5.2.0-alpha.3

5.2.0-alpha.3 (2022-03-24)

Bug Fixes

• security bump minimist from 1.2.5 to 1.2.6 (#7884) (c5cf282)

5.2.0-alpha.2

5.2.0-alpha.2 (2022-03-24)

Bug Fixes

• sensitive keyword detection may produce false positives (#7881) (0d6f9e9)

4.10.8

4.10.8 (2022-03-24)

Bug Fixes

• sensitive keyword detection may produce false positives (#7883) (d347613)

5.2.0-beta.1

5.2.0-beta.1 (2022-03-23)

Features

• improved LiveQuery error logging with additional information (#7837) (443a509)

5.2.0-alpha.1

5.2.0-alpha.1 (2022-03-23)

Features

• improved LiveQuery error logging with additional information (#7837) (443a509)

5.1.1

5.1.1 (2022-03-18)

Reverts

• ci: temporarily disable breaking change detection (#7861) (effed92)

5.1.0

5.1.0 (2022-03-18)

Bug Fixes

• adding or modifying a nested property requires addField permissions (#7679) (6a6248b)
• bump nanoid from 3.1.25 to 3.2.0 (#7781) (f5f63bf)
• bump node-fetch from 2.6.1 to 3.1.1 (#7782) (9082351)
• node engine compatibility did not include node 16 (#7739) (ea7c014)
• node engine range has no upper limit to exclude incompatible node versions (#7692) (573558d)
• package.json & package-lock.json to reduce vulnerabilities (#7823) (5ca2288)
• schema cache not cleared in some cases (#7678) (5af6e5d)
• security upgrade follow-redirects from 1.14.6 to 1.14.7 (#7769) (8f5a861)
• security upgrade follow-redirects from 1.14.7 to 1.14.8 (#7801) (70088a9)
• security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7844) (e569f40)
• server crash using GraphQL due to missing @apollo/client peer dependency (#7787) (08089d6)
• unable to use objectId size higher than 19 on GraphQL API (#7627) (ed86c80)
• upgrade mime from 2.5.2 to 3.0.0 (#7725) (f5ef98b)
• upgrade parse from 3.3.1 to 3.4.0 (#7723) (d4c1f47)
• upgrade winston from 3.5.0 to 3.5.1 (#7820) (4af253d)

Features

• add Cloud Code context to ParseObject.fetch (#7779) (315290d)
• add Idempotency to Postgres (#7750) (0c3feaa)
• add support for Node 16 (#7707) (45cc58c)
• bump required node engine to >=12.22.10 (#7846) (5ace99d)
• support postgresql protocol in database URI (#7757) (caf4a23)
• support relativeTime query constraint on Postgres (#7747) (16b1b2a)
• upgrade to MongoDB Node.js driver 4.x for MongoDB 5.0 support (#7794) (f88aa2a)

Reverts

• refactor: allow ES import for cloud string if package type is module (b64640c)
• update node engine to 2.22.0 (#7827) (f235412)

⚠️ NOTABLE CHANGES

The following changes would formally require a major version increment (Parse Server 6.0), but given their low relevance they are released as part of this minor version increment (Parse Server 5.1).

• The MongoDB GridStore adapter has been removed. By default, Parse Server already uses GridFS, so if you do not manually use the GridStore adapter, you can ignore this change. Parse Server uses the GridFSBucket adapter instead of GridStore adapter by default since 2018. (f88aa2a)
• Removes official Node 15 support which has already reached it End-of-Life date. (45cc58c)

5.0.0-beta.10

5.0.0-beta.10 (2022-03-15)

Bug Fixes

• adding or modifying a nested property requires addField permissions (#7679) (6a6248b)
• bump nanoid from 3.1.25 to 3.2.0 (#7781) (f5f63bf)
• bump node-fetch from 2.6.1 to 3.1.1 (#7782) (9082351)
• node engine compatibility did not include node 16 (#7739) (ea7c014)
• node engine range has no upper limit to exclude incompatible node versions (#7692) (573558d)
• package.json & package-lock.json to reduce vulnerabilities (#7823) (5ca2288)
• schema cache not cleared in some cases (#7678) (5af6e5d)
• security upgrade follow-redirects from 1.14.6 to 1.14.7 (#7769) (8f5a861)
• security upgrade follow-redirects from 1.14.7 to 1.14.8 (#7801) (70088a9)
• security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7844) (e569f40)
• server crash using GraphQL due to missing @apollo/client peer dependency (#7787) (08089d6)
• unable to use objectId size higher than 19 on GraphQL API (#7627) (ed86c80)
• upgrade mime from 2.5.2 to 3.0.0 (#7725) (f5ef98b)
• upgrade parse from 3.3.1 to 3.4.0 (#7723) (d4c1f47)
• upgrade winston from 3.5.0 to 3.5.1 (#7820) (4af253d)

Features

• add Cloud Code context to ParseObject.fetch (#7779) (315290d)
• add Idempotency to Postgres (#7750) (0c3feaa)
• add support for Node 16 (#7707) (45cc58c)
• bump required node engine to >=12.22.10 (#7846) (5ace99d)
• support postgresql protocol in database URI (#7757) (caf4a23)
• support relativeTime query constraint on Postgres (#7747) (16b1b2a)
• upgrade to MongoDB Node.js driver 4.x for MongoDB 5.0 support (#7794) (f88aa2a)

Reverts

• refactor: allow ES import for cloud string if package type is module (b64640c)
• update node engine to 2.22.0 (#7827) (f235412)

BREAKING CHANGES

• This requires Node.js version >=12.22.10. (5ace99d)
• The MongoDB GridStore adapter has been removed. By default, Parse Server already uses GridFS, so if you do not manually use the GridStore adapter, you can ignore this change. (f88aa2a)
• Removes official Node 15 support which has reached it end-of-life date. (45cc58c)

5.0.0

5.0.0 (2022-03-14)

BREAKING CHANGES

• Improved schema caching through database real-time hooks. Reduces DB queries, decreases Parse Query execution time and fixes a potential schema memory leak. If multiple Parse Server instances connect to the same DB (for example behind a load balancer), set the Parse Server Option databaseOptions.enableSchemaHooks: true to enable this feature and keep the schema in sync across all instances. Failing to do so will cause a schema change to not propagate to other instances and re-syncing will only happen when these instances restart. The options enableSingleSchemaCache and schemaCacheTTL have been removed. To use this feature with MongoDB, a replica set cluster with change stream support is required. (Diamond Lewis, SebC) #7214
• Fix security vulnerability that allows remote code execution; as part of the fix a new security feature scans for sensitive keywords in request data to prevent JavaScript prototype pollution. If such a keyword is found, the request is rejected with HTTP response code 400 and Parse Error 105 (INVALID_KEY_NAME). By default these keywords are: {_bsontype: "Code"}, constructor, __proto__. If you are using any of these keywords in your request data, you can override the default keywords by setting the new Parse Server option requestKeywordDenylist to [] and specify your own keywords as needed. (GHSA-p6h4-93qp-jhcm) (#7843) (971adb5)
• Added file upload restriction. File upload is now only allowed for authenticated users by default for improved security. To allow file upload also for Anonymous Users or Public, set the fileUpload parameter in the Parse Server Options (dblythy, Manuel Trezza) #7071
• Removed parse-server-simple-mailgun-adapter dependency; to continue using the adapter it has to be explicitly installed (Manuel Trezza) #7321
• Remove support for MongoDB 3.6 which has reached its End-of-Life date and PostgreSQL 10 (Manuel Trezza) #7315
• Remove support for Node 10 which has reached its End-of-Life date (Manuel Trezza) #7314
• Bump required Node engine to >=12.22.10 (#7848) (23a3488)
• Remove S3 Files Adapter from Parse Server, instead install separately as @parse/s3-files-adapter (Manuel Trezza) #7324
• Remove Session field restricted; the field was a code artifact from a feature that never existed in Open Source Parse Server; if you have been using this field for custom purposes, consider that for new Parse Server installations the field does not exist anymore in the schema, and for existing installations the field default value false will not be set anymore when creating a new session (Manuel Trezza) #7543
• To delete a field via the GraphQL API, the field value has to be set to null. Previously, setting a field value to null would save a null value in the database, which was not according to the GraphQL specs. To delete a file field use file: null, the previous way of using file: { file: null } has become obsolete. (626fad2)

Notable Changes

• Alphabetical ordered GraphQL API, improved GraphQL Schema cache system and fix GraphQL input reassign issue (Moumouls) #7344
• Added Parse Server Security Check to report weak security settings (Manuel Trezza, dblythy) #7247
• EXPERIMENTAL: Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification (Manuel Trezza) #7128
• EXPERIMENTAL: Added custom routes to easily customize flows for password reset, email verification or build entirely new flows (Manuel Trezza) #7231
• Added Deprecation Policy to govern the introduction of breaking changes in a phased pattern that is more predictable for developers (Manuel Trezza) #7199
• Add REST API endpoint /loginAs to create session of any user with master key; allows to impersonate another user. (GormanFletcher) #7406
• Add official support for MongoDB 5.0 (Manuel Trezza) #7469
• Added Parse Server Configuration enforcePrivateUsers, which will remove public access by default on new Parse.Users (dblythy) #7319
• add support for Postgres 14 (#7644) (090350a)
• add user-defined schema and migrations (#7418) (25d5c30)
• setting a field to null does not delete it via GraphQL API (#7649) (626fad2)
• combined and query with relational query condition returns incorrect results (#7593) (174886e)
• node engine range has no upper limit to exclude incompatible node versions (#7693) (6a54dac)
• unable to use objectId size higher than 19 on GraphQL API (#7722) (8ee0445)
• schema cache not cleared in some cases (#7771) (3b92fa1)

Other Changes

• Support native mongodb syntax in aggregation pipelines (Raschid JF Rafeally) #7339
• Fix error when a not yet inserted job is updated (Antonio Davi Macedo Coelho de Castro) #7196
• request.context for afterFind triggers (dblythy) #7078
• Winston Logger interpolating stdout to console (dplewis) #7114
• Added convenience method Parse.Cloud.sendEmail(...) to send email via email adapter in Cloud Code (dblythy) #7089
• LiveQuery support for $and, $nor, $containedBy, $geoWithin, $geoIntersects queries (dplewis) #7113
• Supporting patterns in LiveQuery server's config parameter classNames (Nes-si) #7131
• Added requireAnyUserRoles and requireAllUserRoles for Parse Cloud validator (dblythy) #7097
• Support Facebook Limited Login (miguel-s) #7219
• Removed Stage name check on aggregate pipelines (BRETT71) #7237
• Retry transactions on MongoDB when it fails due to transient error (Antonio Davi Macedo Coelho de Castro) #7187
• Bump tests to use Mongo 4.4.4 (Antonio Davi Macedo Coelho de Castro) #7184
• Added new account lockout policy option accountLockout.unlockOnPasswordReset to automatically unlock account on password reset (Manuel Trezza) #7146
• Test Parse Server continuously against all recent MongoDB versions that have not reached their end-of-life support date, added MongoDB compatibility table to Parse Server docs (Manuel Trezza) #7161
• Test Parse Server continuously against all recent Node.js versions that have not reached their end-of-life support date, added Node.js compatibility table to Parse Server docs (Manuel Trezza) 7161
• Thro...

5.0.0-beta.9

5.0.0-beta.9 (2022-03-12)

Features

• bump required node engine to >=12.22.10 (#7848) (23a3488)

BREAKING CHANGES

• This requires Node.js version >=12.22.10. (23a3488)