github zenstackhq/zenstack v2.4.0
ZenStack Release v2.4.0

latest releases: v2.8.1, v2.8.0, v2.7.5...
3 months ago

Security Fixes

  • Added more reduction to the generated Prisma queries to workaround a Prisma bug (prisma/prisma#21856) that can potentially breach access control #1627

    The background is ZenStack internally uses { AND: [] } to represent constant true and { OR: [] } for constant false. However, Prisma provides inconsistent query results in certain nesting combinations. The fix introduced more query reduction logic to avoid generating such combinations.

    It's recommended that you upgrade ASAP after thorough testing.

Fixes and Improvements

  • RedwoodJS package "@zenstackhq/redwood" now supports Redwood V7 #1553. Special thanks to @ladderschool for identifying the related breaking changes!
  • REST-flavor API: support comma-separated multiple filter values #1573
  • Fixed false-positive validation errors when using polymorphic models with tRPC #1608
  • Fixed Zod schema compilation errors when outputting to a custom directory #1610
  • Fixed "@zenstackhq/swr" plugin build issues which can cause typescript typing errors with certain tsconfig settings
  • Consistently throw Prisma error types #1596
  • Removed createMany from input arg's typing for delegate models to avoid confusion #1577
  • Fixed an excessively strict Zod schema causing rejection during update #1563
  • Fixed the issue that explicitly providing a "@core/enhancer" plugin in ZModel causes data validation to be muted #1562
  • Fixed Prisma schema generation errors when @map is used on a foreign key field #1551
  • Fixed Prisma schema generation errors when very long model names are used

Full Changelog: v2.3.3...v2.4.0

Thanks to @irvinzz for helping with this release!

Don't miss a new zenstack release

NewReleases is sending notifications on new releases.