joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,419 Commits 2 Branches 18 Tags
4.10.19
Commit Graph

1327 Commits

Author SHA1 Message Date
semantic-release-bot
50a2468ffc chore(release): 4.10.19 [skip ci] 
## [4.10.19](https://github.com/parse-community/parse-server/compare/4.10.18...4.10.19) (2022-11-09)

### Bug Fixes

* Parse Server option `requestKeywordDenylist` can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](https://github.com/parse-community/parse-server/security/advisories/GHSA-xprv-wvh7-qqqx) ([#8301](https://github.com/parse-community/parse-server/issues/8301)) ([0a2d412](0a2d412e26))
 2022-11-09 19:14:08 +00:00
semantic-release-bot
35346525e8 chore(release): 4.10.18 [skip ci] 
## [4.10.18](https://github.com/parse-community/parse-server/compare/4.10.17...4.10.18) (2022-11-07)

### Bug Fixes

* Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg) ([#8296](https://github.com/parse-community/parse-server/issues/8296)) ([47cfeee](47cfeee0ce))
 2022-11-07 22:24:24 +00:00
semantic-release-bot
041e60487c chore(release): 4.10.17 [skip ci] 
## [4.10.17](https://github.com/parse-community/parse-server/compare/4.10.16...4.10.17) (2022-10-15)

### Bug Fixes

* server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3)) ([#8236](https://github.com/parse-community/parse-server/issues/8236)) ([3d7a61e](3d7a61ecd5))
 2022-10-15 00:25:57 +00:00
semantic-release-bot
f03bf00e5f chore(release): 4.10.16 [skip ci] 
## [4.10.16](https://github.com/parse-community/parse-server/compare/4.10.15...4.10.16) (2022-09-20)

### Bug Fixes

* authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22)) ([#8186](https://github.com/parse-community/parse-server/issues/8186)) ([b3e7939](b3e7939f6b))
 2022-09-20 20:56:54 +00:00
semantic-release-bot
9d502269c5 chore(release): 4.10.15 [skip ci] 
## [4.10.15](https://github.com/parse-community/parse-server/compare/4.10.14...4.10.15) (2022-09-20)

### Bug Fixes

* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) ([#8183](https://github.com/parse-community/parse-server/issues/8183)) ([7ca9ed0](7ca9ed0142))
 2022-09-20 00:33:55 +00:00
semantic-release-bot
e29f7c0431 chore(release): 4.10.14 [skip ci] 
## [4.10.14](https://github.com/parse-community/parse-server/compare/4.10.13...4.10.14) (2022-09-02)

### Bug Fixes

* brute force guessing of user sensitive data via search patterns; this fixes a security vulnerability in which internal and protected fields may be used as query constraints to guess the value of these fields and obtain sensitive data (GHSA-2m6g-crv8-p3c6) ([#8143](https://github.com/parse-community/parse-server/issues/8143)) ([634c44a](634c44acd1))
 2022-09-02 19:28:55 +00:00
semantic-release-bot
4748e9bbd3 chore(release): 4.10.13 [skip ci] 
## [4.10.13](https://github.com/parse-community/parse-server/compare/4.10.12...4.10.13) (2022-06-30)

### Bug Fixes

* protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields ([GHSA-crrq-vr9j-fxxh](https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh)) ([#8074](https://github.com/parse-community/parse-server/issues/8074)) ([054f3e6](054f3e6ab0))
 2022-06-30 10:38:27 +00:00
semantic-release-bot
6286d2e34f chore(release): 4.10.12 [skip ci] 
## [4.10.12](https://github.com/parse-community/parse-server/compare/4.10.11...4.10.12) (2022-06-17)

### Bug Fixes

* invalid file request not properly handled; this fixes a security vulnerability in which an invalid file request can crash the server ([GHSA-xw6g-jjvf-wwf9](https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9)) ([#8059](https://github.com/parse-community/parse-server/issues/8059)) ([5f42322](5f423224bd))
 2022-06-17 23:43:36 +00:00
semantic-release-bot
ad680bd312 chore(release): 4.10.11 [skip ci] 
## [4.10.11](https://github.com/parse-community/parse-server/compare/4.10.10...4.10.11) (2022-06-17)

### Bug Fixes

* certificate in Apple Game Center auth adapter not validated; this fixes a security vulnerability in which authentication could be bypassed using a fake certificate; if you are using the Apple Gamer Center auth adapter it is your responsibility to keep its root certificate up-to-date and we advice you read the security advisory ([GHSA-rh9j-f5f8-rvgc](https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc)) ([145838d](145838d2d9))
 2022-06-17 16:38:16 +00:00
semantic-release-bot
b00b0410e6 chore(release): 4.10.10 [skip ci] 
## [4.10.10](https://github.com/parse-community/parse-server/compare/4.10.9...4.10.10) (2022-05-01)

### Bug Fixes

* authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter (GHSA-qf8x-vqjv-92gr) ([#7963](https://github.com/parse-community/parse-server/issues/7963)) ([1930a64](1930a64e9c))
 2022-05-01 00:48:05 +00:00
semantic-release-bot
cd354b77a6 chore(release): 4.10.9 [skip ci] 
## [4.10.9](https://github.com/parse-community/parse-server/compare/4.10.8...4.10.9) (2022-03-28)

### Bug Fixes

* security upgrade @parse/push-adapter from 3.4.1 to 4.1.2 ([#7897](https://github.com/parse-community/parse-server/issues/7897)) ([3d80ee5](3d80ee5ec3))
 2022-03-28 02:57:17 +00:00
Snyk bot
3d80ee5ec3 fix: security upgrade @parse/push-adapter from 3.4.1 to 4.1.2 (#7897) 2022-03-28 04:56:02 +02:00
semantic-release-bot
bf88869578 chore(release): 4.10.8 [skip ci] 
## [4.10.8](https://github.com/parse-community/parse-server/compare/4.10.7...4.10.8) (2022-03-24)

### Bug Fixes

* sensitive keyword detection may produce false positives ([#7883](https://github.com/parse-community/parse-server/issues/7883)) ([d347613](d34761369e))
 2022-03-24 01:50:33 +00:00
semantic-release-bot
7c844772ea chore(release): 4.10.7 [skip ci] 
## [4.10.7](https://github.com/parse-community/parse-server/compare/4.10.6...4.10.7) (2022-03-11)

### Bug Fixes

* security vulnerability that allows remote code execution (ghsa p6h4 93qp jhcm) ([#7841](https://github.com/parse-community/parse-server/issues/7841)) ([886bfd7](886bfd7cac))
 2022-03-11 23:20:36 +00:00
semantic-release-bot
cd41626625 chore(release): 4.10.6 [skip ci] 
## [4.10.6](https://github.com/parse-community/parse-server/compare/4.10.5...4.10.6) (2022-02-12)

### Bug Fixes

* update graphql dependencies to work with Parse Dashboard ([#7658](https://github.com/parse-community/parse-server/issues/7658)) ([350ecde](350ecdee59))
 2022-02-12 16:08:06 +00:00
Frans Bouwmeester
350ecdee59 fix: update graphql dependencies to work with Parse Dashboard (#7658) 2022-02-12 17:07:04 +01:00
semantic-release-bot
b465f7bade chore(release): 4.10.5 [skip ci] 
## [4.10.5](https://github.com/parse-community/parse-server/compare/4.10.4...4.10.5) (2022-02-12)

### Bug Fixes

* security upgrade follow-redirects from 1.13.0 to 1.14.8 ([#7803](https://github.com/parse-community/parse-server/issues/7803)) ([611332e](611332ea33))
 2022-02-12 15:42:56 +00:00
Snyk bot
611332ea33 fix: security upgrade follow-redirects from 1.13.0 to 1.14.8 (#7803) 2022-02-12 16:31:29 +01:00
Manuel
adf7d928de ci: add release automation (#7807) 2022-02-12 16:14:28 +01:00
Frans Bouwmeester
065facdc53 test: fix failing tests on 4.x LTS branch (#7661) 2021-10-30 19:19:54 +02:00
dblythy
4ac4b7f710 Merge pull request from GHSA-7pr3-p5fm-8r9x
Some checks failed
docker / build (push) Has been cancelled
Details 
* fix: LQ deletes session token

* add 4.10.4

* add changes
 2021-09-30 04:52:12 +02:00
Manuel
c71ae7d478 chore(release): 4.10.3 (#7538) 2021-09-02 13:01:27 +02:00
Manuel
0bfa6b7cc1 Release 4.10.2 (#7513) 
* move graphql-tag from devDependencies to dependencies (#7183)

* bump version

* Update CHANGELOG.md
 2021-08-24 00:46:39 +02:00
Manuel
0be0b87b2d bump version 2021-08-23 13:57:55 +02:00
Manuel
f3133acf21 Release 4.10.1 (#7508) 
* bump parse 3.3.0

* Update CHANGELOG.md

* update user test (PR #7464)

* fix Twitter API oauth Error (PR #7370)

* bumped dependencies

* Revert "bumped dependencies"

This reverts commit 97ad83dd15eee379d9b258f02ac14e4950415835.

* bump @parse/push-adapter 3.4.1

* bump jwks-rsa@1.12.3

* bump mongodb@3.6.11

* bump ws@7.5.3

* changed logging for circular obj (PR #7457)

* Update CHANGELOG.md
 2021-08-23 13:53:33 +02:00
Manuel
0e3cae5c67 audit fix 2021-08-20 19:24:01 +02:00
Manuel
f0d5232443 bumped version 2021-08-20 19:20:04 +02:00
Manuel
3c42584f59 4.5.2 2021-08-18 22:54:51 +02:00
Manuel
3a5c38d2e4 revert to version 4.5.0 for testing 2021-08-18 22:49:06 +02:00
Manuel
1306da7454 Merge pull request from GHSA-23r4-5mxp-c7g5 2021-08-18 22:24:29 +02:00
Antonio Davi Macedo Coelho de Castro
3c00bcd791 Release 4.5.0 (#7070) 
* Release 4.5.0

* Update CHANGELOG.md

Co-authored-by: Tom Fox <13188249+TomWFox@users.noreply.github.com>

* Improve braking change note

* Create a breaking changes sub-section

* Add release action

Co-authored-by: Tom Fox <13188249+TomWFox@users.noreply.github.com>
 2020-12-14 19:29:06 -08:00
Diamond Lewis
033a0bd443 Fix Prettier (#7066) 2020-12-13 11:19:04 -06:00
Antonio Davi Macedo Coelho de Castro
d4948572a8 Update parse to 2.19.0 (#7060) 2020-12-11 12:40:32 -08:00
Snyk bot
d20b03c7e6 [Snyk] Upgrade mongodb from 3.6.2 to 3.6.3 (#7026) 
* fix: upgrade mongodb from 3.6.2 to 3.6.3

Snyk has created this PR to upgrade mongodb from 3.6.2 to 3.6.3.

See this package in npm:
https://www.npmjs.com/package/mongodb

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr

* Bump mongo to 4.4.0

* fix tests

* disable fast fail

* fix fail fast

* revert changes

* await tests and wait for replication

Co-authored-by: Diamond Lewis <findlewis@gmail.com>
 2020-12-10 10:02:26 -08:00
Snyk bot
4267e9bd5b fix: upgrade ldapjs from 2.2.1 to 2.2.2 (#7056) 
Snyk has created this PR to upgrade ldapjs from 2.2.1 to 2.2.2.

See this package in npm:
https://www.npmjs.com/package/ldapjs

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
 2020-12-09 19:46:11 -08:00
Antoine Cormouls
b398894341 Remove viewer from logout (#7029) 2020-12-07 15:45:51 -08:00
Snyk bot
de9c7dc12e fix: upgrade ldapjs from 2.2.0 to 2.2.1 (#7045) 
Snyk has created this PR to upgrade ldapjs from 2.2.0 to 2.2.1.

See this package in npm:
https://www.npmjs.com/package/ldapjs

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
 2020-12-04 21:35:47 -06:00
Corey
094e08914c Update pg-promise to fix ssl issue (#7041) 
* Update pg-promise to fix ssl issue

* fix correctly

* fix merge conflict
 2020-12-03 16:06:53 -06:00
Snyk bot
4ab44c7088 fix: upgrade ws from 7.3.1 to 7.4.0 (#7032) 
Snyk has created this PR to upgrade ws from 7.3.1 to 7.4.0.

See this package in npm:
https://www.npmjs.com/package/ws

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr

Co-authored-by: Diamond Lewis <findlewis@gmail.com>
 2020-12-03 09:13:10 -08:00
Snyk bot
041bdf5e0c fix: upgrade parse from 2.17.0 to 2.18.0 (#7034) 
Snyk has created this PR to upgrade parse from 2.17.0 to 2.18.0.

See this package in npm:
https://www.npmjs.com/package/parse

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr

Co-authored-by: Diamond Lewis <findlewis@gmail.com>
 2020-12-03 10:59:28 -06:00
Snyk bot
4dee0bc61e fix: upgrade pg-promise from 10.7.1 to 10.7.3 (#7024) 
Snyk has created this PR to upgrade pg-promise from 10.7.1 to 10.7.3.

See this package in npm:
https://www.npmjs.com/package/pg-promise

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
 2020-11-25 14:08:09 -08:00
Snyk bot
d4f405d972 fix: upgrade apollo-server-express from 2.18.2 to 2.19.0 (#7019) 
Snyk has created this PR to upgrade apollo-server-express from 2.18.2 to 2.19.0.

See this package in npm:
https://www.npmjs.com/package/apollo-server-express

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
 2020-11-23 00:54:00 -08:00
Snyk bot
ccb045b68c fix: upgrade @graphql-tools/links from 6.2.4 to 6.2.5 (#7007) 
Snyk has created this PR to upgrade @graphql-tools/links from 6.2.4 to 6.2.5.

See this package in npm:
https://www.npmjs.com/package/@graphql-tools/links

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
 2020-11-17 01:19:06 -08:00
Snyk bot
6207758d21 fix: upgrade pg-promise from 10.7.0 to 10.7.1 (#7009) 
Snyk has created this PR to upgrade pg-promise from 10.7.0 to 10.7.1.

See this package in npm:
https://www.npmjs.com/package/pg-promise

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
 2020-11-16 22:02:34 -08:00
Snyk bot
78b693bfe6 fix: upgrade jwks-rsa from 1.10.1 to 1.11.0 (#7008) 
Snyk has created this PR to upgrade jwks-rsa from 1.10.1 to 1.11.0.

See this package in npm:
https://www.npmjs.com/package/jwks-rsa

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
 2020-11-16 21:56:08 -08:00
Snyk bot
b71e4851a6 fix: upgrade graphql from 15.3.0 to 15.4.0 (#7011) 
Snyk has created this PR to upgrade graphql from 15.3.0 to 15.4.0.

See this package in npm:
https://www.npmjs.com/package/graphql

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
 2020-11-16 21:22:17 -08:00
Antonio Davi Macedo Coelho de Castro
c9832023c4 Release 4.4.0 (#6985) 2020-11-02 08:01:26 -08:00
Snyk bot
5f261cc49f fix: upgrade pg-promise from 10.6.2 to 10.7.0 (#6979) 
Snyk has created this PR to upgrade pg-promise from 10.6.2 to 10.7.0.

See this package in npm:
https://www.npmjs.com/package/pg-promise

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
 2020-10-29 14:48:41 -07:00
Snyk bot
0031c5dc99 fix: upgrade apollo-server-express from 2.18.1 to 2.18.2 (#6976) 
Snyk has created this PR to upgrade apollo-server-express from 2.18.1 to 2.18.2.

See this package in npm:
https://www.npmjs.com/package/apollo-server-express

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr
 2020-10-27 10:01:09 -07:00
Antonio Davi Macedo Coelho de Castro
d77e8c875d Upgrade @parse/fs-files-adapter to 1.2.0 (#6974) 2020-10-27 03:11:57 -05:00