Skip to content

Latest commit

 

History

History
1545 lines (723 loc) · 103 KB

CHANGELOG_alpha.md

File metadata and controls

1545 lines (723 loc) · 103 KB
Raw

7.1.0-alpha.5 (2024-04-07)

Features

  • Prevent Parse Server start in case of unknown option in server configuration (#8987) (8758e6a)

7.1.0-alpha.4 (2024-03-31)

Features

7.1.0-alpha.3 (2024-03-24)

Bug Fixes

  • Rate limiting can fail when using Parse Server option rateLimit.redisUrl with clusters (#8632) (c277739)

7.1.0-alpha.2 (2024-03-24)

Features

  • Add server security check status security.enableCheck to Features Router (#8679) (b07ec15)

7.1.0-alpha.1 (2024-03-23)

Bug Fixes

  • Required option not handled correctly for special fields (File, GeoPoint, Polygon) on GraphQL API mutations (#8915) (907ad42)

Features

7.0.0-alpha.31 (2024-03-21)

Features

7.0.0-alpha.30 (2024-03-20)

Bug Fixes

  • Required option not handled correctly for special fields (File, GeoPoint, Polygon) on GraphQL API mutations (#8915) (907ad42)

7.0.0-alpha.29 (2024-03-19)

Bug Fixes

7.0.0-alpha.28 (2024-03-17)

Features

7.0.0-alpha.27 (2024-03-15)

Bug Fixes

  • CacheAdapter does not connect when using a CacheAdapter with a JSON config (#8633) (720d24e)

7.0.0-alpha.26 (2024-03-10)

Bug Fixes

  • Parse Server option fileExtensions default value rejects file extensions that are less than 3 or more than 4 characters long (#8699) (2760381)

7.0.0-alpha.25 (2024-03-05)

Features

  • Deprecation DEPPS5: Config option allowClientClassCreation defaults to false (#8849) (29624e0)

BREAKING CHANGES

  • The Parse Server option allowClientClassCreation defaults to false. (29624e0)

7.0.0-alpha.24 (2024-03-05)

Bug Fixes

  • Docker version releases by removing arm/v6 and arm/v7 support (#8976) (1f62dd0)

7.0.0-alpha.23 (2024-03-03)

Features

7.0.0-alpha.22 (2024-03-02)

Features

  • Switch GraphQL server from Yoga v2 to Apollo v4 (#8959) (105ae7c)

7.0.0-alpha.21 (2024-03-01)

Bug Fixes

  • Deny request if master key is not set in Parse Server option masterKeyIps regardless of ACL and CLP (#8957) (a7b5b38)

BREAKING CHANGES

  • A request using the master key will now be rejected as unauthorized if the IP from which the request originates is not set in the Parse Server option masterKeyIps, even if the request does not require the master key permission, for example for a public object in a public class class. (a7b5b38)

7.0.0-alpha.20 (2024-03-01)

Bug Fixes

  • Improve PostgreSQL injection detection; fixes security vulnerability GHSA-6927-3vr9-fxf2 which affects Parse Server deployments using a Postgres database (#8961) (cbefe77)

7.0.0-alpha.19 (2024-02-15)

Features

  • Node process exits with error code 1 on uncaught exception to allow custom uncaught exception handling (#8894) (70c280c)

BREAKING CHANGES

  • Node process now exits with code 1 on uncaught exceptions, enabling custom handlers that were blocked by Parse Server's default behavior of re-throwing errors. This change may lead to automatic process restarts by the environment, unlike before. (70c280c)

7.0.0-alpha.18 (2024-02-15)

Features

  • Deprecation DEPPS6: Authentication adapters disabled by default (#8858) (0cf58eb)

BREAKING CHANGES

  • Authentication adapters are disabled by default; to use an authentication adapter it needs to be explicitly enabled in the Parse Server authentication adapter option auth.<provider>.enabled: true (0cf58eb)

7.0.0-alpha.17 (2024-02-15)

Features

  • Deprecation DEPPS8: Parse Server option allowExpiredAuthDataToken defaults to false (#8860) (e29845f)

BREAKING CHANGES

  • Parse Server option allowExpiredAuthDataToken defaults to false; a 3rd party authentication token will be validated every time the user tries to log in and the login will fail if the token has expired; the effect of this change may differ for different authentication adapters, depending on the token lifetime and the token refresh logic of the adapter (e29845f)

7.0.0-alpha.16 (2024-02-14)

Features

  • Deprecation DEPPS9: LiveQuery fields option is renamed to keys (#8852) (38983e8)

BREAKING CHANGES

  • LiveQuery fields option is renamed to keys (38983e8)

7.0.0-alpha.15 (2024-02-14)

Features

  • Deprecation DEPPS7: Remove deprecated Cloud Code file trigger syntax (#8855) (4e6a375)

BREAKING CHANGES

  • Cloud Code file trigger syntax has been aligned with object trigger syntax, for example Parse.Cloud.beforeDeleteFile' has been changed to Parse.Cloud.beforeDelete(Parse.File, (request) => {})' (4e6a375)

7.0.0-alpha.14 (2024-02-14)

Bug Fixes

  • GraphQL file upload fails in case of use of pointer or relation (#8721) (1aba638)

7.0.0-alpha.13 (2024-02-14)

Bug Fixes

  • Docker image not published to Docker Hub on new release (#8905) (a2ac8d1)

7.0.0-alpha.12 (2024-02-14)

Features

  • Add support for Node 20, drop support for Node 14, 16 (#8907) (ced4872)

BREAKING CHANGES

  • Removes support for Node 14 and 16 (ced4872)

7.0.0-alpha.11 (2024-01-22)

Features

BREAKING CHANGES

  • Removes support for Postgres 11 and 12 (99489b2)

7.0.0-alpha.10 (2024-01-17)

Features

  • Add password validation via POST request for user with unverified email using master key and option ignoreEmailVerification (#8895) (633a9d2)

7.0.0-alpha.9 (2024-01-15)

Bug Fixes

  • Server crashes when receiving an array of Parse.Pointer in the request body (#8784) (66e3603)

7.0.0-alpha.8 (2024-01-15)

Bug Fixes

  • Incomplete user object in verifyEmail function if both username and email are changed (#8889) (1eb95ae)

7.0.0-alpha.7 (2024-01-14)

Bug Fixes

  • Username is undefined in email verification link on email change (#8887) (e315c13)

7.0.0-alpha.6 (2024-01-14)

Bug Fixes

  • Parse Server option emailVerifyTokenReuseIfValid: true generates new token on every email verification request (#8885) (0023ce4)

7.0.0-alpha.5 (2024-01-06)

Features

  • Add installationId, ip, resendRequest to arguments passed to verifyUserEmails on verification email request (#8873) (8adcbee)

BREAKING CHANGES

  • The Parse.User passed as argument if verifyUserEmails is set to a function is renamed from user to object for consistency with invocations of verifyUserEmails on signup or login; the user object is not a plain JavaScript object anymore but an instance of Parse.User (8adcbee)

7.0.0-alpha.4 (2023-12-27)

Features

  • Add Parse.User as function parameter to Parse Server options verifyUserEmails, preventLoginWithUnverifiedEmail on login (#8850) (972f630)

7.0.0-alpha.3 (2023-12-26)

Bug Fixes

  • Conditional email verification not working in some cases if verifyUserEmails, preventLoginWithUnverifiedEmail set to functions (#8838) (8e7a6b1)

Features

  • Allow Parse.Session.current on expired session token instead of throwing error (#8722) (f9dde4a)

BREAKING CHANGES

  • Parse.Session.current() no longer throws an error if the session token is expired, but instead returns the session token with its expiration date to allow checking its validity (f9dde4a)

7.0.0-alpha.2 (2023-12-17)

Features

  • Add installationId to arguments for verifyUserEmails, preventLoginWithUnverifiedEmail (#8836) (a22dbe1)

7.0.0-alpha.1 (2023-12-10)

Features

BREAKING CHANGES

  • Parse.Query no longer supports the BSON type code; although this feature was never officially documented, its removal is announced as a breaking change to protect deployments where it might be in use. (3de8494)

6.5.0-alpha.2 (2023-11-19)

Performance Improvements

  • Improved IP validation performance for masterKeyIPs, maintenanceKeyIPs (#8510) (b87daba)

6.5.0-alpha.1 (2023-11-18)

Bug Fixes

  • Context not passed to Cloud Code Trigger beforeFind when using Parse.Query.include (#8765) (7d32d89)
  • Parse Server option fileUpload.fileExtensions fails to determine file extension if filename contains multiple dots (#8754) (3d6d50e)
  • Security bump @babel/traverse from 7.20.5 to 7.23.2 (#8777) (2d6b3d1)
  • Security upgrade graphql from 16.6.0 to 16.8.1 (#8758) (71dfd8a)

Features

  • Add $setOnInsert operator to Parse.Server.database.update (#8791) (f630a45)
  • Add compatibility for MongoDB Atlas Serverless and AWS Amazon DocumentDB with collation options enableCollationCaseComparison, transformEmailToLowercase, transformUsernameToLowercase (#8805) (09fbeeb)
  • Add context to Cloud Code Triggers beforeLogin and afterLogin (#8724) (a9c34ef)
  • Allow setting createdAt and updatedAt during Parse.Object creation with maintenance key (#8696) (77bbfb3)
  • Upgrade Parse Server Push Adapter to 5.0.2 (#8813) (6ef1986)

6.4.0-alpha.8 (2023-11-13)

Features

  • Add compatibility for MongoDB Atlas Serverless and AWS Amazon DocumentDB with collation options enableCollationCaseComparison, transformEmailToLowercase, transformUsernameToLowercase (#8805) (09fbeeb)

6.4.0-alpha.7 (2023-10-25)

Features

  • Add $setOnInsert operator to Parse.Server.database.update (#8791) (f630a45)

6.4.0-alpha.6 (2023-10-18)

Bug Fixes

  • Security bump @babel/traverse from 7.20.5 to 7.23.2 (#8777) (2d6b3d1)

6.4.0-alpha.5 (2023-10-14)

Bug Fixes

  • Context not passed to Cloud Code Trigger beforeFind when using Parse.Query.include (#8765) (7d32d89)

6.4.0-alpha.4 (2023-09-29)

Features

  • Allow setting createdAt and updatedAt during Parse.Object creation with maintenance key (#8696) (77bbfb3)

6.4.0-alpha.3 (2023-09-23)

Bug Fixes

  • Parse Server option fileUpload.fileExtensions fails to determine file extension if filename contains multiple dots (#8754) (3d6d50e)

6.4.0-alpha.2 (2023-09-22)

Bug Fixes

  • Security upgrade graphql from 16.6.0 to 16.8.1 (#8758) (71dfd8a)

6.4.0-alpha.1 (2023-09-20)

Features

  • Add context to Cloud Code Triggers beforeLogin and afterLogin (#8724) (a9c34ef)

6.3.0-alpha.9 (2023-09-13)

Performance Improvements

  • Improve performance of recursive pointer iterations (#8741) (45a3ed0)

6.3.0-alpha.8 (2023-08-30)

Bug Fixes

  • Redis 4 does not reconnect after unhandled error (#8706) (2b3d4e5)

6.3.0-alpha.7 (2023-08-18)

Bug Fixes

  • Remove config logging when launching Parse Server via CLI (#8710) (ae68f0c)

6.3.0-alpha.6 (2023-07-17)

Bug Fixes

  • Parse Server option fileUpload.fileExtensions does not work with an array of extensions (#8688) (6a4a00c)

6.3.0-alpha.5 (2023-07-05)

Features

  • Add property Parse.Server.version to determine current version of Parse Server in Cloud Code (#8670) (a9d376b)

6.3.0-alpha.4 (2023-07-04)

Bug Fixes

  • Server does not start via CLI when auth option is set (#8666) (4e2000b)

6.3.0-alpha.3 (2023-06-23)

Features

6.3.0-alpha.2 (2023-06-20)

Features

  • Add conditional email verification via dynamic Parse Server options verifyUserEmails, sendUserEmailVerification that now accept functions (#8425) (44acd6d)

6.3.0-alpha.1 (2023-06-18)

Bug Fixes

  • Cloud Code Trigger afterSave executes even if not set (#8520) (afd0515)
  • GridFS file storage doesn't work with certain enableSchemaHooks settings (#8467) (d4cda4b)
  • Inaccurate table total row count for PostgreSQL (#8511) (0823a02)
  • LiveQuery server is not shut down properly when handleShutdown is called (#8491) (967700b)
  • Rate limit feature is incompatible with Node 14 (#8578) (f911f2c)
  • Unnecessary log entries by extendSessionOnUse (#8562) (fd6a007)

Features

  • extendSessionOnUse to automatically renew Parse Sessions (#8505) (6f885d3)
  • Add new Parse Server option preventSignupWithUnverifiedEmail to prevent returning a user without session token on sign-up with unverified email address (#8451) (82da308)
  • Add option to change the log level of logs emitted by Cloud Functions (#8530) (2caea31)
  • Add support for $eq query constraint in LiveQuery (#8614) (656d673)
  • Add zones for rate limiting by ip, user, session, global (#8508) (03fba97)
  • Allow Parse.Object pointers in Cloud Code arguments (#8490) (28aeda3)

Reverts

  • fix: Inaccurate table total row count for PostgreSQL (6722110)

6.1.0-alpha.20 (2023-06-09)

Features

  • Add zones for rate limiting by ip, user, session, global (#8508) (03fba97)

6.1.0-alpha.19 (2023-06-08)

Bug Fixes

  • LiveQuery server is not shut down properly when handleShutdown is called (#8491) (967700b)

6.1.0-alpha.18 (2023-06-08)

Features

  • Add support for $eq query constraint in LiveQuery (#8614) (656d673)

6.1.0-alpha.17 (2023-06-07)

Features

  • Add new Parse Server option preventSignupWithUnverifiedEmail to prevent returning a user without session token on sign-up with unverified email address (#8451) (82da308)

6.1.0-alpha.16 (2023-05-28)

Reverts

  • fix: Inaccurate table total row count for PostgreSQL (6722110)

6.1.0-alpha.15 (2023-05-28)

Bug Fixes

  • Inaccurate table total row count for PostgreSQL (#8511) (0823a02)

6.1.0-alpha.14 (2023-05-27)

Bug Fixes

  • Unnecessary log entries by extendSessionOnUse (#8562) (fd6a007)

Features

  • Allow Parse.Object pointers in Cloud Code arguments (#8490) (28aeda3)

6.1.0-alpha.13 (2023-05-25)

Bug Fixes

  • Rate limit feature is incompatible with Node 14 (#8578) (f911f2c)

6.1.0-alpha.12 (2023-05-19)

Bug Fixes

  • GridFS file storage doesn't work with certain enableSchemaHooks settings (#8467) (d4cda4b)

6.1.0-alpha.11 (2023-05-17)

Features

  • extendSessionOnUse to automatically renew Parse Sessions (#8505) (6f885d3)

6.1.0-alpha.10 (2023-05-12)

Bug Fixes

  • Cloud Code Trigger afterSave executes even if not set (#8520) (afd0515)

6.1.0-alpha.9 (2023-05-09)

Features

  • Add option to change the log level of logs emitted by Cloud Functions (#8530) (2caea31)

6.1.0-alpha.8 (2023-05-01)

Features

  • Allow multiple origins for header Access-Control-Allow-Origin (#8517) (4f15539)

6.1.0-alpha.7 (2023-03-10)

Bug Fixes

  • Rate limiting across multiple servers via Redis not working (#8469) (d9e347d)

6.1.0-alpha.6 (2023-03-06)

Features

  • Add rate limiting across multiple servers via Redis (#8394) (34833e4)

6.1.0-alpha.5 (2023-03-06)

Bug Fixes

  • LiveQuery can return incorrectly formatted date (#8456) (4ce135a)

6.1.0-alpha.4 (2023-03-06)

Bug Fixes

  • Parameters missing in afterFind trigger of authentication adapters (#8458) (ce34747)

6.1.0-alpha.3 (2023-03-06)

Features

  • Add afterFind trigger to authentication adapters (#8444) (c793bb8)

6.1.0-alpha.2 (2023-03-05)

Bug Fixes

  • Nested date is incorrectly decoded as empty object {} when fetching a Parse Object (#8446) (22d2446)

6.1.0-alpha.1 (2023-03-03)

Bug Fixes

Features

  • Add option schemaCacheTtl for schema cache pulling as alternative to enableSchemaHooks (#8436) (b3b76de)
  • Add Parse Server option resetPasswordSuccessOnInvalidEmail to choose success or error response on password reset with invalid email (#7551) (e5d610e)
  • Deprecate LiveQuery fields option in favor of keys for semantic consistency (#8388) (a49e323)
  • Export AuthAdapter to make it available for extension with custom authentication adapters (#8443) (40c1961)

6.0.0-alpha.35 (2023-02-27)

Features

  • Add option schemaCacheTtl for schema cache pulling as alternative to enableSchemaHooks (#8436) (b3b76de)

6.0.0-alpha.34 (2023-02-24)

Features

  • Add Parse Server option resetPasswordSuccessOnInvalidEmail to choose success or error response on password reset with invalid email (#7551) (e5d610e)

6.0.0-alpha.33 (2023-02-17)

Features

  • Deprecate LiveQuery fields option in favor of keys for semantic consistency (#8388) (a49e323)

6.0.0-alpha.32 (2023-02-07)

Bug Fixes

6.0.0-alpha.31 (2023-01-31)

Bug Fixes

6.0.0-alpha.30 (2023-01-27)

Bug Fixes

  • Schema without class level permissions may cause error (#8409) (aa2cd51)

6.0.0-alpha.29 (2023-01-26)

Features

6.0.0-alpha.28 (2023-01-25)

Bug Fixes

  • Rate limiter may reject requests that contain a session token (#8399) (c114dc8)

6.0.0-alpha.27 (2023-01-23)

Bug Fixes

  • ParseServer.verifyServerUrl may fail if server response headers are missing; remove unnecessary logging (#8391) (1c37a7c)

6.0.0-alpha.26 (2023-01-20)

Bug Fixes

  • ES6 modules do not await the import of Cloud Code files (#8368) (a7bd180)

6.0.0-alpha.25 (2023-01-16)

Features

  • Add ParseQuery.watch to trigger LiveQuery only on update of specific fields (#8028) (fc92faa)

6.0.0-alpha.24 (2023-01-09)

Features

  • Reduce Docker image size by improving stages (#8359) (40810b4)

BREAKING CHANGES

  • The Docker image does not contain the git dependency anymore; if you have been using git as a transitive dependency it now needs to be explicitly installed in your Docker file, for example with RUN apk --no-cache add git (#8359) (40810b4)

6.0.0-alpha.23 (2023-01-08)

Features

  • Access the internal scope of Parse Server using the new maintenanceKey; the internal scope contains unofficial and undocumented fields (prefixed with underscore _) which are used internally by Parse Server; you may want to manipulate these fields for out-of-band changes such as data migration or correction tasks; changes within the internal scope of Parse Server may happen at any time without notice or changelog entry, it is therefore recommended to look at the source code of Parse Server to understand the effects of manipulating internal fields before using the key; it is discouraged to use the maintenanceKey for routine operations in a production environment; see access scopes (#8212) (f3bcc93)

BREAKING CHANGES

  • Fields in the internal scope of Parse Server (prefixed with underscore _) are only returned using the new maintenanceKey; previously the masterKey allowed reading of internal fields; see access scopes for a comparison of the keys' access permissions (#8212) (f3bcc93)

6.0.0-alpha.22 (2023-01-08)

Features

  • Adapt verifyServerUrl for new asynchronous Parse Server start-up states (#8366) (ffa4974)

BREAKING CHANGES

  • The method ParseServer.verifyServerUrl now returns a promise instead of a callback. (ffa4974)

6.0.0-alpha.21 (2023-01-06)

Features

  • Add request rate limiter based on IP address (#8174) (6c79f6a)

6.0.0-alpha.20 (2023-01-06)

Features

6.0.0-alpha.19 (2023-01-05)

Features

  • Remove deprecation DEPPS1: Native MongoDB syntax in aggregation pipeline (#8362) (d0d30c4)

BREAKING CHANGES

  • The MongoDB aggregation pipeline requires native MongoDB syntax instead of the custom Parse Server syntax; for example pipeline stage names require a leading dollar sign like $match and the MongoDB document ID is referenced using _id instead of objectId (#8362) (d0d30c4)

6.0.0-alpha.18 (2023-01-05)

Bug Fixes

  • The client IP address may be determined incorrectly in some cases; this fixes a security vulnerability in which the Parse Server option masterKeyIps may be circumvented, see GHSA-vm5r-c87r-pf6x (#8372) (892040d)

BREAKING CHANGES

  • The mechanism to determine the client IP address has been rewritten; to correctly determine the IP address it is now required to set the Parse Server option trustProxy accordingly if Parse Server runs behind a proxy server, see the express framework's trust proxy setting (#8372) (892040d)

6.0.0-alpha.17 (2022-12-22)

Features

  • Upgrade Node Package Manager lock file package-lock.json to version 2 (#8285) (ee72467)

BREAKING CHANGES

  • The Node Package Manager lock file package-lock.json is upgraded to version 2; while it is backwards with version 1 for the npm installer, consider this if you run any non-npm analysis tools that use the lock file (#8285) (ee72467)

6.0.0-alpha.16 (2022-12-21)

Features

  • Asynchronous initialization of Parse Server (#8232) (99fcf45)

BREAKING CHANGES

  • This release introduces the asynchronous initialization of Parse Server to prevent mounting Parse Server before being ready to receive request; it changes how Parse Server is imported, initialized and started; it also removes the callback serverStartComplete; see the Parse Server 6 migration guide for more details (#8232) (99fcf45)

6.0.0-alpha.15 (2022-12-20)

Bug Fixes

  • Nested objects are encoded incorrectly for MongoDB (#8209) (1412666)

BREAKING CHANGES

  • Nested objects are now properly stored in the database using JSON serialization; previously, due to a bug only top-level objects were serialized, but nested objects were saved as raw JSON; for example, a nested Date object was saved as a JSON object like { "__type": "Date", "iso": "2020-01-01T00:00:00.000Z" } instead of its serialized representation 2020-01-01T00:00:00.000Z (#8209) (1412666)

6.0.0-alpha.14 (2022-12-16)

Features

  • Write log entry when request with master key is rejected as outside of masterKeyIps (#8350) (e22b73d)

6.0.0-alpha.13 (2022-12-07)

Features

  • Add option to change the log level of the logs emitted by triggers (#8328) (8f3b694)

6.0.0-alpha.12 (2022-11-26)

Features

6.0.0-alpha.11 (2022-11-25)

Bug Fixes

  • Parse Server option masterKeyIps does not include localhost by default for IPv6 (#8322) (ab82635)

6.0.0-alpha.10 (2022-11-19)

Bug Fixes

  • Cloud Code trigger beforeSave does not work with Parse.Role (#8320) (f29d972)

6.0.0-alpha.9 (2022-11-16)

Features

  • Remove deprecation DEPPS3: Config option enforcePrivateUsers defaults to true (#8283) (ed499e3)

BREAKING CHANGES

  • The Parse Server option enforcePrivateUsers is set to true by default; in previous releases this option defaults to false; this change improves the default security configuration of Parse Server (#8283) (ed499e3)

6.0.0-alpha.8 (2022-11-11)

Features

  • Restrict use of masterKey to localhost by default (#8281) (6c16021)

BREAKING CHANGES

  • This release restricts the use of masterKey to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (#8281) (6c16021)

6.0.0-alpha.7 (2022-11-11)

Features

BREAKING CHANGES

  • This release upgrades to Redis 4; if you are using the Redis cache adapter with Parse Server then this is a breaking change as the Redis client options have changed; see the Redis migration guide for more details (#8293) (7d622f0)

6.0.0-alpha.6 (2022-11-10)

Features

BREAKING CHANGES

  • This release removes support for MongoDB 4.0; the new minimum supported MongoDB version is 4.2. which also removes support for the deprecated MongoDB MMAPv1 storage engine (37245f6)

6.0.0-alpha.5 (2022-11-10)

Bug Fixes

  • Throwing error in Cloud Code Triggers afterLogin, afterLogout crashes server (#8280) (130d290)

BREAKING CHANGES

  • Throwing an error in Cloud Code Triggers afterLogin, afterLogout returns a rejected promise; in previous releases it crashed the server if you did not handle the error on the Node.js process level; consider adapting your code if your app currently handles these errors on the Node.js process level with process.on('unhandledRejection', ...) (130d290)

6.0.0-alpha.4 (2022-11-10)

Features

  • Remove deprecation DEPPS2: Config option directAccess defaults to true (#8284) (f535ee6)

BREAKING CHANGES

  • Config option directAccess defaults to true; set this to false in environments where multiple Parse Server instances run behind a load balancer and Parse requests within the current Node.js environment should be routed via the load balancer and distributed as HTTP requests among all instances via the serverURL. (f535ee6)

6.0.0-alpha.3 (2022-11-10)

Features

  • Remove deprecation DEPPS4: Remove convenience method for http request Parse.Cloud.httpRequest (#8287) (2d79c08)

BREAKING CHANGES

  • The convenience method for HTTP requests Parse.Cloud.httpRequest is removed; use your preferred 3rd party library for making HTTP requests (2d79c08)

6.0.0-alpha.2 (2022-11-10)

Features

  • Improve authentication adapter interface to support multi-factor authentication (MFA), authentication challenges, and provide a more powerful interface for writing custom authentication adapters (#8156) (5bbf9ca)

6.0.0-alpha.1 (2022-11-10)

Bug Fixes

BREAKING CHANGES

  • This release removes Node 12 and Node 17 support (2546cc8)

5.4.0-alpha.1 (2022-10-31)

Bug Fixes

  • authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for Facebook or Spotify and where the server-side authentication adapter configuration appIds is set as a string (e.g. abc) instead of an array of strings (e.g. ["abc"]) (GHSA-r657-33vp-gp22) [skip release] (#8187) (8c8ec71)
  • brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) (#8146) [skip release] (4c0c7c7)
  • certificate in Apple Game Center auth adapter not validated [skip release] (#8058) (75af9a2)
  • graphQL query ignores condition equalTo with value false (#8032) (7f5a15d)
  • internal indices for classes _Idempotency and _Role are not protected in defined schema (#8121) (c16f529)
  • invalid file request not properly handled [skip release] (#8062) (4c9e956)
  • liveQuery with containedIn not working when object field is an array (#8128) (1d9605b)
  • protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] (#8076) (9fd4516)
  • push notifications badge doesn't update with Installation beforeSave trigger (#8162) (3c75c2b)
  • query aggregation pipeline cannot handle value of type Date when directAccess: true (#8167) (e424137)
  • relation constraints in compound queries Parse.Query.or, Parse.Query.and not working (#8203) (28f0d26)
  • security upgrade undici from 5.6.0 to 5.8.0 (#8108) (4aa016b)
  • server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests (GHSA-h423-w6qv-2wj3) [skip release] (#8238) (c03908f)
  • session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects (GHSA-6w4q-23cf-j9jp) [skip release] (#8180) (37fed30)
  • sorting by non-existing value throws INVALID_SERVER_ERROR on Postgres (#8157) (3b775a1)
  • updating object includes unchanged keys in client response for certain key types (#8159) (37af1d7)

Features

  • add convenience access to Parse Server configuration in Cloud Code via Parse.Server (#8244) (9f11115)
  • add option to change the default value of the Parse.Query.limit() constraint (#8152) (0388956)
  • add support for MongoDB 6 (#8242) (aba0081)
  • add support for Postgres 15 (#8215) (2feb6c4)
  • liveQuery support for unsorted distance queries (#8221) (0f763da)

5.3.0-alpha.32 (2022-10-29)

Features

  • add convenience access to Parse Server configuration in Cloud Code via Parse.Server (#8244) (9f11115)

5.3.0-alpha.31 (2022-10-24)

Bug Fixes

  • relation constraints in compound queries Parse.Query.or, Parse.Query.and not working (#8203) (28f0d26)

5.3.0-alpha.30 (2022-10-17)

Features

5.3.0-alpha.29 (2022-10-15)

Bug Fixes

  • server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests (GHSA-h423-w6qv-2wj3) [skip release] (#8238) (c03908f)

Features

5.3.0-alpha.28 (2022-10-11)

Features

  • liveQuery support for unsorted distance queries (#8221) (0f763da)

5.3.0-alpha.27 (2022-09-29)

Bug Fixes

  • authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for Facebook or Spotify and where the server-side authentication adapter configuration appIds is set as a string (e.g. abc) instead of an array of strings (e.g. ["abc"]) (GHSA-r657-33vp-gp22) [skip release] (#8187) (8c8ec71)
  • session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects (GHSA-6w4q-23cf-j9jp) [skip release] (#8180) (37fed30)

Features

  • add option to change the default value of the Parse.Query.limit() constraint (#8152) (0388956)

5.3.0-alpha.26 (2022-09-17)

Bug Fixes

  • sorting by non-existing value throws INVALID_SERVER_ERROR on Postgres (#8157) (3b775a1)

5.3.0-alpha.25 (2022-09-17)

Bug Fixes

  • updating object includes unchanged keys in client response for certain key types (#8159) (37af1d7)

5.3.0-alpha.24 (2022-09-17)

Bug Fixes

  • query aggregation pipeline cannot handle value of type Date when directAccess: true (#8167) (e424137)

5.3.0-alpha.23 (2022-09-17)

Bug Fixes

  • liveQuery with containedIn not working when object field is an array (#8128) (1d9605b)

5.3.0-alpha.22 (2022-09-16)

Bug Fixes

  • brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) (#8146) [skip release] (4c0c7c7)
  • push notifications badge doesn't update with Installation beforeSave trigger (#8162) (3c75c2b)

5.3.0-alpha.21 (2022-08-05)

Bug Fixes

  • internal indices for classes _Idempotency and _Role are not protected in defined schema (#8121) (c16f529)

5.3.0-alpha.20 (2022-07-22)

Bug Fixes

  • security upgrade undici from 5.6.0 to 5.8.0 (#8108) (4aa016b)

5.3.0-alpha.19 (2022-07-03)

Bug Fixes

  • certificate in Apple Game Center auth adapter not validated [skip release] (#8058) (75af9a2)
  • graphQL query ignores condition equalTo with value false (#8032) (7f5a15d)
  • invalid file request not properly handled [skip release] (#8062) (4c9e956)
  • protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] (#8076) (9fd4516)

5.3.0-alpha.18 (2022-06-17)

Bug Fixes

  • auto-release process may fail if optional back-merging task fails (#8051) (cf925e7)

5.3.0-alpha.17 (2022-06-17)

Bug Fixes

  • errors in GraphQL do not show the original error but a general Unexpected Error (#8045) (0d81887)
  • websocket connection of LiveQuery interrupts frequently (#8048) (03caae1)

5.3.0-alpha.16 (2022-06-11)

Bug Fixes

  • live query role cache does not clear when a user is added to a role (#8026) (199dfc1)

5.3.0-alpha.15 (2022-06-05)

Bug Fixes

  • interrupted WebSocket connection not closed by LiveQuery server (#8012) (2d5221e)

5.3.0-alpha.14 (2022-05-29)

Features

  • align file trigger syntax with class trigger; use the new syntax Parse.Cloud.beforeSave(Parse.File, (request) => {}), the old syntax Parse.Cloud.beforeSaveFile((request) => {}) has been deprecated (#7966) (c6dcad8)

5.3.0-alpha.13 (2022-05-28)

Features

  • selectively enable / disable default authentication adapters (#7953) (c1e808f)

5.3.0-alpha.12 (2022-05-20)

Bug Fixes

  • afterSave trigger removes pointer in Parse object (#7913) (47d796e)

5.3.0-alpha.11 (2022-05-18)

Features

  • replace GraphQL Apollo with GraphQL Yoga (#7967) (1aa2204)

5.3.0-alpha.10 (2022-05-09)

Features

5.3.0-alpha.9 (2022-05-07)

Bug Fixes

  • depreciate allowClientClassCreation defaulting to true (#7925) (38ed96a)

5.3.0-alpha.8 (2022-05-06)

Features

5.3.0-alpha.7 (2022-04-25)

Bug Fixes

  • security upgrade @parse/fs-files-adapter from 1.2.1 to 1.2.2 (#7948) (20fc4e2)

5.3.0-alpha.6 (2022-04-11)

Bug Fixes

  • peer dependency mismatch for GraphQL dependencies (#7934) (b7a1d76)

5.3.0-alpha.5 (2022-04-09)

Bug Fixes

  • security upgrade moment from 2.29.1 to 2.29.2 (#7931) (6b68593)

5.3.0-alpha.4 (2022-04-04)

Bug Fixes

  • custom database options are not passed to MongoDB GridFS (#7911) (a72b384)

5.3.0-alpha.3 (2022-03-27)

Features

5.3.0-alpha.2 (2022-03-27)

Bug Fixes

  • security upgrade parse push adapter from 4.1.0 to 4.1.2 (#7893) (ef56e98)

5.3.0-alpha.1 (2022-03-27)

Features

5.2.1-alpha.2 (2022-03-26)

Performance Improvements

  • reduce database operations when using the constant parameter in Cloud Function validation (#7892) (48bd512)

5.2.1-alpha.1 (2022-03-26)

Bug Fixes

  • return correct response when revert is used in beforeSave (#7839) (f63fb2b)

5.2.0-alpha.3 (2022-03-24)

Bug Fixes

  • security bump minimist from 1.2.5 to 1.2.6 (#7884) (c5cf282)

5.2.0-alpha.2 (2022-03-24)

Bug Fixes

  • sensitive keyword detection may produce false positives (#7881) (0d6f9e9)

5.2.0-alpha.1 (2022-03-23)

Features

  • improved LiveQuery error logging with additional information (#7837) (443a509)

5.0.0-alpha.29 (2022-03-12)

Features

BREAKING CHANGES

  • This requires Node.js version >=12.22.10. (5ace99d)

5.0.0-alpha.28 (2022-03-12)

Bug Fixes

  • security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7844) (e569f40)

5.0.0-alpha.27 (2022-03-12)

Reverts

5.0.0-alpha.26 (2022-02-25)

Bug Fixes

  • package.json & package-lock.json to reduce vulnerabilities (#7823) (5ca2288)

5.0.0-alpha.25 (2022-02-23)

Bug Fixes

5.0.0-alpha.24 (2022-02-10)

Bug Fixes

  • security upgrade follow-redirects from 1.14.7 to 1.14.8 (#7801) (70088a9)

5.0.0-alpha.23 (2022-02-06)

Bug Fixes

  • server crash using GraphQL due to missing @apollo/client peer dependency (#7787) (08089d6)

5.0.0-alpha.22 (2022-02-06)

Features

  • upgrade to MongoDB Node.js driver 4.x for MongoDB 5.0 support (#7794) (f88aa2a)

BREAKING CHANGES

  • The MongoDB GridStore adapter has been removed. By default, Parse Server already uses GridFS, so if you do not manually use the GridStore adapter, you can ignore this change. (f88aa2a)

5.0.0-alpha.21 (2022-01-25)

Features

  • add Cloud Code context to ParseObject.fetch (#7779) (315290d)

5.0.0-alpha.20 (2022-01-22)

Bug Fixes

5.0.0-alpha.19 (2022-01-22)

Bug Fixes

5.0.0-alpha.18 (2022-01-13)

Bug Fixes

  • security upgrade follow-redirects from 1.14.6 to 1.14.7 (#7769) (8f5a861)

5.0.0-alpha.17 (2022-01-13)

Bug Fixes

5.0.0-alpha.16 (2022-01-02)

Features

5.0.0-alpha.15 (2022-01-02)

Features

  • support postgresql protocol in database URI (#7757) (caf4a23)

5.0.0-alpha.14 (2022-01-02)

Features

  • support relativeTime query constraint on Postgres (#7747) (16b1b2a)

5.0.0-alpha.13 (2021-12-08)

Bug Fixes

  • node engine compatibility did not include node 16 (#7739) (ea7c014)

5.0.0-alpha.12 (2021-12-06)

Bug Fixes

  • adding or modifying a nested property requires addField permissions (#7679) (6a6248b)

5.0.0-alpha.11 (2021-11-29)

Bug Fixes

5.0.0-alpha.10 (2021-11-29)

Bug Fixes

5.0.0-alpha.9 (2021-11-27)

Bug Fixes

  • unable to use objectId size higher than 19 on GraphQL API (#7627) (ed86c80)

5.0.0-alpha.8 (2021-11-18)

Features

BREAKING CHANGES

  • Removes official Node 15 support which has reached it end-of-life date. (45cc58c)

5.0.0-alpha.7 (2021-11-12)

Bug Fixes

  • node engine range has no upper limit to exclude incompatible node versions (#7692) (573558d)

5.0.0-alpha.6 (2021-11-10)

Reverts

  • refactor: allow ES import for cloud string if package type is module (b64640c)

5.0.0-alpha.5 (2021-11-01)

Features

5.0.0-alpha.4 (2021-10-31)

Features

5.0.0-alpha.3 (2021-10-29)

Bug Fixes

  • combined and query with relational query condition returns incorrect results (#7593) (174886e)

5.0.0-alpha.2 (2021-10-27)

Bug Fixes

  • setting a field to null does not delete it via GraphQL API (#7649) (626fad2)

BREAKING CHANGES

  • To delete a field via the GraphQL API, the field value has to be set to null. Previously, setting a field value to null would save a null value in the database, which was not according to the GraphQL specs. To delete a file field use file: null, the previous way of using file: { file: null } has become obsolete. (626fad2)

5.0.0-alpha.1 (2021-10-12)

Breaking Changes

  • Improved schema caching through database real-time hooks. Reduces DB queries, decreases Parse Query execution time and fixes a potential schema memory leak. If multiple Parse Server instances connect to the same DB (for example behind a load balancer), set the Parse Server Option databaseOptions.enableSchemaHooks: true to enable this feature and keep the schema in sync across all instances. Failing to do so will cause a schema change to not propagate to other instances and re-syncing will only happen when these instances restart. The options enableSingleSchemaCache and schemaCacheTTL have been removed. To use this feature with MongoDB, a replica set cluster with change stream support is required. (Diamond Lewis, SebC) #7214
  • Added file upload restriction. File upload is now only allowed for authenticated users by default for improved security. To allow file upload also for Anonymous Users or Public, set the fileUpload parameter in the Parse Server Options (dblythy, Manuel Trezza) #7071
  • Removed parse-server-simple-mailgun-adapter dependency; to continue using the adapter it has to be explicitly installed (Manuel Trezza) #7321
  • Remove support for MongoDB 3.6 which has reached its End-of-Life date and PostgreSQL 10 (Manuel Trezza) #7315
  • Remove support for Node 10 which has reached its End-of-Life date (Manuel Trezza) #7314
  • Remove S3 Files Adapter from Parse Server, instead install separately as @parse/s3-files-adapter (Manuel Trezza) #7324
  • Remove Session field restricted; the field was a code artifact from a feature that never existed in Open Source Parse Server; if you have been using this field for custom purposes, consider that for new Parse Server installations the field does not exist anymore in the schema, and for existing installations the field default value false will not be set anymore when creating a new session (Manuel Trezza) #7543
  • ci: add node engine version check (Manuel Trezza) #7574

Notable Changes

  • Alphabetical ordered GraphQL API, improved GraphQL Schema cache system and fix GraphQL input reassign issue (Moumouls) #7344
  • Added Parse Server Security Check to report weak security settings (Manuel Trezza, dblythy) #7247
  • EXPERIMENTAL: Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification (Manuel Trezza) #7128
  • EXPERIMENTAL: Added custom routes to easily customize flows for password reset, email verification or build entirely new flows (Manuel Trezza) #7231
  • Added Deprecation Policy to govern the introduction of breaking changes in a phased pattern that is more predictable for developers (Manuel Trezza) #7199
  • Add REST API endpoint /loginAs to create session of any user with master key; allows to impersonate another user. (GormanFletcher) #7406
  • Add official support for MongoDB 5.0 (Manuel Trezza) #7469
  • Added Parse Server Configuration enforcePrivateUsers, which will remove public access by default on new Parse.Users (dblythy) #7319

Other Changes

  • Support native mongodb syntax in aggregation pipelines (Raschid JF Rafeally) #7339
  • Fix error when a not yet inserted job is updated (Antonio Davi Macedo Coelho de Castro) #7196
  • request.context for afterFind triggers (dblythy) #7078
  • Winston Logger interpolating stdout to console (dplewis) #7114
  • Added convenience method Parse.Cloud.sendEmail(...) to send email via email adapter in Cloud Code (dblythy) #7089
  • LiveQuery support for $and, $nor, $containedBy, $geoWithin, $geoIntersects queries (dplewis) #7113
  • Supporting patterns in LiveQuery server's config parameter classNames (Nes-si) #7131
  • Added requireAnyUserRoles and requireAllUserRoles for Parse Cloud validator (dblythy) #7097
  • Support Facebook Limited Login (miguel-s) #7219
  • Removed Stage name check on aggregate pipelines (BRETT71) #7237
  • Retry transactions on MongoDB when it fails due to transient error (Antonio Davi Macedo Coelho de Castro) #7187
  • Bump tests to use Mongo 4.4.4 (Antonio Davi Macedo Coelho de Castro) #7184
  • Added new account lockout policy option accountLockout.unlockOnPasswordReset to automatically unlock account on password reset (Manuel Trezza) #7146
  • Test Parse Server continuously against all recent MongoDB versions that have not reached their end-of-life support date, added MongoDB compatibility table to Parse Server docs (Manuel Trezza) #7161
  • Test Parse Server continuously against all recent Node.js versions that have not reached their end-of-life support date, added Node.js compatibility table to Parse Server docs (Manuel Trezza) 7161
  • Throw error on invalid Cloud Function validation configuration (dblythy) #7154
  • Allow Cloud Validator options to be async (dblythy) #7155
  • Optimize queries on classes with pointer permissions (Pedro Diaz) #7061
  • Test Parse Server continuously against all relevant Postgres versions (minor versions), added Postgres compatibility table to Parse Server docs (Corey Baker) #7176
  • Randomize test suite (Diamond Lewis) #7265
  • LDAP: Properly unbind client on group search error (Diamond Lewis) #7265
  • Improve data consistency in Push and Job Status update (Diamond Lewis) #7267
  • Excluding keys that have trailing edges.node when performing GraphQL resolver (Chris Bland) #7273
  • Added centralized feature deprecation with standardized warning logs (Manuel Trezza) #7303
  • Use Node.js 15.13.0 in CI (Olle Jonsson) #7312
  • Fix file upload issue for S3 compatible storage (Linode, DigitalOcean) by avoiding empty tags property when creating a file (Ali Oguzhan Yildiz) #7300
  • Add building Docker image as CI check (Manuel Trezza) #7332
  • Add NPM package-lock version check to CI (Manuel Trezza) #7333
  • Fix incorrect LiveQuery events triggered for multiple subscriptions on the same class with different events #7341
  • Fix select and excludeKey queries to properly accept JSON string arrays. Also allow nested fields in exclude (Corey Baker) #7242
  • Fix LiveQuery server crash when using $all query operator on a missing object key (Jason Posthuma) #7421
  • Added runtime deprecation warnings (Manuel Trezza) #7451
  • Add ability to pass context of an object via a header, X-Parse-Cloud-Context, for Cloud Code triggers. The header addition allows client SDK's to add context without injecting _context in the body of JSON objects (Corey Baker) #7437
  • Add CI check to add changelog entry (Manuel Trezza) #7512
  • Refactor: uniform issue templates across repos (Manuel Trezza) #7528
  • ci: bump ci environment (Manuel Trezza) #7539
  • CI now pushes docker images to Docker Hub (Corey Baker) #7548
  • Allow afterFind and afterLiveQueryEvent to set unsaved pointers and keys (dblythy) #7310
  • Allow setting descending sort to full text queries (dblythy) #7496
  • Allow cloud string for ES modules (Daniel Blyth) #7560
  • docs: Introduce deprecation ID for reference in comments and online search (Manuel Trezza) #7562
  • refactor: deprecate Parse.Cloud.httpRequest; it is recommended to use a HTTP library instead. (Daniel Blyth) #7595
  • refactor: Modernize HTTPRequest tests (brandongregoryscott) #7604
  • Allow liveQuery on Session class (Daniel Blyth) #7554