Skip to content

5.3.0-alpha.27

Pre-release
Pre-release
Compare
Choose a tag to compare
@parseplatformorg parseplatformorg released this 29 Sep 23:02
· 657 commits to alpha since this release

5.3.0-alpha.27 (2022-09-29)

Bug Fixes

  • authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for Facebook or Spotify and where the server-side authentication adapter configuration appIds is set as a string (e.g. abc) instead of an array of strings (e.g. ["abc"]) (GHSA-r657-33vp-gp22) [skip release] (#8187) (8c8ec71)
  • session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects (GHSA-6w4q-23cf-j9jp) [skip release] (#8180) (37fed30)

Features

  • add option to change the default value of the Parse.Query.limit() constraint (#8152) (0388956)