Skip to content

feat: add support for MongoDB 6#8239

Closed
cool2apps wants to merge 12 commits intoalphafrom
release
Closed

feat: add support for MongoDB 6#8239
cool2apps wants to merge 12 commits intoalphafrom
release

Conversation

@cool2apps
Copy link
Copy Markdown

@cool2apps cool2apps commented Oct 14, 2022
edited by mtrezza
Loading

New Pull Request Checklist

Issue Description

Related issue: #8217

Approach

TODOs before merging

  • Add changes to documentation (guides, repository pages, in-code descriptions)
  • A changelog entry is created automatically using the pull request title (do not manually add a changelog entry)

mtrezza and others added 12 commits June 17, 2022 18:29
@mtrezza
fix: certificate in Apple Game Center auth adapter not validated; thi…
ba2b0a9 
…s fixes a security vulnerability in which authentication could be bypassed using a fake certificate; if you are using the Apple Gamer Center auth adapter it is your responsibility to keep its root certificate up-to-date and we advice you read the security advisory ([GHSA-rh9j-f5f8-rvgc](GHSA-rh9j-f5f8-rvgc))
@semantic-release-bot
chore(release): 5.2.2 [skip ci]
ed0baa8 
## [5.2.2](5.2.1...5.2.2) (2022-06-17)

### Bug Fixes

* certificate in Apple Game Center auth adapter not validated; this fixes a security vulnerability in which authentication could be bypassed using a fake certificate; if you are using the Apple Gamer Center auth adapter it is your responsibility to keep its root certificate up-to-date and we advice you read the security advisory ([GHSA-rh9j-f5f8-rvgc](GHSA-rh9j-f5f8-rvgc)) ([ba2b0a9](ba2b0a9))
@mtrezza
fix: invalid file request not properly handled; this fixes a security…
5be375d 
… vulnerability in which an invalid file request can crash the server ([GHSA-xw6g-jjvf-wwf9](GHSA-xw6g-jjvf-wwf9)) (#8060)
@semantic-release-bot
chore(release): 5.2.3 [skip ci]
eb2952f 
## [5.2.3](5.2.2...5.2.3) (2022-06-17)

### Bug Fixes

* invalid file request not properly handled; this fixes a security vulnerability in which an invalid file request can crash the server ([GHSA-xw6g-jjvf-wwf9](GHSA-xw6g-jjvf-wwf9)) ([#8060](#8060)) ([5be375d](5be375d))
@mtrezza
fix: protected fields exposed via LiveQuery; this removes protected f…
309f64c 
…ields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields ([GHSA-crrq-vr9j-fxxh](GHSA-crrq-vr9j-fxxh)) (#8074) (#8073)
@semantic-release-bot
chore(release): 5.2.4 [skip ci]
e42be5c 
## [5.2.4](5.2.3...5.2.4) (2022-06-30)

### Bug Fixes

* protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields ([GHSA-crrq-vr9j-fxxh](GHSA-crrq-vr9j-fxxh)) (#8074) ([#8073](#8073)) ([309f64c](309f64c))
@mtrezza
fix: brute force guessing of user sensitive data via search patterns;…
e39d51b 
… this fixes a security vulnerability in which internal and protected fields may be used as query constraints to guess the value of these fields and obtain sensitive data (GHSA-2m6g-crv8-p3c6) (#8144)
@semantic-release-bot
chore(release): 5.2.5 [skip ci]
83fd16c 
## [5.2.5](5.2.4...5.2.5) (2022-09-02)

### Bug Fixes

* brute force guessing of user sensitive data via search patterns; this fixes a security vulnerability in which internal and protected fields may be used as query constraints to guess the value of these fields and obtain sensitive data (GHSA-2m6g-crv8-p3c6) ([#8144](#8144)) ([e39d51b](e39d51b))
@mtrezza
fix: session object properties can be updated by foreign user; this f…
6d0b2f5 
…ixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](GHSA-6w4q-23cf-j9jp)) (#8182)
@semantic-release-bot
chore(release): 5.2.6 [skip ci]
7aac70c 
## [5.2.6](5.2.5...5.2.6) (2022-09-20)

### Bug Fixes

* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](GHSA-6w4q-23cf-j9jp)) ([#8182](#8182)) ([6d0b2f5](6d0b2f5))
@mtrezza
fix: authentication adapter app ID validation may be circumvented; th…
ecf0814 
…is fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](GHSA-r657-33vp-gp22)) (#8185)
@semantic-release-bot
chore(release): 5.2.7 [skip ci]
e6dc487 
## [5.2.7](5.2.6...5.2.7) (2022-09-20)

### Bug Fixes

* authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](GHSA-r657-33vp-gp22)) ([#8185](#8185)) ([ecf0814](ecf0814))
@parse-github-assistant
Copy link
Copy Markdown

parse-github-assistant bot commented Oct 14, 2022
edited
Loading

Thanks for opening this pull request!

  • 🎉 We are excited about your hands-on contribution!

@cool2apps cool2apps mentioned this pull request Oct 14, 2022
Closed
3 tasks
mtrezza
mtrezza requested changes Oct 14, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@mtrezza mtrezza left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You've based this PR on the release branch (it seems), please make a PR from the latest commit on the alpha branch.

@mtrezza mtrezza linked an issue Oct 14, 2022 that may be closed by this pull request
Add official support for MongoDB 6 #8217
Closed
3 tasks
@mtrezza mtrezza changed the title Release feat: add support for MongoDB 6.0 Oct 14, 2022
@mtrezza mtrezza changed the title feat: add support for MongoDB 6.0 feat: add support for MongoDB 6 Oct 14, 2022
cool2apps added a commit to cool2apps/parse-server that referenced this pull request Oct 14, 2022
@cool2apps
feat: add support for MongoDB 6
478e49a 
parse-community#8239
@cool2apps cool2apps mentioned this pull request Oct 14, 2022
Closed
4 tasks
@cool2apps
Copy link
Copy Markdown
Author

cool2apps commented Oct 14, 2022

You've based this PR on the release branch (it seems), please make a PR from the latest commit on the alpha branch.

Is this ok?

#8240

@mtrezza
Copy link
Copy Markdown
Member

mtrezza commented Oct 14, 2022

Closing as superseded by #8240

@mtrezza mtrezza closed this Oct 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtrezza mtrezza mtrezza requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add official support for MongoDB 6

3 participants

@cool2apps @mtrezza @semantic-release-bot