Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Parse Pointer allows to access internal Parse Server classes and circumvent beforeFind query trigger #8733

Merged
merged 1 commit into from
Sep 4, 2023
Merged

fix: Parse Pointer allows to access internal Parse Server classes and circumvent beforeFind query trigger #8733

merged 1 commit into from
Sep 4, 2023

Conversation

mtrezza
Copy link
Member

@mtrezza mtrezza commented Sep 4, 2023
edited
Loading

Fixes security vulnerability GHSA-fcv6-fg5r-jm9q.

@Moumouls
fix: pointer access and beforeFind on pointer fields
3656096 
fix: review

Update src/RestQuery.js

Signed-off-by: Manuel <[email protected]>

fix: name

# Conflicts:
#	src/Auth.js
@parse-github-assistant
Copy link

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant parse-github-assistant bot changed the title fix: release-jm9q fix: Release-jm9q Sep 4, 2023
@parse-github-assistant
Copy link

parse-github-assistant bot commented Sep 4, 2023
edited
Loading

Thanks for opening this pull request!

  • ❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as Closes: #123 in the PR description, so I can recognize it.

@codecov
Copy link

codecov bot commented Sep 4, 2023
edited
Loading

Codecov Report

Patch coverage: 97.64% and project coverage change: +9.21% 🎉

Comparison is base (3dd99dd) 85.12% compared to head (3ab2f9a) 94.33%.
Report is 1 commits behind head on release.

❗ Current head 3ab2f9a differs from pull request most recent head 3656096. Consider uploading reports for the commit 3656096 to get more accurate results

Additional details and impacted files 
@@             Coverage Diff             @@
##           release    #8733      +/-   ##
===========================================
+ Coverage    85.12%   94.33%   +9.21%     
===========================================
  Files          183      184       +1     
  Lines        14544    14550       +6     
===========================================
+ Hits         12380    13726    +1346     
+ Misses        2164      824    -1340
Files Changed Coverage Δ
src/rest.js 98.63% <95.45%> (-0.24%) ⬇️
src/RestQuery.js 95.70% <97.14%> (-0.14%) ⬇️
src/Auth.js 99.57% <100.00%> (ø)
src/Controllers/PushController.js 97.87% <100.00%> (ø)
src/Controllers/UserController.js 96.15% <100.00%> (+1.53%) ⬆️
src/RestWrite.js 94.88% <100.00%> (+0.45%) ⬆️
src/SharedRest.js 100.00% <100.00%> (ø)

... and 16 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@mtrezza mtrezza changed the title fix: Release-jm9q fix: Parse Pointer allows to access internal Parse Server classes and circumvent beforeFind query trigger Sep 4, 2023
@mtrezza mtrezza merged commit be4c7e2 into parse-community:release Sep 4, 2023
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 6.2.2

@parseplatformorg parseplatformorg added the state:released Released as stable version label Sep 4, 2023
@mtrezza mtrezza deleted the jm9q/fix-release-jm9q branch September 6, 2023 00:29
@mtrezza mtrezza mentioned this pull request Sep 6, 2023
Closed
3 tasks
@mtrezza mtrezza mentioned this pull request Sep 22, 2023
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
state:released Released as stable version
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mtrezza @parseplatformorg @Moumouls