joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,677 Commits 2 Branches 18 Tags
8b2a71da581c50df3f6fc9cb00a974372d01f490
Commit Graph

11 Commits

Author SHA1 Message Date
Manuel
13ee52f0d1 fix: Custom object ID allows to acquire role privileges ([GHSA-8xq9-g7ch-35hg](https://github.com/parse-community/parse-server/security/advisories/GHSA-8xq9-g7ch-35hg)) (#9317) 2024-10-03 21:17:14 +02:00
Manuel
9552a4cbee ci: Fix test exclusion list in combination with other exclusions (#9277) 2024-08-13 22:13:19 +02:00
Manuel
901cff5edd test: Add test IDs (#9205) 2024-07-18 15:41:04 +02:00
Manuel
cbefe770a7 fix: Improve PostgreSQL injection detection; fixes security vulnerability [GHSA-6927-3vr9-fxf2](https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2) which affects Parse Server deployments using a Postgres database (#8961) 2024-03-01 16:52:05 +01:00
Lucas Coratger
3de8494a22 feat: Add support for MongoDB 7 (#8761) 
BREAKING CHANGE: `Parse.Query` no longer supports the BSON type `code`; although this feature was never officially documented, its removal is announced as a breaking change to protect deployments where it might be in use.
 2023-12-10 02:42:40 +01:00
Manuel
3dd99dd80e fix: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-462x-c3jw-7vr6](https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6) (#8674) 2023-06-28 22:57:25 +02:00
Manuel
60c5a73d25 fix: Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf) (#8305) 2022-11-09 21:32:02 +01:00
Manuel
6728da1e35 fix: Parse Server option requestKeywordDenylist can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](https://github.com/parse-community/parse-server/security/advisories/GHSA-xprv-wvh7-qqqx) (#8302) 2022-11-09 20:00:29 +01:00
Manuel
50eed3cffe fix: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg) (#8295) 2022-11-07 23:03:24 +01:00
Manuel
0d6f9e951d fix: sensitive keyword detection may produce false positives (#7881) 2022-03-24 02:54:07 +01:00
Manuel
971adb5438 fix: security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7843) 2022-03-12 13:49:57 +01:00