joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,042 Commits 2 Branches 18 Tags
5bbf9cade9a527787fd1002072d4013ab5d8db2b
Commit Graph

1253 Commits

Author SHA1 Message Date
dblythy
5bbf9cade9 feat: Improve authentication adapter interface to support multi-factor authentication (MFA), authentication challenges, and provide a more powerful interface for writing custom authentication adapters (#8156) 2022-11-10 17:35:39 +01:00
dblythy
2546cc8572 fix: Remove Node 12 and Node 17 support (#8279) 
BREAKING CHANGE: This release removes Node 12 and Node 17 support
 2022-11-10 16:15:55 +01:00
Manuel
7cb266b207 refactor: Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf) (#8308) 2022-11-10 00:24:42 +01:00
Manuel
d27dfa3464 refactor: Parse Server option requestKeywordDenylist can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](https://github.com/parse-community/parse-server/security/advisories/GHSA-xprv-wvh7-qqqx) (#8304) 2022-11-09 20:02:05 +01:00
Manuel
42581225f1 refactor: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg) (#8297) 2022-11-07 23:17:03 +01:00
Manuel
5e9d494979 Merge branch 'beta' into build-beta 2022-10-29 21:31:22 +02:00
dblythy
9f111158ed feat: add convenience access to Parse Server configuration in Cloud Code via Parse.Server (#8244) 2022-10-29 19:03:31 +02:00
dblythy
28f0d26677 fix: relation constraints in compound queries Parse.Query.or, Parse.Query.and not working (#8203) 2022-10-24 12:45:17 +02:00
Manuel
aba0081ce1 feat: add support for MongoDB 6 (#8242) 2022-10-17 19:21:32 +02:00
dblythy
4af13af991 ci: reduce timeout after idempotency tests (#8227) 2022-10-17 01:53:10 +02:00
Manuel
c03908f74e fix: server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3)) [skip release] (#8238) 2022-10-15 01:06:45 +02:00
Manuel
4c1befabf2 fix: server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3)) [skip release] (#8237) 2022-10-15 00:54:08 +02:00
Diamond Lewis
0f763da17d feat: liveQuery support for unsorted distance queries (#8221) 2022-10-12 00:27:29 +02:00
dblythy
2a82d19dbd refactor: code style fixes with prettier and lint (#8208) 2022-10-03 13:55:05 +02:00
dblythy
eb649f226f test: fix flaky Apple Game Center tests (#8204) 2022-10-01 12:14:59 +02:00
vzukanov
0388956808 feat: add option to change the default value of the Parse.Query.limit() constraint (#8152) 2022-09-30 00:38:57 +02:00
Manuel
8c8ec71573 fix: authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration appIds is set as a string (e.g. abc) instead of an array of strings (e.g. ["abc"]) ([GHSA-r657-33vp-gp22](https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22)) [skip release] (#8187) 2022-09-20 23:05:44 +02:00
Manuel
1a2b1b9bc1 fix: authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration appIds is set as a string (e.g. abc) instead of an array of strings (e.g. ["abc"]) ([GHSA-r657-33vp-gp22](https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22)) [skip release] (#8188) 2022-09-20 23:03:21 +02:00
Manuel
83cdc89be9 fix: session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) [skip release] (#8181) 2022-09-20 02:36:54 +02:00
Manuel
37fed3062c fix: session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) [skip release] (#8180) 2022-09-20 02:23:49 +02:00
dblythy
3b775a1fb8 fix: sorting by non-existing value throws INVALID_SERVER_ERROR on Postgres (#8157) 2022-09-17 20:41:45 +02:00
dblythy
37af1d78fc fix: updating object includes unchanged keys in client response for certain key types (#8159) 2022-09-17 18:20:50 +02:00
dblythy
e424137406 fix: query aggregation pipeline cannot handle value of type Date when directAccess: true (#8167) 2022-09-17 16:19:28 +02:00
Stew
1d9605bc93 fix: liveQuery with containedIn not working when object field is an array (#8128) 2022-09-17 13:59:45 +02:00
dblythy
3c75c2ba48 fix: push notifications badge doesn't update with Installation beforeSave trigger (#8162) 2022-09-16 21:43:03 +02:00
dblythy
c85bc016e2 ci: fix flaky Apple Game Center tests (#8163) 2022-09-14 16:33:55 +02:00
Snyk bot
149884fe3e refactor: upgrade mongodb from 4.6.0 to 4.7.0 (#8083) 2022-09-03 11:22:42 +02:00
Manuel
4c0c7c77b7 fix: brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) (#8146) [skip release] 2022-09-02 21:43:31 +02:00
Manuel
f0db4ca4a4 fix: brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) (#8145) [skip release] 2022-09-02 21:43:09 +02:00
Antoine Cormouls
c16f529f74 fix: internal indices for classes _Idempotency and _Role are not protected in defined schema (#8121) 2022-08-05 11:25:02 +02:00
Jong Eun Lee
7f5a15d5df fix: graphQL query ignores condition equalTo with value false (#8032) 2022-07-03 12:13:10 +02:00
Manuel
9fd4516cde fix: protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] (#8076) 2022-06-30 13:01:40 +02:00
Manuel
636d16e0f9 fix: protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] (#8075) 2022-06-30 12:53:31 +02:00
Manuel
4c9e95674a fix: invalid file request not properly handled [skip release] (#8062) 2022-06-18 02:38:04 +02:00
Manuel
1a04a347cf fix: invalid file request not properly handled [skip release] (#8061) 2022-06-18 02:15:08 +02:00
Manuel
75af9a26cc fix: certificate in Apple Game Center auth adapter not validated [skip release] (#8058) 2022-06-17 20:22:35 +02:00
Manuel
4c2aa63fd2 fix: certificate in Apple Game Center auth adapter not validated [skip release] (#8055) 2022-06-17 19:32:30 +02:00
Antoine Cormouls
0d818879c2 fix: errors in GraphQL do not show the original error but a general Unexpected Error (#8045) 2022-06-17 13:40:31 +02:00
Layne Bernardo
03caae1e61 fix: websocket connection of LiveQuery interrupts frequently (#8048) 2022-06-17 13:20:48 +02:00
dblythy
199dfc1722 fix: live query role cache does not clear when a user is added to a role (#8026) 2022-06-11 10:21:55 +02:00
Antoine Cormouls
0cd902b8c2 refactor: upgrade GraphQL dependencies (#7970) 2022-06-10 14:01:45 +02:00
Javad
2d5221e480 fix: interrupted WebSocket connection not closed by LiveQuery server (#8012) 2022-06-05 16:01:48 +02:00
dblythy
c6dcad8d16 feat: align file trigger syntax with class trigger; use the new syntax Parse.Cloud.beforeSave(Parse.File, (request) => {}), the old syntax Parse.Cloud.beforeSaveFile((request) => {}) has been deprecated (#7966) 2022-05-29 20:48:55 +02:00
dblythy
c1e808f9e8 feat: selectively enable / disable default authentication adapters (#7953) 2022-05-29 01:50:43 +02:00
dblythy
47d796ea58 fix: afterSave trigger removes pointer in Parse object (#7913) 2022-05-20 10:47:38 +02:00
Antoine Cormouls
1aa2204aeb feat: replace GraphQL Apollo with GraphQL Yoga (#7967) 2022-05-18 19:55:43 +02:00
Antoine Cormouls
330286d22b ci: fix Node version specific tests not running properly in local environment (#7984) 2022-05-08 13:36:58 +02:00
Manuel
d691591630 test: enable GraphQL file upload tests (#7980) 2022-05-06 22:31:30 +02:00
Manuel
3e9f292d84 feat: add support for Node 17 and 18 (#7896) 2022-05-06 19:12:19 +02:00
Antoine Cormouls
68b15c298e refactor: replace internal GraphQL array classes to object style (#7788) 2022-05-06 02:09:09 +02:00