4.10.19

4.10.19 (2022-11-09)

Bug Fixes

• Parse Server option requestKeywordDenylist can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability GHSA-xprv-wvh7-qqqx (#8301) (0a2d412)

5.3.1

5.3.1 (2022-11-07)

Bug Fixes

• Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability GHSA-prm5-8g2m-24gg (#8295) (50eed3c)

4.10.18

4.10.18 (2022-11-07)

Bug Fixes

• Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability GHSA-prm5-8g2m-24gg (#8296) (47cfeee)

5.4.0-alpha.1

5.4.0-alpha.1 (2022-10-31)

Bug Fixes

• graphQL query ignores condition equalTo with value false (#8032) (7f5a15d)
• internal indices for classes _Idempotency and _Role are not protected in defined schema (#8121) (c16f529)
• liveQuery with containedIn not working when object field is an array (#8128) (1d9605b)
• push notifications badge doesn't update with Installation beforeSave trigger (#8162) (3c75c2b)
• query aggregation pipeline cannot handle value of type Date when directAccess: true (#8167) (e424137)
• relation constraints in compound queries Parse.Query.or, Parse.Query.and not working (#8203) (28f0d26)
• security upgrade undici from 5.6.0 to 5.8.0 (#8108) (4aa016b)
• sorting by non-existing value throws INVALID_SERVER_ERROR on Postgres (#8157) (3b775a1)
• updating object includes unchanged keys in client response for certain key types (#8159) (37af1d7)

Features

• add convenience access to Parse Server configuration in Cloud Code via Parse.Server (#8244) (9f11115)
• add option to change the default value of the Parse.Query.limit() constraint (#8152) (0388956)
• add support for MongoDB 6 (#8242) (aba0081)
• add support for Postgres 15 (#8215) (2feb6c4)
• liveQuery support for unsorted distance queries (#8221) (0f763da)

5.4.0-beta.1

5.4.0-beta.1 (2022-10-29)

Bug Fixes

• graphQL query ignores condition equalTo with value false (#8032) (7f5a15d)
• internal indices for classes _Idempotency and _Role are not protected in defined schema (#8121) (c16f529)
• liveQuery with containedIn not working when object field is an array (#8128) (1d9605b)
• push notifications badge doesn't update with Installation beforeSave trigger (#8162) (3c75c2b)
• query aggregation pipeline cannot handle value of type Date when directAccess: true (#8167) (e424137)
• relation constraints in compound queries Parse.Query.or, Parse.Query.and not working (#8203) (28f0d26)
• security upgrade undici from 5.6.0 to 5.8.0 (#8108) (4aa016b)
• sorting by non-existing value throws INVALID_SERVER_ERROR on Postgres (#8157) (3b775a1)
• updating object includes unchanged keys in client response for certain key types (#8159) (37af1d7)

Features

• add convenience access to Parse Server configuration in Cloud Code via Parse.Server (#8244) (9f11115)
• add option to change the default value of the Parse.Query.limit() constraint (#8152) (0388956)
• add support for MongoDB 6 (#8242) (aba0081)
• add support for Postgres 15 (#8215) (2feb6c4)
• liveQuery support for unsorted distance queries (#8221) (0f763da)

5.3.0

5.3.0 (2022-10-29)

Bug Fixes

• afterSave trigger removes pointer in Parse object (#7913) (47d796e)
• auto-release process may fail if optional back-merging task fails (#8051) (cf925e7)
• custom database options are not passed to MongoDB GridFS (#7911) (b1e5565)
• deprecate allowClientClassCreation defaulting to true (#7925) (38ed96a)
• errors in GraphQL do not show the original error but a general Unexpected Error (#8045) (0d81887)
• interrupted WebSocket connection not closed by LiveQuery server (#8012) (2d5221e)
• live query role cache does not clear when a user is added to a role (#8026) (199dfc1)
• peer dependency mismatch for GraphQL dependencies (#7934) (0a6faa8)
• return correct response when revert is used in beforeSave (#7839) (19900fc)
• security upgrade @parse/fs-files-adapter from 1.2.1 to 1.2.2 (#7948) (3a70fda)
• security upgrade moment from 2.29.1 to 2.29.2 (#7931) (731c550)
• security upgrade parse push adapter from 4.1.0 to 4.1.2 (#7893) (93667b4)
• websocket connection of LiveQuery interrupts frequently (#8048) (03caae1)

Features

• add MongoDB 5.1 compatibility (#7682) (022a856)
• add MongoDB 5.2 support (#7894) (5bfa716)
• add support for Node 17 and 18 (#7896) (3e9f292)
• align file trigger syntax with class trigger; use the new syntax Parse.Cloud.beforeSave(Parse.File, (request) => {}), the old syntax Parse.Cloud.beforeSaveFile((request) => {}) has been deprecated (#7966) (c6dcad8)
• replace GraphQL Apollo with GraphQL Yoga (#7967) (1aa2204)
• selectively enable / disable default authentication adapters (#7953) (c1e808f)
• upgrade mongodb from 4.4.1 to 4.5.0 (#7991) (e692b5d)

Performance Improvements

• reduce database operations when using the constant parameter in Cloud Function validation (#7892) (041197f)

5.3.0-alpha.32

5.3.0-alpha.32 (2022-10-29)

Features

• add convenience access to Parse Server configuration in Cloud Code via Parse.Server (#8244) (9f11115)

5.3.0-alpha.31

5.3.0-alpha.31 (2022-10-24)

Bug Fixes

• relation constraints in compound queries Parse.Query.or, Parse.Query.and not working (#8203) (28f0d26)

5.3.0-alpha.30

5.3.0-alpha.30 (2022-10-17)

Features

• add support for MongoDB 6 (#8242) (aba0081)

5.3.0-alpha.29

5.3.0-alpha.29 (2022-10-15)

Bug Fixes

• server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests (GHSA-h423-w6qv-2wj3) [skip release] (#8238) (c03908f)

Features

• add support for Postgres 15 (#8215) (2feb6c4)