5.0.0-beta.8

5.0.0-beta.8 (2022-03-12)

Bug Fixes

• security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7843) (971adb5)

5.0.0-alpha.29

5.0.0-alpha.29 (2022-03-12)

Features

• bump required node engine to >=12.22.10 (#7846) (5ace99d)

BREAKING CHANGES

• This requires Node.js version >=12.22.10. (5ace99d)

5.0.0-alpha.28

5.0.0-alpha.28 (2022-03-12)

Bug Fixes

• security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7844) (e569f40)

5.0.0-alpha.27

5.0.0-alpha.27 (2022-03-12)

Reverts

• update node engine to 2.22.0 (#7827) (f235412)

4.10.7

4.10.7 (2022-03-11)

Bug Fixes

• security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7841) (886bfd7)

  Note that as part of the fix a new security feature scans for sensitive keywords in request data to prevent JavaScript prototype pollution. If such a keyword is found, the request is rejected with HTTP response code 400 and Parse Error 105 (INVALID_KEY_NAME). By default these keywords are: {_bsontype: "Code"}, constructor, __proto__. If you are using any of these keywords in your request data, you can override the default keywords by setting the new Parse Server option requestKeywordDenylist to [] and specify your own keywords as needed.

5.0.0-alpha.26

5.0.0-alpha.26 (2022-02-25)

Bug Fixes

• package.json & package-lock.json to reduce vulnerabilities (#7823) (5ca2288)

5.0.0-alpha.25

5.0.0-alpha.25 (2022-02-23)

Bug Fixes

• upgrade winston from 3.5.0 to 3.5.1 (#7820) (4af253d)

4.10.6

4.10.6 (2022-02-12)

Bug Fixes

• update graphql dependencies to work with Parse Dashboard (#7658) (350ecde)

4.10.5

4.10.5 (2022-02-12)

Bug Fixes

• security upgrade follow-redirects from 1.13.0 to 1.14.8 (#7803) (611332e)

5.0.0-beta.7

5.0.0-beta.7 (2022-02-10)

Bug Fixes

• security upgrade follow-redirects from 1.14.7 to 1.14.8 (#7802) (7029b27)