joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 83cdc89be9 fix: session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) [skip release] (#8181) Manuel 2022-09-20 02:36:54 +02:00
  • 9d502269c5 chore(release): 4.10.15 [skip ci] 4.10.15 semantic-release-bot 2022-09-20 00:33:55 +00:00
  • 7aac70cca6 chore(release): 5.2.6 [skip ci] 5.2.6 semantic-release-bot 2022-09-20 00:27:18 +00:00
  • 37fed3062c fix: session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) [skip release] (#8180) Manuel 2022-09-20 02:23:49 +02:00
  • 7ca9ed0142 fix: session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) (#8183) Manuel 2022-09-20 02:19:43 +02:00
  • 6d0b2f5346 fix: session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) (#8182) Manuel 2022-09-20 02:18:07 +02:00
  • 004faf41e4 refactor: upgrade @graphql-tools/merge from 8.3.3 to 8.3.4 (#8175) Snyk bot 2022-09-19 23:07:14 +03:00
  • bf7d5ba605 refactor: upgrade @graphql-tools/schema from 9.0.1 to 9.0.2 (#8176) Snyk bot 2022-09-19 21:07:26 +03:00
  • 6fb4d68f4c refactor: upgrade pg-promise from 10.11.1 to 10.12.0 (#8178) Snyk bot 2022-09-19 17:35:20 +03:00
  • 9fe16738b6 refactor: upgrade @graphql-tools/utils from 8.10.0 to 8.10.1 (#8177) Snyk bot 2022-09-19 16:45:00 +03:00
  • df12ba3ba2 docs: regenerate API docs (#8179) dblythy 2022-09-19 20:40:15 +10:00
  • a5ba5da36d docs: describe additional database options (#8173) dblythy 2022-09-19 02:44:31 +10:00
  • b2fe087a02 chore(release): 5.3.0-alpha.26 [skip ci] 5.3.0-alpha.26 semantic-release-bot 2022-09-17 18:49:17 +00:00
  • 3b775a1fb8 fix: sorting by non-existing value throws INVALID_SERVER_ERROR on Postgres (#8157) dblythy 2022-09-18 04:41:45 +10:00
  • 73e1763a63 chore(release): 5.3.0-alpha.25 [skip ci] 5.3.0-alpha.25 semantic-release-bot 2022-09-17 16:30:24 +00:00
  • 37af1d78fc fix: updating object includes unchanged keys in client response for certain key types (#8159) dblythy 2022-09-18 02:20:50 +10:00
  • 41e44302b4 chore(release): 5.3.0-alpha.24 [skip ci] 5.3.0-alpha.24 semantic-release-bot 2022-09-17 14:26:53 +00:00
  • e424137406 fix: query aggregation pipeline cannot handle value of type Date when directAccess: true (#8167) dblythy 2022-09-18 00:19:28 +10:00
  • cec3071170 chore(release): 5.3.0-alpha.23 [skip ci] 5.3.0-alpha.23 semantic-release-bot 2022-09-17 12:10:06 +00:00
  • 1d9605bc93 fix: liveQuery with containedIn not working when object field is an array (#8128) Stew 2022-09-17 08:59:45 -03:00
  • 4a45cc467c chore(release): 5.3.0-alpha.22 [skip ci] 5.3.0-alpha.22 semantic-release-bot 2022-09-16 19:50:56 +00:00
  • 3c75c2ba48 fix: push notifications badge doesn't update with Installation beforeSave trigger (#8162) dblythy 2022-09-17 05:43:03 +10:00
  • 5250c07a1c refactor: bump jose from 2.0.5 to 2.0.6 (#8171) dependabot[bot] 2022-09-16 21:03:05 +02:00
  • 1109d0ca23 docs: fix link of official parse email adapter Manuel 2022-09-16 11:35:41 +02:00
  • 9cd4a35120 ci: add code scanning (#8169) Manuel 2022-09-14 23:38:37 +02:00
  • c85bc016e2 ci: fix flaky Apple Game Center tests (#8163) dblythy 2022-09-15 00:33:55 +10:00
  • 7c32bfe95f refactor: upgrade mongodb from 4.8.1 to 4.9.0 (#8158) Parse Platform 2022-09-10 10:55:03 +02:00
  • 07acecdc77 refactor: upgrade winston from 3.8.0 to 3.8.1 (#8155) Snyk bot 2022-09-09 01:20:44 +02:00
  • dfe9168512 refactor: upgrade graphql from 16.5.0 to 16.6.0 (#8154) Parse Platform 2022-09-08 17:32:39 +02:00
  • 780ee0203a refactor: bump node-fetch from 3.2.4 to 3.2.10 (#8150) dependabot[bot] 2022-09-04 17:32:27 +02:00
  • 6a2651c325 refactor: upgrade @graphql-tools/schema from 9.0.0 to 9.0.1 (#8147) Snyk bot 2022-09-04 14:01:16 +02:00
  • a2d0de7656 refactor: upgrade mongodb from 4.7.0 to 4.8.1 (#8148) Snyk bot 2022-09-04 11:46:36 +02:00
  • 149884fe3e refactor: upgrade mongodb from 4.6.0 to 4.7.0 (#8083) Snyk bot 2022-09-03 11:22:42 +02:00
  • f821dfd02a refactor: upgrade @graphql-tools/utils from 8.9.1 to 8.10.0 (#8142) Snyk bot 2022-09-03 02:20:43 +02:00
  • 4c0c7c77b7 fix: brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) (#8146) [skip release] Manuel 2022-09-02 21:43:31 +02:00
  • f0db4ca4a4 fix: brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) (#8145) [skip release] Manuel 2022-09-02 21:43:09 +02:00
  • e29f7c0431 chore(release): 4.10.14 [skip ci] 4.10.14 semantic-release-bot 2022-09-02 19:28:55 +00:00
  • 83fd16c1b9 chore(release): 5.2.5 [skip ci] 5.2.5 semantic-release-bot 2022-09-02 19:20:39 +00:00
  • 634c44acd1 fix: brute force guessing of user sensitive data via search patterns; this fixes a security vulnerability in which internal and protected fields may be used as query constraints to guess the value of these fields and obtain sensitive data (GHSA-2m6g-crv8-p3c6) (#8143) Manuel 2022-09-02 21:15:09 +02:00
  • e39d51bd32 fix: brute force guessing of user sensitive data via search patterns; this fixes a security vulnerability in which internal and protected fields may be used as query constraints to guess the value of these fields and obtain sensitive data (GHSA-2m6g-crv8-p3c6) (#8144) Manuel 2022-09-02 21:13:18 +02:00
  • 5432082d82 refactor: upgrade @graphql-tools/merge from 8.3.2 to 8.3.3 (#8141) Snyk bot 2022-09-02 18:49:04 +02:00
  • 3de466ba9b refactor: upgrade @graphql-tools/schema from 8.5.1 to 9.0.0 (#8138) Snyk bot 2022-09-02 17:37:40 +02:00
  • 82eb4613d9 refactor: upgrade @graphql-tools/utils from 8.9.0 to 8.9.1 (#8140) Snyk bot 2022-08-31 19:19:10 +02:00
  • 276c32a0dd refactor: upgrade @graphql-tools/merge from 8.3.1 to 8.3.2 (#8139) Snyk bot 2022-08-31 13:24:47 +02:00
  • 4de1c9bdd5 refactor: upgrade @graphql-tools/schema from 8.5.0 to 8.5.1 (#8130) Snyk bot 2022-08-25 13:03:01 +01:00
  • 0287098ef5 refactor: upgrade @graphql-tools/merge from 8.3.0 to 8.3.1 (#8131) Snyk bot 2022-08-22 18:55:17 +01:00
  • ef5d59d784 refactor: upgrade @graphql-tools/utils from 8.6.13 to 8.9.0 (#8129) Snyk bot 2022-08-19 11:42:11 +01:00
  • 1db432db51 refactor: bump semver-regex and husky (#8134) dependabot[bot] 2022-08-19 00:31:14 +02:00
  • 54649eca67 refactor: upgrade @actions/core from 1.2.6 to 1.9.1 (#8132) dependabot[bot] 2022-08-18 23:57:20 +02:00
  • f693b55b1c refactor: upgrade undici from 5.8.0 to 5.9.1 (#8133) dependabot[bot] 2022-08-18 22:25:22 +02:00
  • 5c2d2c5193 refactor: upgrade ws from 8.8.0 to 8.8.1 (#8123) Manuel 2022-08-06 16:15:13 +02:00
  • eef750aa3e chore(release): 5.3.0-alpha.21 [skip ci] 5.3.0-alpha.21 semantic-release-bot 2022-08-05 09:34:45 +00:00
  • c16f529f74 fix: internal indices for classes _Idempotency and _Role are not protected in defined schema (#8121) Antoine Cormouls 2022-08-05 11:25:02 +02:00
  • 3351ca7cec refactor: upgrade lru-cache from 7.10.2 to 7.12.0 (#8114) Snyk bot 2022-07-27 01:37:32 +02:00
  • 2ea4e37a37 refactor: upgrade ldapjs from 2.3.2 to 2.3.3 (#8091) Antonio Davi Macedo Coelho de Castro 2022-07-25 14:59:31 -07:00
  • 1246551be3 refactor: upgrade lru-cache from 7.10.1 to 7.10.2 (#8102) Snyk bot 2022-07-25 14:09:27 +02:00
  • 145008c7d1 chore(release): 5.3.0-alpha.20 [skip ci] 5.3.0-alpha.20 semantic-release-bot 2022-07-22 18:18:50 +00:00
  • 4aa016b732 fix: security upgrade undici from 5.6.0 to 5.8.0 (#8108) dependabot[bot] 2022-07-22 20:11:21 +02:00
  • a96e15b3f7 refactor: upgrade @graphql-tools/merge from 8.2.15 to 8.3.0 (#8106) Snyk bot 2022-07-21 00:27:35 +02:00
  • 861fb211c7 refactor: upgrade @graphql-tools/schema from 8.3.14 to 8.5.0 (#8104) Snyk bot 2022-07-19 18:34:00 +02:00
  • 266011c5a5 refactor: upgrade winston from 3.7.2 to 3.8.0 (#8103) Snyk bot 2022-07-17 12:37:15 +01:00
  • e93a0aab57 refactor: bump moment from 2.29.3 to 2.29.4 (#8101) dependabot[bot] 2022-07-15 22:39:48 +02:00
  • 24fe6dc939 refactor: upgrade @graphql-tools/merge from 8.2.14 to 8.2.15 (#8100) Snyk bot 2022-07-15 11:55:10 +01:00
  • 38ba9b4f47 refactor: bump undici from 5.2.0 to 5.6.0 (#8094) dependabot[bot] 2022-07-03 13:45:01 +02:00
  • e3f634e740 chore(release): 5.3.0-alpha.19 [skip ci] 5.3.0-alpha.19 semantic-release-bot 2022-07-03 10:30:00 +00:00
  • 7f5a15d5df fix: graphQL query ignores condition equalTo with value false (#8032) Jong Eun Lee 2022-07-03 18:13:10 +08:00
  • 6e68656629 refactor: upgrade @graphql-tools/merge from 8.2.13 to 8.2.14 (#8085) Diamond Lewis 2022-07-03 04:33:30 -05:00
  • 0d16a64eea refactor: upgrade ws from 8.7.0 to 8.8.0 (#8092) Antonio Davi Macedo Coelho de Castro 2022-07-02 02:36:03 -07:00
  • abd8536f48 refactor: upgrade @graphql-tools/utils from 8.6.12 to 8.6.13 (#8086) Diamond Lewis 2022-06-30 16:50:12 -05:00
  • 65ce27440a refactor: upgrade @graphql-tools/schema from 8.3.13 to 8.3.14 (#8087) Diamond Lewis 2022-06-30 09:41:34 -05:00
  • 9fd4516cde fix: protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] (#8076) Manuel 2022-06-30 13:01:40 +02:00
  • 636d16e0f9 fix: protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] (#8075) Manuel 2022-06-30 12:53:31 +02:00
  • e42be5c526 chore(release): 5.2.4 [skip ci] 5.2.4 semantic-release-bot 2022-06-30 10:46:12 +00:00
  • 4748e9bbd3 chore(release): 4.10.13 [skip ci] 4.10.13 semantic-release-bot 2022-06-30 10:38:27 +00:00
  • 309f64ced8 fix: protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields ([GHSA-crrq-vr9j-fxxh](https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh)) (https://github.com/parse-community/parse-server/pull/8074) (#8073) Manuel 2022-06-30 12:26:39 +02:00
  • 054f3e6ab0 fix: protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields ([GHSA-crrq-vr9j-fxxh](https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh)) (#8074) Manuel 2022-06-30 12:24:34 +02:00
  • e8eb546c90 refactor: upgrade jwks-rsa from 2.1.3 to 2.1.4 (#8088) Diamond Lewis 2022-06-30 04:28:33 -05:00
  • 0fd600cf24 docs: add template and issue link requirements (#8080) Manuel 2022-06-28 11:18:02 +02:00
  • 35cd6910de docs: add LTS explanation and open vulnerabilities to README (#8077) Manuel 2022-06-28 10:19:48 +02:00
  • 7844442840 docs: add missing heading to commit message section (#8079) Manuel 2022-06-28 10:03:40 +02:00
  • 42c9543189 refactor: upgrade winston-daily-rotate-file from 4.6.1 to 4.7.1 (#8066) Antonio Davi Macedo Coelho de Castro 2022-06-22 13:14:03 -07:00
  • 86832b9b95 refactor: upgrade follow-redirects from 1.15.0 to 1.15.1 (#8063) Snyk bot 2022-06-19 14:48:12 +01:00
  • e26beb1f5c refactor: upgrade ws from 8.6.0 to 8.7.0 (#8064) Snyk bot 2022-06-19 09:12:20 +01:00
  • 4c9e95674a fix: invalid file request not properly handled [skip release] (#8062) Manuel 2022-06-18 02:38:04 +02:00
  • 1a04a347cf fix: invalid file request not properly handled [skip release] (#8061) Manuel 2022-06-18 02:15:08 +02:00
  • 6286d2e34f chore(release): 4.10.12 [skip ci] 4.10.12 semantic-release-bot 2022-06-17 23:43:36 +00:00
  • eb2952fff7 chore(release): 5.2.3 [skip ci] 5.2.3 semantic-release-bot 2022-06-17 23:40:39 +00:00
  • 5be375dec2 fix: invalid file request not properly handled; this fixes a security vulnerability in which an invalid file request can crash the server ([GHSA-xw6g-jjvf-wwf9](https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9)) (#8060) Manuel 2022-06-18 01:33:19 +02:00
  • 5f423224bd fix: invalid file request not properly handled; this fixes a security vulnerability in which an invalid file request can crash the server ([GHSA-xw6g-jjvf-wwf9](https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9)) (#8059) Manuel 2022-06-18 01:29:49 +02:00
  • 75af9a26cc fix: certificate in Apple Game Center auth adapter not validated [skip release] (#8058) Manuel 2022-06-17 20:22:35 +02:00
  • 4c2aa63fd2 fix: certificate in Apple Game Center auth adapter not validated [skip release] (#8055) Manuel 2022-06-17 19:32:30 +02:00
  • 4a1039679c docs: add release instructions (#8056) Manuel 2022-06-17 19:31:49 +02:00
  • ad680bd312 chore(release): 4.10.11 [skip ci] 4.10.11 semantic-release-bot 2022-06-17 16:38:16 +00:00
  • ed0baa87af chore(release): 5.2.2 [skip ci] 5.2.2 semantic-release-bot 2022-06-17 16:36:47 +00:00
  • ba2b0a9cb9 fix: certificate in Apple Game Center auth adapter not validated; this fixes a security vulnerability in which authentication could be bypassed using a fake certificate; if you are using the Apple Gamer Center auth adapter it is your responsibility to keep its root certificate up-to-date and we advice you read the security advisory ([GHSA-rh9j-f5f8-rvgc](https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc)) Manuel 2022-06-17 18:29:26 +02:00
  • 145838d2d9 fix: certificate in Apple Game Center auth adapter not validated; this fixes a security vulnerability in which authentication could be bypassed using a fake certificate; if you are using the Apple Gamer Center auth adapter it is your responsibility to keep its root certificate up-to-date and we advice you read the security advisory ([GHSA-rh9j-f5f8-rvgc](https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc)) Manuel 2022-06-17 18:24:13 +02:00
  • 8580a524eb fix CI timeout Manuel Trezza 2022-06-17 17:57:22 +02:00
  • 53afafa13f Update gcenter.js Manuel Trezza 2022-06-17 17:30:54 +02:00
  • c411c48d49 Create game_center.pem Manuel Trezza 2022-06-17 16:16:52 +02:00
  • 07786c1666 fix adapter Manuel Trezza 2022-06-17 14:56:11 +02:00