original error but a general `Unexpected Error` ([#8045](https://github.com/parse-community/parse-server/issues/8045)) ([0d81887](0d818879c2))
* websocket connection of LiveQuery interrupts frequently ([#8048](https://github.com/parse-community/parse-server/issues/8048)) ([03caae1](03caae1e61))
 2022-06-17 11:51:14 +00:00
Antoine Cormouls
0d818879c2 fix: errors in GraphQL do not show the original error but a general Unexpected Error (#8045) 2022-06-17 13:40:31 +02:00
Layne Bernardo
03caae1e61 fix: websocket connection of LiveQuery interrupts frequently (#8048) 2022-06-17 13:20:48 +02:00
Antoine Cormouls
72fac8a5fc refactor: lru-cache maxAge to ttl (#8039) 2022-06-13 15:29:50 +02:00
Manuel
5f7d392a06 ci: fix slow install (#8040) 2022-06-13 14:33:47 +02:00
Antonio Davi Macedo Coelho de Castro
528690b7b6 refactor: upgrade @graphql-tools/utils from 8.6.10 to 8.6.12 (#8037) 2022-06-12 14:59:18 +02:00
Antonio Davi Macedo Coelho de Castro
f67cc99948 refactor: upgrade @graphql-tools/merge from 8.2.11 to 8.2.13 (#8036) 2022-06-12 14:26:31 +02:00
Antonio Davi Macedo Coelho de Castro
61ba1b2913 refactor: upgrade @graphql-tools/schema from 8.3.11 to 8.3.13 (#8035) 2022-06-12 01:52:14 +02:00
Antonio Davi Macedo Coelho de Castro
c484094759 refactor: upgrade jwks-rsa from 2.1.2 to 2.1.3 (#8038) 2022-06-12 00:34:34 +02:00
semantic-release-bot
5de4c4723f chore(release): 5.3.0-alpha.16 [skip ci] 
# [5.3.0-alpha.16](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.15...5.3.0-alpha.16) (2022-06-11)

### Bug Fixes

* live query role cache does not clear when a user is added to a role ([#8026](https://github.com/parse-community/parse-server/issues/8026)) ([199dfc1](199dfc1722))
 2022-06-11 08:29:17 +00:00
dblythy
199dfc1722 fix: live query role cache does not clear when a user is added to a role (#8026) 2022-06-11 10:21:55 +02:00
Antoine Cormouls
0cd902b8c2 refactor: upgrade GraphQL dependencies (#7970) 2022-06-10 14:01:45 +02:00
semantic-release-bot
0dc2843503 chore(release): 5.3.0-alpha.15 [skip ci] 
# [5.3.0-alpha.15](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.14...5.3.0-alpha.15) (2022-06-05)

### Bug Fixes

* interrupted WebSocket connection not closed by LiveQuery server ([#8012](https://github.com/parse-community/parse-server/issues/8012)) ([2d5221e](2d5221e480))
 2022-06-05 14:09:29 +00:00
Javad
2d5221e480 fix: interrupted WebSocket connection not closed by LiveQuery server (#8012) 2022-06-05 16:01:48 +02:00
Diamond Lewis
468e98785f refactor: upgrade mongodb from 4.5.0 to 4.6.0 (#8022) 2022-06-04 02:41:43 +02:00
Diamond Lewis
9e506969c3 refactor: upgrade jwks-rsa from 2.1.1 to 2.1.2 (#8023) 2022-06-04 01:52:55 +02:00
Jeff Gu Kang
a2491ff036 docs: correct README following markdown rules (#8024) 2022-06-03 13:26:42 +02:00
semantic-release-bot
5e15864dc9 chore(release): 5.3.0-alpha.14 [skip ci] 
# [5.3.0-alpha.14](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.13...5.3.0-alpha.14) (2022-05-29)

### Features

* align file trigger syntax with class trigger; use the new syntax `Parse.Cloud.beforeSave(Parse.File, (request) => {})`, the old syntax `Parse.Cloud.beforeSaveFile((request) => {})` has been deprecated ([#7966](https://github.com/parse-community/parse-server/issues/7966)) ([c6dcad8](c6dcad8d16))
 2022-05-29 19:03:36 +00:00
dblythy
c6dcad8d16 feat: align file trigger syntax with class trigger; use the new syntax Parse.Cloud.beforeSave(Parse.File, (request) => {}), the old syntax Parse.Cloud.beforeSaveFile((request) => {}) has been deprecated (#7966) 2022-05-29 20:48:55 +02:00
semantic-release-bot
ac283d3cc0 chore(release): 5.3.0-alpha.13 [skip ci] 
# [5.3.0-alpha.13](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.12...5.3.0-alpha.13) (2022-05-28)

### Features

* selectively enable / disable default authentication adapters ([#7953](https://github.com/parse-community/parse-server/issues/7953)) ([c1e808f](c1e808f9e8))
 2022-05-28 23:58:04 +00:00
dblythy
c1e808f9e8 feat: selectively enable / disable default authentication adapters (#7953) 2022-05-29 01:50:43 +02:00
Diamond Lewis
88b4d9dda1 refactor: upgrade jwks-rsa from 2.1.0 to 2.1.1 (#8018) 2022-05-29 00:59:44 +02:00
Snyk bot
34a4cca240 refactor: upgrade follow-redirects from 1.14.9 to 1.15.0 (#8014) 2022-05-27 12:15:30 +02:00
Snyk bot
28901aa35f refactor: upgrade parse from 3.4.1 to 3.4.2 (#8013) 2022-05-25 10:28:36 +02:00
Snyk bot
91bb235bc7 refactor: upgrade ws from 8.5.0 to 8.6.0 (#8011) 2022-05-23 19:36:46 +02:00
Antonio Davi Macedo Coelho de Castro
51fb14be3f refactor: upgrade express from 4.18.0 to 4.18.1 (#8009) 2022-05-21 01:52:28 +02:00
semantic-release-bot
8fb9a4a8bc chore(release): 5.3.0-alpha.12 [skip ci] 
# [5.3.0-alpha.12](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.11...5.3.0-alpha.12) (2022-05-20)

### Bug Fixes

* afterSave trigger removes pointer in Parse object ([#7913](https://github.com/parse-community/parse-server/issues/7913)) ([47d796e](47d796ea58))
 2022-05-20 08:57:02 +00:00
dblythy
47d796ea58 fix: afterSave trigger removes pointer in Parse object (#7913) 2022-05-20 10:47:38 +02:00
Diamond Lewis
2e750b78cc refactor: upgrade jwks-rsa from 2.0.5 to 2.1.0 (#8007) 2022-05-20 00:42:32 +02:00
Manuel
a176de94d2 docs: add chat badge to README (#8006) 2022-05-19 15:00:38 +02:00
semantic-release-bot
0081e1c81c chore(release): 5.3.0-alpha.11 [skip ci] 
# [5.3.0-alpha.11](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.10...5.3.0-alpha.11) (2022-05-18)

### Features

* replace GraphQL Apollo with GraphQL Yoga ([#7967](https://github.com/parse-community/parse-server/issues/7967)) ([1aa2204](1aa2204aeb))
 2022-05-18 18:03:09 +00:00
Antoine Cormouls
1aa2204aeb feat: replace GraphQL Apollo with GraphQL Yoga (#7967) 2022-05-18 19:55:43 +02:00
Antonio Davi Macedo Coelho de Castro
b2ae2e1db4 refactor: upgrade express from 4.17.3 to 4.18.0 (#8003) 2022-05-17 15:32:10 +02:00
Diamond Lewis
b10182f35e refactor: upgrade winston-daily-rotate-file from 4.6.0 to 4.6.1 (#7995) 2022-05-11 11:16:07 +02:00
semantic-release-bot
2b1dc5c46a chore(release): 5.3.0-alpha.10 [skip ci] 
# [5.3.0-alpha.10](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.9...5.3.0-alpha.10) (2022-05-09)

### Features

* upgrade mongodb from 4.4.1 to 4.5.0 ([#7991](https://github.com/parse-community/parse-server/issues/7991)) ([e692b5d](e692b5dd82))
 2022-05-09 21:59:49 +00:00
Diamond Lewis
e692b5dd82 feat: upgrade mongodb from 4.4.1 to 4.5.0 (#7991) 2022-05-09 23:57:08 +02:00
Diamond Lewis
364e346548 refactor: upgrade ws from 8.2.3 to 8.5.0 (#7988) 2022-05-09 14:20:09 +02:00
dblythy
4462b39d48 docs: fix incorrect deprecation date of allowClientClassCreation option (#7992) 2022-05-09 12:28:06 +02:00
Diamond Lewis
c35d74d176 refactor: upgrade ldapjs from 2.3.1 to 2.3.2 (#7990) 2022-05-09 03:54:49 +02:00