BREAKING CHANGES:
- FIX: Consistent casing for afterLiveQueryEvent. The afterLiveQueryEvent was introduced in 4.4.0 with inconsistent casing for the event names, which was fixed in 4.5.0. #7023. Thanks to dblythy.
- FIX: Properly handle serverURL and publicServerUrl in Batch requests. #7049. Thanks to Zach Goldberg.
- IMPROVE: Prevent invalid column names (className and length). #7053. Thanks to Diamond Lewis.
- IMPROVE: GraphQL: Remove viewer from logout mutation. #7029. Thanks to Antoine Cormouls.
- IMPROVE: GraphQL: Optimize on Relation. #7044. Thanks to Antoine Cormouls.
- NEW: Include sessionToken in onLiveQueryEvent. #7043. Thanks to dblythy.
- FIX: Definitions for accountLockout and passwordPolicy. #7040. Thanks to dblythy.
- FIX: Fix typo in server definitions for emailVerifyTokenReuseIfValid. #7037. Thanks to dblythy.
- SECURITY FIX: LDAP auth stores password in plain text. See GHSA-4w46-w44m-3jq3 for more details about the vulnerability and da905a3 for the fix. Thanks to Fabian Strachanski.
- NEW: Reuse tokens if they haven't expired. #7017. Thanks to dblythy.
- NEW: Add LDAPS-support to LDAP-Authcontroller. #7014. Thanks to Fabian Strachanski.
- FIX: (beforeSave/afterSave): Return value instead of Parse.Op for nested fields. #7005. Thanks to Diamond Lewis.
- FIX: (beforeSave): Skip Sanitizing Database results. #7003. Thanks to Diamond Lewis.
- FIX: Fix includeAll for querying a Pointer and Pointer array. #7002. Thanks to Corey Baker.
- FIX: Add encryptionKey to src/options/index.js. #6999. Thanks to dblythy.
- IMPROVE: Update PostgresStorageAdapter.js. #6989. Thanks to Vitaly Tomilov.