Parse Server for Node.js / Express
APACHE-2.0 License
Bot releases are visible (Hide)
Published by parseplatformorg over 1 year ago
Published by parseplatformorg over 1 year ago
Published by parseplatformorg over 1 year ago
Published by parseplatformorg over 1 year ago
Published by parseplatformorg over 1 year ago
Published by parseplatformorg over 1 year ago
Published by parseplatformorg over 1 year ago
Published by parseplatformorg over 1 year ago
schemaCacheTtl
for schema cache pulling as alternative to enableSchemaHooks
(#8436) (b3b76de)resetPasswordSuccessOnInvalidEmail
to choose success or error response on password reset with invalid email (#7551) (e5d610e)fields
option in favor of keys
for semantic consistency (#8388) (a49e323)Published by parseplatformorg over 1 year ago
Published by parseplatformorg over 1 year ago
Published by parseplatformorg over 1 year ago
Published by parseplatformorg over 1 year ago
Published by parseplatformorg over 1 year ago
requestKeywordDenylist
can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability GHSA-xprv-wvh7-qqqx (#8302) (6728da1)Published by parseplatformorg over 1 year ago
trustProxy
accordingly if Parse Server runs behind a proxy server, see the express framework's trust proxy setting; this fixes a security vulnerability in which the Parse Server option masterKeyIps
may be circumvented, see GHSA-vm5r-c87r-pf6x (#8369) (e016d81)Published by parseplatformorg over 1 year ago
This is a major release with breaking changes. We prepared a migration guide to help you migrating from Parse Server 5. For the full list of breaking changes see the section below.
RUN apk --no-cache add git
(#8359) (40810b4)_
) are only returned using the new maintenanceKey
; previously the masterKey
allowed reading of internal fields; see access scopes for a comparison of the keys' access permissions (#8212) (f3bcc93)ParseServer.verifyServerUrl
now returns a promise instead of a callback. (ffa4974)$match
and the MongoDB document ID is referenced using _id
instead of objectId
(#8362) (d0d30c4)trustProxy
accordingly if Parse Server runs behind a proxy server, see the express framework's trust proxy setting (#8372) (892040d)package-lock.json
is upgraded to version 2; while it is backwards with version 1 for the npm installer, consider this if you run any non-npm analysis tools that use the lock file (#8285) (ee72467)serverStartComplete
; see the Parse Server 6 migration guide for more details (#8232) (99fcf45)Date
object was saved as a JSON object like { "__type": "Date", "iso": "2020-01-01T00:00:00.000Z" }
instead of its serialized representation 2020-01-01T00:00:00.000Z
(#8209) (1412666)enforcePrivateUsers
is set to true
by default; in previous releases this option defaults to false
; this change improves the default security configuration of Parse Server (#8283) (ed499e3)masterKey
to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (#8281) (6c16021)afterLogin
, afterLogout
returns a rejected promise; in previous releases it crashed the server if you did not handle the error on the Node.js process level; consider adapting your code if your app currently handles these errors on the Node.js process level with process.on('unhandledRejection', ...)
(130d290)directAccess
defaults to true; set this to false
in environments where multiple Parse Server instances run behind a load balancer and Parse requests within the current Node.js environment should be routed via the load balancer and distributed as HTTP requests among all instances via the serverURL
. (f535ee6)Parse.Cloud.httpRequest
is removed; use your preferred 3rd party library for making HTTP requests (2d79c08)ParseServer.verifyServerUrl
may fail if server response headers are missing; remove unnecessary logging (#8391) (1c37a7c)beforeSave
does not work with Parse.Role
(#8320) (f29d972)masterKeyIps
does not include localhost by default for IPv6 (#8322) (ab82635)masterKeyIps
may be circumvented, see GHSA-vm5r-c87r-pf6x (#8372) (892040d)afterLogin
, afterLogout
crashes server (#8280) (130d290)maintenanceKey
; the internal scope contains unofficial and undocumented fields (prefixed with underscore _
) which are used internally by Parse Server; you may want to manipulate these fields for out-of-band changes such as data migration or correction tasks; changes within the internal scope of Parse Server may happen at any time without notice or changelog entry, it is therefore recommended to look at the source code of Parse Server to understand the effects of manipulating internal fields before using the key; it is discouraged to use the maintenanceKey
for routine operations in a production environment; see access scopes (#8212) (f3bcc93)verifyServerUrl
for new asynchronous Parse Server start-up states (#8366) (ffa4974)ParseQuery.watch
to trigger LiveQuery only on update of specific fields (#8028) (fc92faa)DEPPS1
: Native MongoDB syntax in aggregation pipeline (#8362) (d0d30c4)DEPPS2
: Config option directAccess
defaults to true (#8284) (f535ee6)DEPPS3
: Config option enforcePrivateUsers
defaults to true
(#8283) (ed499e3)DEPPS4
: Remove convenience method for http request Parse.Cloud.httpRequest
(#8287) (2d79c08)masterKey
to localhost by default (#8281) (6c16021)package-lock.json
to version 2 (#8285) (ee72467)masterKeyIps
(#8350) (e22b73d)Published by parseplatformorg over 1 year ago
ParseServer.verifyServerUrl
may fail if server response headers are missing; remove unnecessary logging (#8391) (1c37a7c)beforeSave
does not work with Parse.Role
(#8320) (f29d972)masterKeyIps
does not include localhost by default for IPv6 (#8322) (ab82635)masterKeyIps
may be circumvented, see GHSA-vm5r-c87r-pf6x (#8372) (892040d)afterLogin
, afterLogout
crashes server (#8280) (130d290)maintenanceKey
; the internal scope contains unofficial and undocumented fields (prefixed with underscore _
) which are used internally by Parse Server; you may want to manipulate these fields for out-of-band changes such as data migration or correction tasks; changes within the internal scope of Parse Server may happen at any time without notice or changelog entry, it is therefore recommended to look at the source code of Parse Server to understand the effects of manipulating internal fields before using the key; it is discouraged to use the maintenanceKey
for routine operations in a production environment; see access scopes (#8212) (f3bcc93)verifyServerUrl
for new asynchronous Parse Server start-up states (#8366) (ffa4974)ParseQuery.watch
to trigger LiveQuery only on update of specific fields (#8028) (fc92faa)DEPPS1
: Native MongoDB syntax in aggregation pipeline (#8362) (d0d30c4)DEPPS2
: Config option directAccess
defaults to true (#8284) (f535ee6)DEPPS3
: Config option enforcePrivateUsers
defaults to true
(#8283) (ed499e3)DEPPS4
: Remove convenience method for http request Parse.Cloud.httpRequest
(#8287) (2d79c08)masterKey
to localhost by default (#8281) (6c16021)package-lock.json
to version 2 (#8285) (ee72467)masterKeyIps
(#8350) (e22b73d)RUN apk --no-cache add git
(#8359) (40810b4)_
) are only returned using the new maintenanceKey
; previously the masterKey
allowed reading of internal fields; see access scopes for a comparison of the keys' access permissions (#8212) (f3bcc93)ParseServer.verifyServerUrl
now returns a promise instead of a callback. (ffa4974)$match
and the MongoDB document ID is referenced using _id
instead of objectId
(#8362) (d0d30c4)trustProxy
accordingly if Parse Server runs behind a proxy server, see the express framework's trust proxy setting (#8372) (892040d)package-lock.json
is upgraded to version 2; while it is backwards with version 1 for the npm installer, consider this if you run any non-npm analysis tools that use the lock file (#8285) (ee72467)serverStartComplete
; see the Parse Server 6 migration guide for more details (#8232) (99fcf45)Date
object was saved as a JSON object like { "__type": "Date", "iso": "2020-01-01T00:00:00.000Z" }
instead of its serialized representation 2020-01-01T00:00:00.000Z
(#8209) (1412666)enforcePrivateUsers
is set to true
by default; in previous releases this option defaults to false
; this change improves the default security configuration of Parse Server (#8283) (ed499e3)masterKey
to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (#8281) (6c16021)afterLogin
, afterLogout
returns a rejected promise; in previous releases it crashed the server if you did not handle the error on the Node.js process level; consider adapting your code if your app currently handles these errors on the Node.js process level with process.on('unhandledRejection', ...)
(130d290)directAccess
defaults to true; set this to false
in environments where multiple Parse Server instances run behind a load balancer and Parse requests within the current Node.js environment should be routed via the load balancer and distributed as HTTP requests among all instances via the serverURL
. (f535ee6)Parse.Cloud.httpRequest
is removed; use your preferred 3rd party library for making HTTP requests (2d79c08)Published by parseplatformorg over 1 year ago
Published by parseplatformorg over 1 year ago