joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,047 Commits 2 Branches 18 Tags
a2d3dbe972e2e02ac599bfffe1ae6cd9768b02ca
Commit Graph

1765 Commits

Author SHA1 Message Date
Antoine Cormouls
e90a5183ec refactor: replace deprecated LRU cache methods (#8266) 2022-11-01 21:33:14 +01:00
dblythy
9f111158ed feat: add convenience access to Parse Server configuration in Cloud Code via Parse.Server (#8244) 2022-10-29 19:03:31 +02:00
dblythy
28f0d26677 fix: relation constraints in compound queries Parse.Query.or, Parse.Query.and not working (#8203) 2022-10-24 12:45:17 +02:00
Manuel
c03908f74e fix: server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3)) [skip release] (#8238) 2022-10-15 01:06:45 +02:00
Diamond Lewis
0f763da17d feat: liveQuery support for unsorted distance queries (#8221) 2022-10-12 00:27:29 +02:00
dblythy
2a82d19dbd refactor: code style fixes with prettier and lint (#8208) 2022-10-03 13:55:05 +02:00
vzukanov
0388956808 feat: add option to change the default value of the Parse.Query.limit() constraint (#8152) 2022-09-30 00:38:57 +02:00
Manuel
8c8ec71573 fix: authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration appIds is set as a string (e.g. abc) instead of an array of strings (e.g. ["abc"]) ([GHSA-r657-33vp-gp22](https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22)) [skip release] (#8187) 2022-09-20 23:05:44 +02:00
Manuel
37fed3062c fix: session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) [skip release] (#8180) 2022-09-20 02:23:49 +02:00
dblythy
df12ba3ba2 docs: regenerate API docs (#8179) 2022-09-19 12:40:15 +02:00
dblythy
a5ba5da36d docs: describe additional database options (#8173) 2022-09-18 18:44:31 +02:00
dblythy
3b775a1fb8 fix: sorting by non-existing value throws INVALID_SERVER_ERROR on Postgres (#8157) 2022-09-17 20:41:45 +02:00
dblythy
37af1d78fc fix: updating object includes unchanged keys in client response for certain key types (#8159) 2022-09-17 18:20:50 +02:00
dblythy
e424137406 fix: query aggregation pipeline cannot handle value of type Date when directAccess: true (#8167) 2022-09-17 16:19:28 +02:00
Stew
1d9605bc93 fix: liveQuery with containedIn not working when object field is an array (#8128) 2022-09-17 13:59:45 +02:00
dblythy
3c75c2ba48 fix: push notifications badge doesn't update with Installation beforeSave trigger (#8162) 2022-09-16 21:43:03 +02:00
Manuel
4c0c7c77b7 fix: brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) (#8146) [skip release] 2022-09-02 21:43:31 +02:00
Antoine Cormouls
c16f529f74 fix: internal indices for classes _Idempotency and _Role are not protected in defined schema (#8121) 2022-08-05 11:25:02 +02:00
Jong Eun Lee
7f5a15d5df fix: graphQL query ignores condition equalTo with value false (#8032) 2022-07-03 12:13:10 +02:00
Manuel
9fd4516cde fix: protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] (#8076) 2022-06-30 13:01:40 +02:00
Manuel
4c9e95674a fix: invalid file request not properly handled [skip release] (#8062) 2022-06-18 02:38:04 +02:00
Manuel
75af9a26cc fix: certificate in Apple Game Center auth adapter not validated [skip release] (#8058) 2022-06-17 20:22:35 +02:00
Antoine Cormouls
0d818879c2 fix: errors in GraphQL do not show the original error but a general Unexpected Error (#8045) 2022-06-17 13:40:31 +02:00
Layne Bernardo
03caae1e61 fix: websocket connection of LiveQuery interrupts frequently (#8048) 2022-06-17 13:20:48 +02:00
Antoine Cormouls
72fac8a5fc refactor: lru-cache maxAge to ttl (#8039) 2022-06-13 15:29:50 +02:00
dblythy
199dfc1722 fix: live query role cache does not clear when a user is added to a role (#8026) 2022-06-11 10:21:55 +02:00
Antoine Cormouls
0cd902b8c2 refactor: upgrade GraphQL dependencies (#7970) 2022-06-10 14:01:45 +02:00
Javad
2d5221e480 fix: interrupted WebSocket connection not closed by LiveQuery server (#8012) 2022-06-05 16:01:48 +02:00
dblythy
c6dcad8d16 feat: align file trigger syntax with class trigger; use the new syntax Parse.Cloud.beforeSave(Parse.File, (request) => {}), the old syntax Parse.Cloud.beforeSaveFile((request) => {}) has been deprecated (#7966) 2022-05-29 20:48:55 +02:00
dblythy
c1e808f9e8 feat: selectively enable / disable default authentication adapters (#7953) 2022-05-29 01:50:43 +02:00
dblythy
47d796ea58 fix: afterSave trigger removes pointer in Parse object (#7913) 2022-05-20 10:47:38 +02:00
Antoine Cormouls
1aa2204aeb feat: replace GraphQL Apollo with GraphQL Yoga (#7967) 2022-05-18 19:55:43 +02:00
dblythy
38ed96ace5 fix: depreciate allowClientClassCreation defaulting to true (#7925) 2022-05-07 21:08:59 +02:00
Antoine Cormouls
68b15c298e refactor: replace internal GraphQL array classes to object style (#7788) 2022-05-06 02:09:09 +02:00
dblythy
3fb6b2b4ab ci: fix flaky tests for Apple Game Center authentication (#7958) 2022-05-01 04:26:08 +02:00
dblythy
b1e5565b22 fix: custom database options are not passed to MongoDB GridFS (#7911) 2022-05-01 04:21:40 +02:00
Antoine Cormouls
a169663304 refactor: add missing schema definitions (#7917) 2022-05-01 04:21:33 +02:00
dblythy
041197fb4c perf: reduce database operations when using the constant parameter in Cloud Function validation (#7892) 2022-05-01 04:17:14 +02:00
dblythy
19900fcdf8 fix: return correct response when revert is used in beforeSave (#7839) 2022-05-01 02:39:56 +02:00
Manuel
af4a0417a9 fix: authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter (GHSA-qf8x-vqjv-92gr) (#7962) 2022-05-01 02:28:16 +02:00
Manuel
0d6f9e951d fix: sensitive keyword detection may produce false positives (#7881) 2022-03-24 02:54:07 +01:00
dblythy
443a509905 feat: improved LiveQuery error logging with additional information (#7837) 2022-03-23 02:11:39 +01:00
Manuel Trezza
1593575a87 build: release 2022-03-18 15:17:12 +01:00
Manuel
0c1b75fcbe Merge branch 'beta' into build-release-beta-19837863611 2022-03-15 00:56:54 +01:00
Manuel
e569f402b1 fix: security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7844) 2022-03-12 14:47:23 +01:00
Manuel
971adb5438 fix: security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7843) 2022-03-12 13:49:57 +01:00
Antoine Cormouls
f88aa2a62a feat: upgrade to MongoDB Node.js driver 4.x for MongoDB 5.0 support (#7794) 
BREAKING CHANGE: The MongoDB GridStore adapter has been removed. By default, Parse Server already uses GridFS, so if you do not manually use the GridStore adapter, you can ignore this change.
 2022-02-06 18:30:36 +01:00
yog27ray
315290d161 feat: add Cloud Code context to ParseObject.fetch (#7779) 2022-01-25 12:40:22 +01:00
Manuel
3b92fa1ca9 fix: schema cache not cleared in some cases (#7771) 2022-01-13 03:04:49 +01:00
ThornWu
5af6e5dfaa fix: schema cache not cleared in some cases (#7678) 2022-01-13 02:03:33 +01:00