Parse Server for Node.js / Express
APACHE-2.0 License
Bot releases are hidden (Show)
Published by parseplatformorg almost 3 years ago
null
. Previously, setting a field value to null
would save a null value in the database, which was not according to the GraphQL specs. To delete a file field use file: null
, the previous way of using file: { file: null }
has become obsolete. (626fad2)Published by mtrezza about 3 years ago
databaseOptions.enableSchemaHooks: true
to enable this feature and keep the schema in sync across all instances. Failing to do so will cause a schema change to not propagate to other instances and re-syncing will only happen when these instances restart. The options enableSingleSchemaCache
and schemaCacheTTL
have been removed. To use this feature with MongoDB, a replica set cluster with change stream support is required. (Diamond Lewis, SebC) #7214
fileUpload
parameter in the Parse Server Options (dblythy, Manuel Trezza) #7071
@parse/s3-files-adapter
(Manuel Trezza) #7324
restricted
; the field was a code artifact from a feature that never existed in Open Source Parse Server; if you have been using this field for custom purposes, consider that for new Parse Server installations the field does not exist anymore in the schema, and for existing installations the field default value false
will not be set anymore when creating a new session (Manuel Trezza) #7543
/loginAs
to create session of any user with master key; allows to impersonate another user. (GormanFletcher) #7406
enforcePrivateUsers
, which will remove public access by default on new Parse.Users (dblythy) #7319
Parse.Cloud.sendEmail(...)
to send email via email adapter in Cloud Code (dblythy) #7089
classNames
(Nes-si) #7131
requireAnyUserRoles
and requireAllUserRoles
for Parse Cloud validator (dblythy) #7097
accountLockout.unlockOnPasswordReset
to automatically unlock account on password reset (Manuel Trezza) #7146
options
to be async (dblythy) #7155
Parse.Cloud.httpRequest
; it is recommended to use a HTTP library instead. (Daniel Blyth) #7595
Published by mtrezza about 3 years ago
Published by mtrezza about 3 years ago
explain
query parameter to avoid a server crash due to MongoDB bug NODE-3463 (Kartal Kaan Bozdogan) GHSA-xqp8-w826-hh6x
Published by mtrezza about 3 years ago
⚠️ This includes a security fix of the Parse JS SDK where
logIn
will default toPOST
instead ofGET
method. This may require changes in your deployment before you upgrade to this release, see the Parse JS SDK 3.0.0 release notes.
Published by mtrezza about 3 years ago
Versions >4.5.2 and <4.10.0 are skipped.
⚠️ A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write access to the repository. The code to which these tags linked has not been reviewed or approved by Parse Platform. Even though no releases were published with these incorrect versions, it was possible to define a Parse Server dependency that pointed to these version tags, for example if you defined this dependency:
"parse-server": "[email protected]:parse-community/parse-server.git#4.9.3"
We have since deleted the incorrect version tags, but they may still show up in your personal fork on GitHub or locally. We do not know when these tags have been pushed to the Parse Server repository, but we first became aware of this issue on July 21, 2021. We are not aware of any malicious code or concerns related to privacy, security or legality (e.g. proprietary code). However, it has been reported that some functionality does not work as expected and the introduction of security vulnerabilities cannot be ruled out.
You may be also affected if you used the Bitnami image for Parse Server. Bitnami picked up the incorrect version tag
4.9.3
and published a new Bitnami image for Parse Server.If you are using any of the affected versions, we urgently recommend to upgrade to version
4.10.0
.
GHSA-593v-wcqx-hq2w
Published by mtrezza about 3 years ago
authProvider: password
of anonymous users. When signing up an anonymous user, the session field createdWith
indicates incorrectly that the session has been created using username and password with authProvider: password
, instead of an anonymous sign-up with authProvider: anonymous
. This fixes the issue by setting the correct authProvider: anonymous
for future sign-ups of anonymous users. This fix does not fix incorrect authProvider: password
for existing sessions of anonymous users. Consider this if your app logic depends on the authProvider
field. (Corey Baker) GHSA-23r4-5mxp-c7g5
Published by davimacedo almost 4 years ago
BREAKING CHANGES:
Published by davimacedo almost 4 years ago
Published by davimacedo over 4 years ago
Published by acinader over 4 years ago
Published by acinader over 4 years ago
SECURITY RELEASE: see advisory for details
Published by acinader over 4 years ago
BREAKING CHANGES:
Special Note on Upgrading to Parse Server 4.0.0 and above
In addition to the breaking changes noted above, #5634 introduces a two new case insensitive indexes on the
User
collection. Special care should be taken when upgrading to this version to ensure that:
The new indexes can be successfully created (see issue #6465 for details on a potential issue for your installation).
Care is taken ensure that there is adequate compute capacity to create the index in the background while still servicing requests.
Published by acinader over 4 years ago
BREAKING CHANGES:
Special Note on Upgrading to Parse Server 4.0.0 and above
In addition to the breaking changes noted above, #5634 introduces a two new case insensitive indexes on the
User
collection. Special care should be taken when upgrading to this version to ensure that:
The new indexes can be successfully created (see issue #6465 for details on a potential issue for your installation).
Care is taken ensure that there is adequate compute capacity to create the index in the background while still servicing requests.
Published by acinader over 4 years ago
BREAKING CHANGES:
Special Note on Upgrading to Parse Server 4.0.0 and above
In addition to the breaking changes noted above, #5634 introduces a two new case insensitive indexes on the
User
collection. Special care should be taken when upgrading to this version to ensure that:
The new indexes can be successfully created (see issue #6465 for details on a potential issue for your installation).
Care is taken ensure that there is adequate compute capacity to create the index in the background while still servicing requests.
afterLogin
cloud code hook #6387. Thanks to David Corona
Published by acinader almost 5 years ago
Published by davimacedo about 5 years ago
Published by acinader about 5 years ago
See the change log for details.
Published by davimacedo about 5 years ago