Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: invalid file request not properly handled [skip release] #8061

Merged
merged 5 commits into from
Jun 18, 2022
Merged

fix: invalid file request not properly handled [skip release] #8061

merged 5 commits into from
Jun 18, 2022

Commits on Jun 17, 2022

  1. fix: certificate in Apple Game Center auth adapter not validated; thi… 

    …s fixes a security vulnerability in which authentication could be bypassed using a fake certificate; if you are using the Apple Gamer Center auth adapter it is your responsibility to keep its root certificate up-to-date and we advice you read the security advisory ([GHSA-rh9j-f5f8-rvgc](GHSA-rh9j-f5f8-rvgc))
    @mtrezza
    mtrezza authored Jun 17, 2022
    Configuration menu
    Copy the full SHA
    ba2b0a9 View commit details
    Browse the repository at this point in the history

  2. chore(release): 5.2.2 [skip ci] 

    ## [5.2.2](parse-community/parse-server@5.2.1...5.2.2) (2022-06-17)

### Bug Fixes

* certificate in Apple Game Center auth adapter not validated; this fixes a security vulnerability in which authentication could be bypassed using a fake certificate; if you are using the Apple Gamer Center auth adapter it is your responsibility to keep its root certificate up-to-date and we advice you read the security advisory ([GHSA-rh9j-f5f8-rvgc](GHSA-rh9j-f5f8-rvgc)) ([ba2b0a9](parse-community@ba2b0a9))
    @semantic-release-bot
    semantic-release-bot committed Jun 17, 2022
    Configuration menu
    Copy the full SHA
    ed0baa8 View commit details
    Browse the repository at this point in the history

  3. fix: invalid file request not properly handled; this fixes a security… 

    … vulnerability in which an invalid file request can crash the server ([GHSA-xw6g-jjvf-wwf9](GHSA-xw6g-jjvf-wwf9)) (parse-community#8060)
    @mtrezza
    mtrezza authored Jun 17, 2022
    Configuration menu
    Copy the full SHA
    5be375d View commit details
    Browse the repository at this point in the history

  4. chore(release): 5.2.3 [skip ci] 

    ## [5.2.3](parse-community/parse-server@5.2.2...5.2.3) (2022-06-17)

### Bug Fixes

* invalid file request not properly handled; this fixes a security vulnerability in which an invalid file request can crash the server ([GHSA-xw6g-jjvf-wwf9](GHSA-xw6g-jjvf-wwf9)) ([parse-community#8060](parse-community#8060)) ([5be375d](parse-community@5be375d))
    @semantic-release-bot
    semantic-release-bot committed Jun 17, 2022
    Configuration menu
    Copy the full SHA
    eb2952f View commit details
    Browse the repository at this point in the history

  5. Merge branch 'beta' into backmerge

    @mtrezza
    mtrezza authored Jun 17, 2022
    Configuration menu
    Copy the full SHA
    73bcdbb View commit details
    Browse the repository at this point in the history