github parse-community/parse-server 6.0.0

latest releases: 6.5.11, 7.4.0-alpha.5, 7.4.0-alpha.4...
21 months ago

6.0.0 (2023-01-31)

Migration Guide

This is a major release with breaking changes. We prepared a migration guide to help you migrating from Parse Server 5. For the full list of breaking changes see the section below.

BREAKING CHANGES

  • The Docker image does not contain the git dependency anymore; if you have been using git as a transitive dependency it now needs to be explicitly installed in your Docker file, for example with RUN apk --no-cache add git (#8359) (40810b4)
  • Fields in the internal scope of Parse Server (prefixed with underscore _) are only returned using the new maintenanceKey; previously the masterKey allowed reading of internal fields; see access scopes for a comparison of the keys' access permissions (#8212) (f3bcc93)
  • The method ParseServer.verifyServerUrl now returns a promise instead of a callback. (ffa4974)
  • The MongoDB aggregation pipeline requires native MongoDB syntax instead of the custom Parse Server syntax; for example pipeline stage names require a leading dollar sign like $match and the MongoDB document ID is referenced using _id instead of objectId (#8362) (d0d30c4)
  • The mechanism to determine the client IP address has been rewritten; to correctly determine the IP address it is now required to set the Parse Server option trustProxy accordingly if Parse Server runs behind a proxy server, see the express framework's trust proxy setting (#8372) (892040d)
  • The Node Package Manager lock file package-lock.json is upgraded to version 2; while it is backwards with version 1 for the npm installer, consider this if you run any non-npm analysis tools that use the lock file (#8285) (ee72467)
  • This release introduces the asynchronous initialization of Parse Server to prevent mounting Parse Server before being ready to receive request; it changes how Parse Server is imported, initialized and started; it also removes the callback serverStartComplete; see the Parse Server 6 migration guide for more details (#8232) (99fcf45)
  • Nested objects are now properly stored in the database using JSON serialization; previously, due to a bug only top-level objects were serialized, but nested objects were saved as raw JSON; for example, a nested Date object was saved as a JSON object like { "__type": "Date", "iso": "2020-01-01T00:00:00.000Z" } instead of its serialized representation 2020-01-01T00:00:00.000Z (#8209) (1412666)
  • The Parse Server option enforcePrivateUsers is set to true by default; in previous releases this option defaults to false; this change improves the default security configuration of Parse Server (#8283) (ed499e3)
  • This release restricts the use of masterKey to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (#8281) (6c16021)
  • This release upgrades to Redis 4; if you are using the Redis cache adapter with Parse Server then this is a breaking change as the Redis client options have changed; see the Redis migration guide for more details (#8293) (7d622f0)
  • This release removes support for MongoDB 4.0; the new minimum supported MongoDB version is 4.2. which also removes support for the deprecated MongoDB MMAPv1 storage engine (37245f6)
  • Throwing an error in Cloud Code Triggers afterLogin, afterLogout returns a rejected promise; in previous releases it crashed the server if you did not handle the error on the Node.js process level; consider adapting your code if your app currently handles these errors on the Node.js process level with process.on('unhandledRejection', ...) (130d290)
  • Config option directAccess defaults to true; set this to false in environments where multiple Parse Server instances run behind a load balancer and Parse requests within the current Node.js environment should be routed via the load balancer and distributed as HTTP requests among all instances via the serverURL. (f535ee6)
  • The convenience method for HTTP requests Parse.Cloud.httpRequest is removed; use your preferred 3rd party library for making HTTP requests (2d79c08)
  • This release removes Node 12 and Node 17 support (2546cc8)

Bug Fixes

  • ParseServer.verifyServerUrl may fail if server response headers are missing; remove unnecessary logging (#8391) (1c37a7c)
  • Cloud Code trigger beforeSave does not work with Parse.Role (#8320) (f29d972)
  • ES6 modules do not await the import of Cloud Code files (#8368) (a7bd180)
  • Nested objects are encoded incorrectly for MongoDB (#8209) (1412666)
  • Parse Server option masterKeyIps does not include localhost by default for IPv6 (#8322) (ab82635)
  • Rate limiter may reject requests that contain a session token (#8399) (c114dc8)
  • Remove Node 12 and Node 17 support (#8279) (2546cc8)
  • Schema without class level permissions may cause error (#8409) (aa2cd51)
  • The client IP address may be determined incorrectly in some cases; this fixes a security vulnerability in which the Parse Server option masterKeyIps may be circumvented, see GHSA-vm5r-c87r-pf6x (#8372) (892040d)
  • Throwing error in Cloud Code Triggers afterLogin, afterLogout crashes server (#8280) (130d290)

Features

  • Access the internal scope of Parse Server using the new maintenanceKey; the internal scope contains unofficial and undocumented fields (prefixed with underscore _) which are used internally by Parse Server; you may want to manipulate these fields for out-of-band changes such as data migration or correction tasks; changes within the internal scope of Parse Server may happen at any time without notice or changelog entry, it is therefore recommended to look at the source code of Parse Server to understand the effects of manipulating internal fields before using the key; it is discouraged to use the maintenanceKey for routine operations in a production environment; see access scopes (#8212) (f3bcc93)
  • Adapt verifyServerUrl for new asynchronous Parse Server start-up states (#8366) (ffa4974)
  • Add ParseQuery.watch to trigger LiveQuery only on update of specific fields (#8028) (fc92faa)
  • Add Node 19 support (#8363) (a4990dc)
  • Add option to change the log level of the logs emitted by triggers (#8328) (8f3b694)
  • Add request rate limiter based on IP address (#8174) (6c79f6a)
  • Asynchronous initialization of Parse Server (#8232) (99fcf45)
  • Improve authentication adapter interface to support multi-factor authentication (MFA), authentication challenges, and provide a more powerful interface for writing custom authentication adapters (#8156) (5bbf9ca)
  • Reduce Docker image size by improving stages (#8359) (40810b4)
  • Remove deprecation DEPPS1: Native MongoDB syntax in aggregation pipeline (#8362) (d0d30c4)
  • Remove deprecation DEPPS2: Config option directAccess defaults to true (#8284) (f535ee6)
  • Remove deprecation DEPPS3: Config option enforcePrivateUsers defaults to true (#8283) (ed499e3)
  • Remove deprecation DEPPS4: Remove convenience method for http request Parse.Cloud.httpRequest (#8287) (2d79c08)
  • Remove support for MongoDB 4.0 (#8292) (37245f6)
  • Restrict use of masterKey to localhost by default (#8281) (6c16021)
  • Upgrade Node Package Manager lock file package-lock.json to version 2 (#8285) (ee72467)
  • Upgrade Redis 3 to 4 (#8293) (7d622f0)
  • Upgrade Redis 3 to 4 for LiveQuery (#8333) (b2761fb)
  • Upgrade to Parse JavaScript SDK 4 (#8332) (9092874)
  • Write log entry when request with master key is rejected as outside of masterKeyIps (#8350) (e22b73d)

Don't miss a new parse-server release

NewReleases is sending notifications on new releases.