5.5.0 (2023-05-20)
Features
- Add new Parse Server option
fileUpload.fileExtensions
to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern^[^hH][^tT][^mM][^lL]?$
, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to['.*']
(#8537) (196e05f)