8 Commits

Author	SHA1	Message	Date
Manuel	cbefe770a7	fix: Improve PostgreSQL injection detection; fixes security vulnerability [GHSA-6927-3vr9-fxf2](https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2) which affects Parse Server deployments using a Postgres database (#8961)	2024-03-01 16:52:05 +01:00
Lucas Coratger	3de8494a22	feat: Add support for MongoDB 7 (#8761) ... BREAKING CHANGE: `Parse.Query` no longer supports the BSON type `code`; although this feature was never officially documented, its removal is announced as a breaking change to protect deployments where it might be in use.	2023-12-10 02:42:40 +01:00
Manuel	3dd99dd80e	fix: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-462x-c3jw-7vr6](https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6) (#8674)	2023-06-28 22:57:25 +02:00
Manuel	60c5a73d25	fix: Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf) (#8305)	2022-11-09 21:32:02 +01:00
Manuel	6728da1e35	fix: Parse Server option requestKeywordDenylist can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](https://github.com/parse-community/parse-server/security/advisories/GHSA-xprv-wvh7-qqqx) (#8302)	2022-11-09 20:00:29 +01:00
Manuel	50eed3cffe	fix: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg) (#8295)	2022-11-07 23:03:24 +01:00
Manuel	0d6f9e951d	fix: sensitive keyword detection may produce false positives (#7881)	2022-03-24 02:54:07 +01:00
Manuel	971adb5438	fix: security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7843)	2022-03-12 13:49:57 +01:00