5.2.5

5.2.5 (2022-09-02)

Bug Fixes

• brute force guessing of user sensitive data via search patterns; this fixes a security vulnerability in which internal and protected fields may be used as query constraints to guess the value of these fields and obtain sensitive data (GHSA-2m6g-crv8-p3c6) (#8144) (e39d51b)

4.10.14

4.10.14 (2022-09-02)

Bug Fixes

• brute force guessing of user sensitive data via search patterns; this fixes a security vulnerability in which internal and protected fields may be used as query constraints to guess the value of these fields and obtain sensitive data (GHSA-2m6g-crv8-p3c6) (#8143) (634c44a)

5.3.0-alpha.21

5.3.0-alpha.21 (2022-08-05)

Bug Fixes

• internal indices for classes _Idempotency and _Role are not protected in defined schema (#8121) (c16f529)

5.3.0-alpha.20

5.3.0-alpha.20 (2022-07-22)

Bug Fixes

• security upgrade undici from 5.6.0 to 5.8.0 (#8108) (4aa016b)

5.3.0-alpha.19

5.3.0-alpha.19 (2022-07-03)

Bug Fixes

• certificate in Apple Game Center auth adapter not validated [skip release] (#8058) (75af9a2)
• graphQL query ignores condition equalTo with value false (#8032) (7f5a15d)
• invalid file request not properly handled [skip release] (#8062) (4c9e956)
• protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] (#8076) (9fd4516)

5.2.4

5.2.4 (2022-06-30)

Bug Fixes

• protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields (GHSA-crrq-vr9j-fxxh) (#8074) (#8073) (309f64c)

4.10.13

4.10.13 (2022-06-30)

Bug Fixes

• protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields (GHSA-crrq-vr9j-fxxh) (#8074) (054f3e6)

5.3.0-beta.1

5.3.0-beta.1 (2022-06-17)

Bug Fixes

• afterSave trigger removes pointer in Parse object (#7913) (47d796e)
• auto-release process may fail if optional back-merging task fails (#8051) (cf925e7)
• custom database options are not passed to MongoDB GridFS (#7911) (b1e5565)
• depreciate allowClientClassCreation defaulting to true (#7925) (38ed96a)
• errors in GraphQL do not show the original error but a general Unexpected Error (#8045) (0d81887)
• interrupted WebSocket connection not closed by LiveQuery server (#8012) (2d5221e)
• live query role cache does not clear when a user is added to a role (#8026) (199dfc1)
• peer dependency mismatch for GraphQL dependencies (#7934) (0a6faa8)
• return correct response when revert is used in beforeSave (#7839) (19900fc)
• security upgrade @parse/fs-files-adapter from 1.2.1 to 1.2.2 (#7948) (3a70fda)
• security upgrade moment from 2.29.1 to 2.29.2 (#7931) (731c550)
• security upgrade parse push adapter from 4.1.0 to 4.1.2 (#7893) (93667b4)
• websocket connection of LiveQuery interrupts frequently (#8048) (03caae1)

Features

• add MongoDB 5.1 compatibility (#7682) (022a856)
• add MongoDB 5.2 support (#7894) (5bfa716)
• add support for Node 17 and 18 (#7896) (3e9f292)
• align file trigger syntax with class trigger; use the new syntax Parse.Cloud.beforeSave(Parse.File, (request) => {}), the old syntax Parse.Cloud.beforeSaveFile((request) => {}) has been deprecated (#7966) (c6dcad8)
• replace GraphQL Apollo with GraphQL Yoga (#7967) (1aa2204)
• selectively enable / disable default authentication adapters (#7953) (c1e808f)
• upgrade mongodb from 4.4.1 to 4.5.0 (#7991) (e692b5d)

Performance Improvements

• reduce database operations when using the constant parameter in Cloud Function validation (#7892) (041197f)

5.3.0-alpha.18

5.3.0-alpha.18 (2022-06-17)

Bug Fixes

• auto-release process may fail if optional back-merging task fails (#8051) (cf925e7)

5.3.0-alpha.17

5.3.0-alpha.17 (2022-06-17)

Bug Fixes

• errors in GraphQL do not show the original error but a general Unexpected Error (#8045) (0d81887)
• websocket connection of LiveQuery interrupts frequently (#8048) (03caae1)