Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: parse-community/parse-server
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 5.2.5
Choose a base ref
...
head repository: parse-community/parse-server
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 5.2.6
Choose a head ref
  • 2 commits
  • 5 files changed
  • 2 contributors

Commits on Sep 20, 2022

  1. fix: session object properties can be updated by foreign user; this f… 

    …ixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](GHSA-6w4q-23cf-j9jp)) (#8182)
    @mtrezza
    mtrezza authored Sep 20, 2022
    Configuration menu
    Copy the full SHA
    6d0b2f5 View commit details
    Browse the repository at this point in the history

  2. chore(release): 5.2.6 [skip ci] 

    ## [5.2.6](5.2.5...5.2.6) (2022-09-20)

### Bug Fixes

* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](GHSA-6w4q-23cf-j9jp)) ([#8182](#8182)) ([6d0b2f5](6d0b2f5))
    @semantic-release-bot
    semantic-release-bot committed Sep 20, 2022
    Configuration menu
    Copy the full SHA
    7aac70c View commit details
    Browse the repository at this point in the history
Loading