github parse-community/parse-server 4.10.7
on GitHub

latest releases: 7.1.0-alpha.6, 7.1.0-alpha.5, 7.1.0-alpha.4...
2 years ago

4.10.7 (2022-03-11)

Bug Fixes

  • security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7841) (886bfd7)

    Note that as part of the fix a new security feature scans for sensitive keywords in request data to prevent JavaScript prototype pollution. If such a keyword is found, the request is rejected with HTTP response code 400 and Parse Error 105 (INVALID_KEY_NAME). By default these keywords are: {_bsontype: "Code"}, constructor, __proto__. If you are using any of these keywords in your request data, you can override the default keywords by setting the new Parse Server option requestKeywordDenylist to [] and specify your own keywords as needed.

Check out latest releases or
releases around parse-community/parse-server 4.10.7

Don't miss a new parse-server release

NewReleases is sending notifications on new releases.

Get notifications