github parse-community/parse-server 5.3.0-alpha.27
on GitHub

latest releases: 6.5.11, 7.4.0-alpha.5, 7.4.0-alpha.4...
pre-release2 years ago

5.3.0-alpha.27 (2022-09-29)

Bug Fixes

  • authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for Facebook or Spotify and where the server-side authentication adapter configuration appIds is set as a string (e.g. abc) instead of an array of strings (e.g. ["abc"]) (GHSA-r657-33vp-gp22) [skip release] (#8187) (8c8ec71)
  • session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects (GHSA-6w4q-23cf-j9jp) [skip release] (#8180) (37fed30)

Features

  • add option to change the default value of the Parse.Query.limit() constraint (#8152) (0388956)
Check out latest releases or
releases around parse-community/parse-server 5.3.0-alpha.27

Don't miss a new parse-server release

NewReleases is sending notifications on new releases.

Get notifications