Skip to content

Commit

Permalink
chore(release): 6.0.0-alpha.18 [skip ci]
Browse files Browse the repository at this point in the history 
# [6.0.0-alpha.18](6.0.0-alpha.17...6.0.0-alpha.18) (2023-01-05)

### Bug Fixes

* The client IP address may be determined incorrectly in some cases; this fixes a security vulnerability in which the Parse Server option `masterKeyIps` may be circumvented, see [GHSA-vm5r-c87r-pf6x](GHSA-vm5r-c87r-pf6x) ([#8372](#8372)) ([892040d](892040d))

### BREAKING CHANGES

* The mechanism to determine the client IP address has been rewritten; to correctly determine the IP address it is now required to set the Parse Server option `trustProxy` accordingly if Parse Server runs behind a proxy server, see the express framework's [trust proxy](https://expressjs.com/en/guide/behind-proxies.html) setting (#8372) ([892040d](892040d))
  • Loading branch information
@semantic-release-bot
semantic-release-bot committed Jan 5, 2023
1 parent 892040d commit df00cbe
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 3 deletions.
12 changes: 12 additions & 0 deletions changelogs/CHANGELOG_alpha.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,15 @@
# [6.0.0-alpha.18](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.17...6.0.0-alpha.18) (2023-01-05)


### Bug Fixes

* The client IP address may be determined incorrectly in some cases; this fixes a security vulnerability in which the Parse Server option `masterKeyIps` may be circumvented, see [GHSA-vm5r-c87r-pf6x](https://github.com/parse-community/parse-server/security/advisories/GHSA-vm5r-c87r-pf6x) ([#8372](https://github.com/parse-community/parse-server/issues/8372)) ([892040d](https://github.com/parse-community/parse-server/commit/892040dc2f82a3e2abe2824e4b553521b6f894de))


### BREAKING CHANGES

* The mechanism to determine the client IP address has been rewritten; to correctly determine the IP address it is now required to set the Parse Server option `trustProxy` accordingly if Parse Server runs behind a proxy server, see the express framework's [trust proxy](https://expressjs.com/en/guide/behind-proxies.html) setting (#8372) ([892040d](892040d))

# [6.0.0-alpha.17](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.16...6.0.0-alpha.17) (2022-12-22)


Expand Down
4 changes: 2 additions & 2 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "parse-server",
"version": "6.0.0-alpha.17",
"version": "6.0.0-alpha.18",
"description": "An express module providing a Parse-compatible API server",
"main": "lib/index.js",
"repository": {
Expand Down

0 comments on commit df00cbe

Please sign in to comment.