build: Release beta #8414
Merged
build: Release beta #8414
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# [5.4.0-alpha.1](parse-community/parse-server@5.3.0...5.4.0-alpha.1) (2022-10-31) ### Bug Fixes * authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](GHSA-r657-33vp-gp22)) [skip release] ([parse-community#8187](parse-community#8187)) ([8c8ec71](parse-community@8c8ec71)) * brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) ([parse-community#8146](parse-community#8146)) [skip release] ([4c0c7c7](parse-community@4c0c7c7)) * certificate in Apple Game Center auth adapter not validated [skip release] ([parse-community#8058](parse-community#8058)) ([75af9a2](parse-community@75af9a2)) * graphQL query ignores condition `equalTo` with value `false` ([parse-community#8032](parse-community#8032)) ([7f5a15d](parse-community@7f5a15d)) * internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([parse-community#8121](parse-community#8121)) ([c16f529](parse-community@c16f529)) * invalid file request not properly handled [skip release] ([parse-community#8062](parse-community#8062)) ([4c9e956](parse-community@4c9e956)) * liveQuery with `containedIn` not working when object field is an array ([parse-community#8128](parse-community#8128)) ([1d9605b](parse-community@1d9605b)) * protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([parse-community#8076](parse-community#8076)) ([9fd4516](parse-community@9fd4516)) * push notifications `badge` doesn't update with Installation beforeSave trigger ([parse-community#8162](parse-community#8162)) ([3c75c2b](parse-community@3c75c2b)) * query aggregation pipeline cannot handle value of type `Date` when `directAccess: true` ([parse-community#8167](parse-community#8167)) ([e424137](parse-community@e424137)) * relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([parse-community#8203](parse-community#8203)) ([28f0d26](parse-community@28f0d26)) * security upgrade undici from 5.6.0 to 5.8.0 ([parse-community#8108](parse-community#8108)) ([4aa016b](parse-community@4aa016b)) * server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](GHSA-h423-w6qv-2wj3)) [skip release] ([parse-community#8238](parse-community#8238)) ([c03908f](parse-community@c03908f)) * session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](GHSA-6w4q-23cf-j9jp)) [skip release] ([parse-community#8180](parse-community#8180)) ([37fed30](parse-community@37fed30)) * sorting by non-existing value throws `INVALID_SERVER_ERROR` on Postgres ([parse-community#8157](parse-community#8157)) ([3b775a1](parse-community@3b775a1)) * updating object includes unchanged keys in client response for certain key types ([parse-community#8159](parse-community#8159)) ([37af1d7](parse-community@37af1d7)) ### Features * add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([parse-community#8244](parse-community#8244)) ([9f11115](parse-community@9f11115)) * add option to change the default value of the `Parse.Query.limit()` constraint ([parse-community#8152](parse-community#8152)) ([0388956](parse-community@0388956)) * add support for MongoDB 6 ([parse-community#8242](parse-community#8242)) ([aba0081](parse-community@aba0081)) * add support for Postgres 15 ([parse-community#8215](parse-community#8215)) ([2feb6c4](parse-community@2feb6c4)) * liveQuery support for unsorted distance queries ([parse-community#8221](parse-community#8221)) ([0f763da](parse-community@0f763da))
…type pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](GHSA-prm5-8g2m-24gg) (parse-community#8297)
…d via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](GHSA-xprv-wvh7-qqqx) (parse-community#8304)
BREAKING CHANGE: This release removes Node 12 and Node 17 support
# [6.0.0-alpha.1](parse-community/parse-server@5.4.0-alpha.1...6.0.0-alpha.1) (2022-11-10) ### Bug Fixes * Remove Node 12 and Node 17 support ([parse-community#8279](parse-community#8279)) ([2546cc8](parse-community@2546cc8)) ### BREAKING CHANGES * This release removes Node 12 and Node 17 support ([2546cc8](2546cc8))
…r authentication (MFA), authentication challenges, and provide a more powerful interface for writing custom authentication adapters (parse-community#8156)
# [6.0.0-alpha.2](parse-community/parse-server@6.0.0-alpha.1...6.0.0-alpha.2) (2022-11-10) ### Features * Improve authentication adapter interface to support multi-factor authentication (MFA), authentication challenges, and provide a more powerful interface for writing custom authentication adapters ([parse-community#8156](parse-community#8156)) ([5bbf9ca](parse-community@5bbf9ca))
… request `Parse.Cloud.httpRequest` (parse-community#8287) BREAKING CHANGE: The convenience method for HTTP requests `Parse.Cloud.httpRequest` is removed; use your preferred 3rd party library for making HTTP requests
# [6.0.0-alpha.3](parse-community/parse-server@6.0.0-alpha.2...6.0.0-alpha.3) (2022-11-10) ### Features * Remove deprecation `DEPPS4`: Remove convenience method for http request `Parse.Cloud.httpRequest` ([parse-community#8287](parse-community#8287)) ([2d79c08](parse-community@2d79c08)) ### BREAKING CHANGES * The convenience method for HTTP requests `Parse.Cloud.httpRequest` is removed; use your preferred 3rd party library for making HTTP requests ([2d79c08](2d79c08))
…lts to true (parse-community#8284) BREAKING CHANGE: Config option `directAccess` defaults to true; set this to `false` in environments where multiple Parse Server instances run behind a load balancer and Parse requests within the current Node.js environment should be routed via the load balancer and distributed as HTTP requests among all instances via the `serverURL`.
# [6.0.0-alpha.4](parse-community/parse-server@6.0.0-alpha.3...6.0.0-alpha.4) (2022-11-10) ### Features * Remove deprecation `DEPPS2`: Config option `directAccess` defaults to true ([parse-community#8284](parse-community#8284)) ([f535ee6](parse-community@f535ee6)) ### BREAKING CHANGES * Config option `directAccess` defaults to true; set this to `false` in environments where multiple Parse Server instances run behind a load balancer and Parse requests within the current Node.js environment should be routed via the load balancer and distributed as HTTP requests among all instances via the `serverURL`. ([f535ee6](f535ee6))
…` crashes server (parse-community#8280) BREAKING CHANGE: Throwing an error in Cloud Code Triggers `afterLogin`, `afterLogout` returns a rejected promise; in previous releases it crashed the server if you did not handle the error on the Node.js process level; consider adapting your code if your app currently handles these errors on the Node.js process level with `process.on('unhandledRejection', ...)`
# [6.0.0-alpha.5](parse-community/parse-server@6.0.0-alpha.4...6.0.0-alpha.5) (2022-11-10) ### Bug Fixes * Throwing error in Cloud Code Triggers `afterLogin`, `afterLogout` crashes server ([parse-community#8280](parse-community#8280)) ([130d290](parse-community@130d290)) ### BREAKING CHANGES * Throwing an error in Cloud Code Triggers `afterLogin`, `afterLogout` returns a rejected promise; in previous releases it crashed the server if you did not handle the error on the Node.js process level; consider adapting your code if your app currently handles these errors on the Node.js process level with `process.on('unhandledRejection', ...)` ([130d290](130d290))
BREAKING CHANGE: This release removes support for MongoDB 4.0; the new minimum supported MongoDB version is 4.2. which also removes support for the deprecated MongoDB MMAPv1 storage engine
# [6.0.0-alpha.6](parse-community/parse-server@6.0.0-alpha.5...6.0.0-alpha.6) (2022-11-10) ### Features * Remove support for MongoDB 4.0 ([parse-community#8292](parse-community#8292)) ([37245f6](parse-community@37245f6)) ### BREAKING CHANGES * This release removes support for MongoDB 4.0; the new minimum supported MongoDB version is 4.2. which also removes support for the deprecated MongoDB MMAPv1 storage engine ([37245f6](37245f6))
BREAKING CHANGE: This release upgrades to Redis 4; if you are using the Redis cache adapter with Parse Server then this is a breaking change as the Redis client options have changed; see the [Redis migration guide](https://github.com/redis/node-redis/blob/redis%404.0.0/docs/v3-to-v4.md) for more details (parse-community#8293)
# [6.0.0-alpha.7](parse-community/parse-server@6.0.0-alpha.6...6.0.0-alpha.7) (2022-11-11) ### Features * Upgrade Redis 3 to 4 ([parse-community#8293](parse-community#8293)) ([7d622f0](parse-community@7d622f0)) ### BREAKING CHANGES * This release upgrades to Redis 4; if you are using the Redis cache adapter with Parse Server then this is a breaking change as the Redis client options have changed; see the [Redis migration guide](https://github.com/redis/node-redis/blob/redis%404.0.0/docs/v3-to-v4.md) for more details (parse-community#8293) ([7d622f0](7d622f0))
…unity#8281) BREAKING CHANGE: This release restricts the use of `masterKey` to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (parse-community#8281)
# [6.0.0-alpha.8](parse-community/parse-server@6.0.0-alpha.7...6.0.0-alpha.8) (2022-11-11) ### Features * Restrict use of `masterKey` to localhost by default ([parse-community#8281](parse-community#8281)) ([6c16021](parse-community@6c16021)) ### BREAKING CHANGES * This release restricts the use of `masterKey` to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (parse-community#8281) ([6c16021](6c16021))
…` defaults to `true` (parse-community#8283) BREAKING CHANGE: The Parse Server option `enforcePrivateUsers` is set to `true` by default; in previous releases this option defaults to `false`; this change improves the default security configuration of Parse Server (parse-community#8283)
# [6.0.0-alpha.9](parse-community/parse-server@6.0.0-alpha.8...6.0.0-alpha.9) (2022-11-16) ### Features * Remove deprecation `DEPPS3`: Config option `enforcePrivateUsers` defaults to `true` ([parse-community#8283](parse-community#8283)) ([ed499e3](parse-community@ed499e3)) ### BREAKING CHANGES * The Parse Server option `enforcePrivateUsers` is set to `true` by default; in previous releases this option defaults to `false`; this change improves the default security configuration of Parse Server (parse-community#8283) ([ed499e3](ed499e3))
# [6.0.0-alpha.26](parse-community/parse-server@6.0.0-alpha.25...6.0.0-alpha.26) (2023-01-20) ### Bug Fixes * ES6 modules do not await the import of Cloud Code files ([parse-community#8368](parse-community#8368)) ([a7bd180](parse-community@a7bd180))
…s are missing; remove unnecessary logging (parse-community#8391)
# [6.0.0-alpha.27](parse-community/parse-server@6.0.0-alpha.26...6.0.0-alpha.27) (2023-01-23) ### Bug Fixes * `ParseServer.verifyServerUrl` may fail if server response headers are missing; remove unnecessary logging ([parse-community#8391](parse-community#8391)) ([1c37a7c](parse-community@1c37a7c))
# [6.0.0-alpha.28](parse-community/parse-server@6.0.0-alpha.27...6.0.0-alpha.28) (2023-01-25) ### Bug Fixes * Rate limiter may reject requests that contain a session token ([parse-community#8399](parse-community#8399)) ([c114dc8](parse-community@c114dc8))
# [6.0.0-alpha.29](parse-community/parse-server@6.0.0-alpha.28...6.0.0-alpha.29) (2023-01-26) ### Features * Upgrade to Parse JavaScript SDK 4 ([parse-community#8332](parse-community#8332)) ([9092874](parse-community@9092874))
# [6.0.0-alpha.30](parse-community/parse-server@6.0.0-alpha.29...6.0.0-alpha.30) (2023-01-27) ### Bug Fixes * Schema without class level permissions may cause error ([parse-community#8409](parse-community#8409)) ([aa2cd51](parse-community@aa2cd51))
|
I will reformat the title to use the proper commit message syntax. |
This comment was marked as off-topic.
This comment was marked as off-topic.
* beta: docs: remove "skip release" entries from changelog chore(release): 5.4.0 [skip ci] refactor: Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](GHSA-93vw-8fm5-p2jf) (parse-community#8307) chore(release): 5.3.3 [skip ci] fix: Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](GHSA-93vw-8fm5-p2jf) (parse-community#8305) chore(release): 5.3.2 [skip ci] refactor: Parse Server option `requestKeywordDenylist` can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](GHSA-xprv-wvh7-qqqx) (parse-community#8303) fix: Parse Server option `requestKeywordDenylist` can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](GHSA-xprv-wvh7-qqqx) (parse-community#8302) refactor: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](GHSA-prm5-8g2m-24gg) (parse-community#8298) chore(release): 5.3.1 [skip ci] fix: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](GHSA-prm5-8g2m-24gg) (parse-community#8295)
mtrezza
force-pushed
the
build-release-beta
branch
from
99c4238 to
39a074f
Compare
Codecov ReportBase: 94.13% // Head: 94.31% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## beta #8414 +/- ##
==========================================
+ Coverage 94.13% 94.31% +0.17%
==========================================
Files 182 181 -1
Lines 13785 14401 +616
==========================================
+ Hits 12977 13582 +605
- Misses 808 819 +11
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
|
🎉 This change has been released in version 6.0.0-beta.1 |
|
🎉 This change has been released in version 6.0.0 |
|
🎉 This change has been released in version 6.0.0-alpha.31 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.