4.10.13 (2022-06-30)
- protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields (GHSA-crrq-vr9j-fxxh) (#8074) (054f3e6)
4.10.12 (2022-06-17)
- invalid file request not properly handled; this fixes a security vulnerability in which an invalid file request can crash the server (GHSA-xw6g-jjvf-wwf9) (#8059) (5f42322)
4.10.11 (2022-06-17)
- certificate in Apple Game Center auth adapter not validated; this fixes a security vulnerability in which authentication could be bypassed using a fake certificate; if you are using the Apple Gamer Center auth adapter it is your responsibility to keep its root certificate up-to-date and we advice you read the security advisory (GHSA-rh9j-f5f8-rvgc) (145838d)
4.10.10 (2022-05-01)
- authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter (GHSA-qf8x-vqjv-92gr) (#7963) (1930a64)
4.10.9 (2022-03-28)
4.10.8 (2022-03-24)
4.10.7 (2022-03-11)
-
security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7841) (886bfd7)
Note that as part of the fix a new security feature scans for sensitive keywords in request data to prevent JavaScript prototype pollution. If such a keyword is found, the request is rejected with HTTP response code
400
and Parse Error105
(INVALID_KEY_NAME
). By default these keywords are:{_bsontype: "Code"}
,constructor
,__proto__
. If you are using any of these keywords in your request data, you can override the default keywords by setting the new Parse Server optionrequestKeywordDenylist
to[]
and specify your own keywords as needed.
4.10.6 (2022-02-12)
4.10.5 (2022-02-12)
- Strip out sessionToken when LiveQuery is used on Parse.User (Daniel Blyth) GHSA-7pr3-p5fm-8r9x
- Validate
explain
query parameter to avoid a server crash due to MongoDB bug NODE-3463 (Kartal Kaan Bozdogan) GHSA-xqp8-w826-hh6x
- Move graphql-tag from devDependencies to dependencies (Antonio Davi Macedo Coelho de Castro) #7183
- Updated to Parse JS SDK 3.3.0 and other security fixes (Manuel Trezza) #7508
⚠️ This includes a security fix of the Parse JS SDK wherelogIn
will default toPOST
instead ofGET
method. This may require changes in your deployment before you upgrade to this release, see the Parse JS SDK 3.0.0 release notes.
Versions >4.5.2 and <4.10.0 are skipped.
⚠️ A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write access to the repository. The code to which these tags linked has not been reviewed or approved by Parse Platform. Even though no releases were published with these incorrect versions, it was possible to define a Parse Server dependency that pointed to these version tags, for example if you defined this dependency:"parse-server": "[email protected]:parse-community/parse-server.git#4.9.3"We have since deleted the incorrect version tags, but they may still show up if your personal fork on GitHub or locally. We do not know when these tags have been pushed to the Parse Server repository, but we first became aware of this issue on July 21, 2021. We are not aware of any malicious code or concerns related to privacy, security or legality (e.g. proprietary code). However, it has been reported that some functionality does not work as expected and the introduction of security vulnerabilities cannot be ruled out.
You may be also affected if you used the Bitnami image for Parse Server. Bitnami picked up the incorrect version tag
4.9.3
and published a new Bitnami image for Parse Server.If you are using any of the affected versions, we urgently recommend to upgrade to version
4.10.0
.
- SECURITY FIX: Fixes incorrect session property
authProvider: password
of anonymous users. When signing up an anonymous user, the session fieldcreatedWith
indicates incorrectly that the session has been created using username and password withauthProvider: password
, instead of an anonymous sign-up withauthProvider: anonymous
. This fixes the issue by setting the correctauthProvider: anonymous
for future sign-ups of anonymous users. This fix does not fix incorrectauthProvider: password
for existing sessions of anonymous users. Consider this if your app logic depends on theauthProvider
field. (Corey Baker) GHSA-23r4-5mxp-c7g5
This version was published by mistake and was deprecated.
BREAKING CHANGES:
- FIX: Consistent casing for afterLiveQueryEvent. The afterLiveQueryEvent was introduced in 4.4.0 with inconsistent casing for the event names, which was fixed in 4.5.0. #7023. Thanks to dblythy.
- FIX: Properly handle serverURL and publicServerUrl in Batch requests. #7049. Thanks to Zach Goldberg.
- IMPROVE: Prevent invalid column names (className and length). #7053. Thanks to Diamond Lewis.
- IMPROVE: GraphQL: Remove viewer from logout mutation. #7029. Thanks to Antoine Cormouls.
- IMPROVE: GraphQL: Optimize on Relation. #7044. Thanks to Antoine Cormouls.
- NEW: Include sessionToken in onLiveQueryEvent. #7043. Thanks to dblythy.
- FIX: Definitions for accountLockout and passwordPolicy. #7040. Thanks to dblythy.
- FIX: Fix typo in server definitions for emailVerifyTokenReuseIfValid. #7037. Thanks to dblythy.
- SECURITY FIX: LDAP auth stores password in plain text. See GHSA-4w46-w44m-3jq3 for more details about the vulnerability and da905a3 for the fix. Thanks to Fabian Strachanski.
- NEW: Reuse tokens if they haven't expired. #7017. Thanks to dblythy.
- NEW: Add LDAPS-support to LDAP-Authcontroller. #7014. Thanks to Fabian Strachanski.
- FIX: (beforeSave/afterSave): Return value instead of Parse.Op for nested fields. #7005. Thanks to Diamond Lewis.
- FIX: (beforeSave): Skip Sanitizing Database results. #7003. Thanks to Diamond Lewis.
- FIX: Fix includeAll for querying a Pointer and Pointer array. #7002. Thanks to Corey Baker.
- FIX: Add encryptionKey to src/options/index.js. #6999. Thanks to dblythy.
- IMPROVE: Update PostgresStorageAdapter.js. #6989. Thanks to Vitaly Tomilov.
- IMPROVE: Update PostgresStorageAdapter.js. #6981. Thanks to Vitaly Tomilov
- NEW: skipWithMasterKey on Built-In Validator. #6972. Thanks to dblythy.
- NEW: Add fileKey rotation to GridFSBucketAdapter. #6768. Thanks to Corey Baker.
- IMPROVE: Remove unused parameter in Cloud Function. #6969. Thanks to Diamond Lewis.
- IMPROVE: Validation Handler Update. #6968. Thanks to dblythy.
- FIX: (directAccess): Properly handle response status. #6966. Thanks to Diamond Lewis.
- FIX: Remove hostnameMaxLen for Mongo URL. #6693. Thanks to markhoward02.
- IMPROVE: Show a message if cloud functions are duplicated. #6963. Thanks to dblythy.
- FIX: Pass request.query to afterFind. #6960. Thanks to dblythy.
- SECURITY FIX: Patch session vulnerability over Live Query. See GHSA-2xm2-xj2q-qgpj for more details about the vulnerability and 78b59fb for the fix. Thanks to Antonio Davi Macedo Coelho de Castro.
- IMPROVE: LiveQueryEvent Error Logging Improvements. #6951. Thanks to dblythy.
- IMPROVE: Include stack in Cloud Code. #6958. Thanks to dblythy.
- FIX: (jobs): Add Error Message to JobStatus Failure. #6954. Thanks to Diamond Lewis.
- NEW: Create Cloud function afterLiveQueryEvent. #6859. Thanks to dblythy.
- FIX: Update vkontakte API to the latest version. #6944. Thanks to Antonio Davi Macedo Coelho de Castro.
- FIX: Use an empty object as default value of options for Google Sign in. #6844. Thanks to Kevin Kuang.
- FIX: Postgres: prepend className to unique indexes. #6741. Thanks to Corey Baker.
- FIX: GraphQL: Transform input types also on user mutations. #6934. Thanks to Antoine Cormouls.
- FIX: Set objectId into query for Email Validation. #6930. Thanks to Danaru.
- FIX: GraphQL: Optimize queries, fixes some null returns (on object), fix stitched GraphQLUpload. #6709. Thanks to Antoine Cormouls.
- FIX: Do not throw error if user provide a pointer like index onMongo. #6923. Thanks to Antoine Cormouls.
- FIX: Hotfix instagram api. #6922. Thanks to Tim.
- FIX: (directAccess/cloud-code): Pass installationId with LogIn. #6903. Thanks to Diamond Lewis.
- FIX: Fix bcrypt binary incompatibility. #6891. Thanks to Manuel Trezza.
- NEW: Keycloak auth adapter. #6376. Thanks to Rhuan.
- IMPROVE: Changed incorrect key name in apple auth adapter tests. #6861. Thanks to Manuel Trezza.
- FIX: Fix mutating beforeSubscribe Query. #6868. Thanks to dblythy.
- FIX: Fix beforeLogin for users logging in with AuthData. #6872. Thanks to Kevin Kuang.
- FIX: Remove Facebook AccountKit auth. #6870. Thanks to Diamond Lewis.
- FIX: Updated TOKEN_ISSUER to 'accounts.google.com'. #6836. Thanks to Arjun Vedak.
- IMPROVE: Optimized deletion of class field from schema by using an index if available to do an index scan instead of a collection scan. #6815. Thanks to Manuel Trezza.
- IMPROVE: Enable MongoDB transaction test for MongoDB >= 4.0.4 #6827. Thanks to Manuel.
- PERFORMANCE: Optimizing pointer CLP query decoration done by DatabaseController#addPointerPermissions #6747. Thanks to mess-lelouch.
- SECURITY: Fix security breach on GraphQL viewer 78239ac, secuity advisory. Thanks to Antoine Cormouls.
- FIX: Save context not present if direct access enabled #6764. Thanks to Omair Vaiyani.
- NEW: Before Connect + Before Subscribe #6793. Thanks to dblythy.
- FIX: Add version to playground to fix CDN #6804. Thanks to Antoine Cormouls.
- NEW (EXPERIMENTAL): Idempotency enforcement for client requests. This deduplicates requests where the client intends to send one request to Parse Server but due to network issues the server receives the request multiple times. Caution, this is an experimental feature that may not be appropriate for production. #6748. Thanks to Manuel Trezza.
- FIX: Add production Google Auth Adapter instead of using the development url #6734. Thanks to SebC..
- IMPROVE: Run Prettier JS Again Without requiring () on arrow functions #6796. Thanks to Diamond Lewis.
- IMPROVE: Run Prettier JS #6795. Thanks to Diamond Lewis.
- IMPROVE: Replace bcrypt with @node-rs/bcrypt #6794. Thanks to LongYinan.
- IMPROVE: Make clear description of anonymous user #6655. Thanks to Jerome De Leon.
- IMPROVE: Simplify GraphQL merge system to avoid js ref bugs #6791. Thanks to Antoine Cormouls.
- NEW: Pass context in beforeDelete, afterDelete, beforeFind and Parse.Cloud.run #6666. Thanks to yog27ray.
- NEW: Allow passing custom gql schema function to ParseServer#start options #6762. Thanks to Luca.
- NEW: Allow custom cors origin header #6772. Thanks to Kevin Yao.
- FIX: Fix context for cascade-saving and saving existing object #6735. Thanks to Manuel.
- NEW: Add file bucket encryption using fileKey #6765. Thanks to Corey Baker.
- FIX: Removed gaze from dev dependencies and removed not working dev script #6745. Thanks to Vincent Semrau.
- IMPROVE: Upgrade graphql-tools to v6 #6701. Thanks to Yaacov Rydzinski.
- NEW: Support Metadata in GridFSAdapter #6660. Thanks to Diamond Lewis.
- NEW: Allow to unset file from graphql #6651. Thanks to Antoine Cormouls.
- NEW: Handle shutdown for RedisCacheAdapter #6658. Thanks to promisenxu.
- FIX: Fix explain on user class #6650. Thanks to Manuel.
- FIX: Fix read preference for aggregate #6585. Thanks to Manuel.
- NEW: Add context to Parse.Object.save #6626. Thanks to Manuel.
- NEW: Adding ssl config params to Postgres URI #6580. Thanks to Corey Baker.
- FIX: Travis postgres update: removing unnecessary start of mongo-runner #6594. Thanks to Corey Baker.
- FIX: ObjectId size for Pointer in Postgres #6619. Thanks to Corey Baker.
- IMPROVE: Improve a test case #6629. Thanks to Gordon Sun.
- NEW: Allow to resolve automatically Parse Type fields from Custom Schema #6562. Thanks to Antoine Cormouls.
- FIX: Remove wrong console log in test #6627. Thanks to Gordon Sun.
- IMPROVE: Graphql tools v5 #6611. Thanks to Yaacov Rydzinski.
- FIX: Catch JSON.parse and return 403 properly #6589. Thanks to Gordon Sun.
- PERFORMANCE: Allow covering relation queries with minimal index #6581. Thanks to Noah Silas.
- FIX: Fix Postgres group aggregation #6522. Thanks to Siddharth Ramesh.
- NEW: Allow set user mapped from JWT directly on request #6411. Thanks to Gordon Sun.
BREAKING CHANGES:
- CHANGE: The Sign-In with Apple authentication adapter parameter
client_id
has been changed toclientId
. If using the Apple authentication adapter, this change requires to update the Parse Server configuration accordingly. See #6523 for details.
- UPGRADE: Parse JS SDK to 2.12.0 #6548
- NEW: Support Group aggregation on multiple columns for Postgres #6483. Thanks to Siddharth Ramesh.
- FIX: Improve test reliability by instructing Travis to only install one version of Postgres #6490. Thanks to Corey Baker.
- FIX: Unknown type bug on overloaded types #6494. Thanks to Antoine Cormouls.
- FIX: Improve reliability of 'SignIn with AppleID' #6416. Thanks to Andy King.
- FIX: Improve Travis reliability by separating Postgres & Mongo scripts #6505. Thanks to Corey Baker.
- NEW: Apple SignIn support for multiple IDs #6523. Thanks to UnderratedDev.
- NEW: Add support for new Instagram API #6398. Thanks to Maravilho Singa.
- FIX: Updating Postgres/Postgis Call and Postgis to 3.0 #6528. Thanks to Corey Baker.
- FIX: enableExpressErrorHandler logic #6423. Thanks to Nikolay Andryukhin.
- FIX: Change Order Enum Strategy for GraphQL #6515. Thanks to Antoine Cormouls.
- FIX: Switch ACL to Relay Global Id for GraphQL #6495. Thanks to Antoine Cormouls.
- FIX: Handle keys for pointer fields properly for GraphQL #6499. Thanks to Antoine Cormouls.
- FIX: GraphQL file mutation #6507. Thanks to Antoine Cormouls.
- FIX: Aggregate geoNear with date query #6540. Thanks to Manuel.
- NEW: Add file triggers and file meta data #6344. Thanks to stevestencil.
- FIX: Improve local testing of postgres #6531. Thanks to Corey Baker.
- NEW: Case insensitive username and email indexing and query planning for Postgres #6506. Thanks to Corey Baker.
SECURITY RELEASE: see advisory for details
- SECURITY FIX: Patch Regex vulnerabilities. See 3a3a5ee. Special thanks to W0lfw00d for identifying and responsibly reporting the vulnerability. Thanks to Antonio Davi Macedo Coelho de Castro for the speedy fix.
BREAKING CHANGES:
- Remove Support for Mongo 3.2 & 3.4. The new minimum supported version is Mongo 3.6.
- Change username and email validation to be case insensitive. This change should be transparent in most use cases. The validation behavior should now behave 'as expected'. See #5634 for details.
Special Note on Upgrading to Parse Server 4.0.0 and above
In addition to the breaking changes noted above, #5634 introduces a two new case insensitive indexes on the
User
collection. Special care should be taken when upgrading to this version to ensure that:
The new indexes can be successfully created (see issue #6465 for details on a potential issue for your installation).
Care is taken ensure that there is adequate compute capacity to create the index in the background while still servicing requests.
- FIX: attempt to get travis to deploy to npmjs again. See #6475. Thanks to Arthur Cinader.
- FIX: correct 'new' travis config to properly deploy. See #6452. Thanks to Arthur Cinader.
- FIX: Better message on not allowed to protect default fields. See #6439.Thanks to Old Grandpa
Special Note on Upgrading to Parse Server 4.0.0 and above
In addition to the breaking changes noted below, #5634 introduces a two new case insensitive indexes on the
User
collection. Special care should be taken when upgrading to this version to ensure that:
The new indexes can be successfully created (see issue #6465 for details on a potential issue for your installation).
Care is taken ensure that there is adequate compute capacity to create the index in the background while still servicing requests.
- NEW: add hint option to Parse.Query #6322. Thanks to Steve Stencil
- FIX: CLP objectId size validation fix #6332. Thanks to Old Grandpa
- FIX: Add volumes to Docker command #6356. Thanks to Kasra Bigdeli
- NEW: GraphQL 3rd Party LoginWith Support #6371. Thanks to Antoine Cormouls
- FIX: GraphQL Geo Queries #6363. Thanks to Antoine Cormouls
- NEW: GraphQL Nested File Upload #6372. Thanks to Antoine Cormouls
- NEW: Granular CLP pointer permissions #6352. Thanks to Old Grandpa
- FIX: Add missing colon for customPages #6393. Thanks to Jerome De Leon
- NEW:
afterLogin
cloud code hook #6387. Thanks to David Corona - FIX: BREAKING CHANGE Prevent new usernames or emails that clash with existing users' email or username if it only differs by case. For example, don't allow a new user with the name 'Jane' if we already have a user 'jane'. #5634. Thanks to Arthur Cinader
- FIX: Support Travis CI V2. #6414. Thanks to Diamond Lewis
- FIX: Prevent crashing on websocket error. #6418. Thanks to Diamond Lewis
- NEW: Allow protectedFields for Authenticated users and Public. $6415. Thanks to Old Grandpa
- FIX: Correct bug in determining GraphQL pointer errors when mutating. #6413. Thanks to Antoine Cormouls
- NEW: Allow true GraphQL Schema Customization. #6360. Thanks to Antoine Cormouls
- BREAKING CHANGE: Remove Support for Mongo version < 3.6 #6445. Thanks to Arthur Cinader
- FIX: correct and cover ordering queries in GraphQL #6316. Thanks to Antonio Davi Macedo Coelho de Castro
- NEW: GraphQL support for reset password email #6301. Thanks to Antoine Cormouls
- FIX: Add default limit to GraphQL fetch #6304. Thanks to Antoine Cormouls
- DOCS: use bash syntax highlighting #6302. Thanks to Jerome De Leon
- NEW: Add max log file option #6296. Thanks to Diamond Lewis
- NEW: support user supplied objectId #6101. Thanks to Ruhan
- FIX: Add missing encodeURIComponent on username #6278. Thanks to Christopher Brookes
- NEW: update PostgresStorageAdapter.js to use async/await #6275. Thanks to Vitaly Tomilov
- NEW: Support required fields on output type for GraphQL #6279. Thanks to Antoine Cormouls
- NEW: Support required fields for GraphQL #6271. Thanks to Antoine Cormouls
- CHANGE: use mongodb 3.3.5 #6263. Thanks to Diamond Lewis
- NEW: GraphQL: DX Relational Where Query #6255. Thanks to Antoine Cormouls
- CHANGE: test against Postgres 11 #6260. Thanks to Diamond Lewis
- CHANGE: test against Postgres 11 #6260. Thanks to Diamond Lewis
- NEW: GraphQL alias for mutations in classConfigs #6258. Thanks to Old Grandpa
- NEW: GraphQL classConfig query alias #6257. Thanks to Old Grandpa
- NEW: Allow validateFilename to return a string or Parse Error #6246. Thanks to Mike Patnode
- NEW: Relay Spec #6089. Thanks to Antonio Davi Macedo Coelho de Castro
- CHANGE: Set default ACL for GraphQL #6249. Thanks to Antoine Cormouls
- NEW: LDAP auth Adapter #6226. Thanks to Julian Dax
- FIX: improve beforeFind to include Query info #6237. Thanks to Diamond Lewis
- FIX: improve websocket error handling #6230. Thanks to Diamond Lewis
- NEW: addition of an afterLogout trigger #6217. Thanks to Diamond Lewis
- FIX: Initialize default logger #6186. Thanks to Diamond Lewis
- NEW: Add funding link #6192. Thanks to Tom Fox
- FIX: installationId on LiveQuery connect #6180. Thanks to Diamond Lewis
- NEW: Add exposing port in docker container #6165. Thanks to Priyash Patil
- NEW: Support Google Play Games Service #6147. Thanks to Diamond Lewis
- DOC: Throw error when setting authData to null #6154. Thanks to Manuel
- CHANGE: Move filename validation out of the Router and into the FilesAdaptor #6157. Thanks to Mike Patnode
- NEW: Added warning for special URL sensitive characters for appId #6159. Thanks to Saimoom Safayet Akash
- NEW: Support Apple Game Center Auth #6143. Thanks to Diamond Lewis
- CHANGE: test with Node 12 #6133. Thanks to Arthur Cinader
- FIX: prevent after find from firing when saving objects #6127. Thanks to Diamond Lewis
- FIX: GraphQL Mutations not returning updated information 6130. Thanks to Omair Vaiyani
- CHANGE: Cleanup Schema cache per request #6216. Thanks to Diamond Lewis
- DOC: Improve installation instructions #6120. Thanks to Andres Galante
- DOC: add code formatting to contributing guidelines #6119. Thanks to Andres Galante
- NEW: Add GraphQL ACL Type + Input #5957. Thanks to Antoine Cormouls
- CHANGE: replace public key #6099. Thanks to Arthur Cinader
- NEW: Support microsoft authentication in GraphQL #6051. Thanks to Alann Maulana
- NEW: Install parse-server 3.9.0 instead of 2.2 #6069. Thanks to Julian Dax
- NEW: Use #!/bin/bash instead of #!/bin/sh #6062. Thanks to Julian Dax
- DOC: Update GraphQL readme section #6030. Thanks to Antonio Davi Macedo Coelho de Castro
- NEW: Add allowHeaders to Options #6044. Thanks to Omair Vaiyani
- CHANGE: Introduce ReadOptionsInput to GraphQL API #6030. Thanks to Antonio Davi Macedo Coelho de Castro
- NEW: Stream video with GridFSBucketAdapter (implements byte-range requests) #6028. Thanks to Diamond Lewis
- FIX: Aggregate not matching null values #6043. Thanks to Antonio Davi Macedo Coelho de Castro
- CHANGE: Improve callCloudCode mutation to receive a CloudCodeFunction enum instead of a String in the GraphQL API #6029. Thanks to Antonio Davi Macedo Coelho de Castro
- TEST: Add more tests to transactions #6022. Thanks to Antonio Davi Macedo Coelho de Castro
- CHANGE: Pointer constraint input type as ID in the GraphQL API #6020. Thanks to Douglas Muraoka
- CHANGE: Remove underline from operators of the GraphQL API #6024. Thanks to Antonio Davi Macedo Coelho de Castro
- FIX: Make method async as expected in usage #6025. Thanks to Omair Vaiyani
- DOC: Added breaking change note to 3.8 release #6023. Thanks to Manuel
- NEW: Added support for line auth #6007. Thanks to Saimoom Safayet Akash
- FIX: Fix aggregate group id #5994. Thanks to Antonio Davi Macedo Coelho de Castro
- CHANGE: Schema operations instead of generic operations in the GraphQL API #5993. Thanks to Antonio Davi Macedo Coelho de Castro
- DOC: Fix changelog formatting#6009. Thanks to Tom Fox
- CHANGE: Rename objectId to id in the GraphQL API #5985. Thanks to Douglas Muraoka
- FIX: Fix beforeLogin trigger when user has a file #6001. Thanks to Antonio Davi Macedo Coelho de Castro
- DOC: Update GraphQL Docs with the latest changes #5980. Thanks to Antonio Davi Macedo Coelho de Castro
- NEW: Protected fields pointer-permissions support #5951. Thanks to Dobbias Nan
- NEW: GraphQL DX: Relation/Pointer #5946. Thanks to Antoine Cormouls
- NEW: Master Key Only Config Properties #5953. Thanks to Manuel
- FIX: Better validation when creating a Relation fields #5922. Thanks to Lucas Alencar
- NEW: enable GraphQL file upload #5944. Thanks to Antonio Davi Macedo Coelho de Castro
- NEW: Handle shutdown on grid adapters #5943. Thanks to Antonio Davi Macedo Coelho de Castro
- NEW: Fix GraphQL max upload size #5940. Thanks to Antonio Davi Macedo Coelho de Castro
- FIX: Remove Buffer() deprecation notice #5942. Thanks to Antonio Davi Macedo Coelho de Castro
- FIX: Remove MongoDB unified topology deprecation notice from the grid adapter #5941. Thanks to Antonio Davi Macedo Coelho de Castro
- NEW: add callback for serverCloseComplete #5937. Thanks to Diamond Lewis
- DOCS: Add Cloud Code guide to README #5936. Thanks to Diamond Lewis
- NEW: Remove nested operations from GraphQL API #5931. Thanks to Antonio Davi Macedo Coelho de Castro
- NEW: Improve Live Query Monitoring #5927. Thanks to Diamond Lewis
- FIX: GraphQL: Fix undefined Array #5296. Thanks to Antoine Cormouls
- NEW: Added array support for pointer-permissions #5921. Thanks to Dobbias Nan
- GraphQL: Renaming Types/Inputs #5921. Thanks to Antoine Cormouls
- FIX: Lint no-prototype-builtins #5920. Thanks to Diamond Lewis
- GraphQL: Inline Fragment on Array Fields #5908. Thanks to Antoine Cormouls
- DOCS: Add instructions to launch a compatible Docker Postgres . Thanks to Antoine Cormouls
- Fix: Undefined dot notation in matchKeyInQuery #5917. Thanks to Diamond Lewis
- Fix: Logger print JSON and Numbers #5916. Thanks to Diamond Lewis
- GraphQL: Return specific Type on specific Mutation #5893. Thanks to Antoine Cormouls
- FIX: Apple sign-in authAdapter #5891. Thanks to SebC.
- DOCS: Add GraphQL beta notice #5886. Thanks to Antonio Davi Macedo Coelho de Castro
- GraphQL: Remove "password" output field from _User class #5889. Thanks to Douglas Muraoka
- GraphQL: Object constraints #5715. Thanks to Douglas Muraoka
- DOCS: README top section overhaul + add sponsors #5876. Thanks to Tom Fox
- FIX: Return a Promise from classUpdate method #5877. Thanks to Lucas Alencar
- FIX: Use UTC Month in aggregate tests #5879. Thanks to Antonio Davi Macedo Coelho de Castro
- FIX: Transaction was aborting before all promises have either resolved or rejected #5878. Thanks to Antonio Davi Macedo Coelho de Castro
- NEW: Use transactions for batch operation #5849. Thanks to Antonio Davi Macedo Coelho de Castro
- If you are running Parse Server on top of a MongoDB deployment which does not fit the Retryable Writes Requirements, you will have to add
retryWrites=false
to your connection string in order to upgrade to Parse Server 3.8.
- FIX: Live Query was failing on release 3.7.1
- FIX: Missing APN module
- FIX: Set falsy values as default to schema fields #5868, thanks to Lucas Alencar
- NEW: Implement WebSocketServer Adapter #5866, thanks to Diamond Lewis
- FIX: Prevent linkWith sessionToken from generating new session #5801, thanks to Diamond Lewis
- GraphQL: Improve session token error messages #5753, thanks to Douglas Muraoka
- NEW: GraphQL { functions { call } } generic mutation #5818, thanks to Antonio Davi Macedo Coelho de Castro
- NEW: GraphQL Custom Schema #5821, thanks to Antonio Davi Macedo Coelho de Castro
- NEW: GraphQL custom schema on CLI #5828, thanks to Antonio Davi Macedo Coelho de Castro
- NEW: GraphQL @mock directive #5836, thanks to Antonio Davi Macedo Coelho de Castro
- FIX: GraphQL _or operator not working #5840, thanks to Antonio Davi Macedo Coelho de Castro
- NEW: Add "count" to CLP initial value #5841, thanks to Douglas Muraoka
- NEW: Add ability to alter the response from the after save trigger #5814, thanks to BrunoMaurice
- FIX: Cache apple public key for the case it fails to fetch again #5848, thanks to Antonio Davi Macedo Coelho de Castro
- NEW: GraphQL Configuration Options #5782, thanks to Omair Vaiyani
- NEW: Required fields and default values #5835, thanks to Antonio Davi Macedo Coelho de Castro
- FIX: Postgres safely escape strings in nested objects #5855, thanks to Diamond Lewis
- NEW: Support PhantAuth authentication #5850, thanks to Ivan SZKIBA
- FIX: Remove uws package #5860, thanks to Zeal Murapa
- SECURITY FIX: Address Security Advisory of a potential Enumeration Attack 73b0f9a, big thanks to Fabian Strachanski for identifying the problem, creating a fix and following the vulnerability disclosure guidelines
- NEW: Added rest option: excludeKeys #5737, thanks to Raschid J.F. Rafeally
- FIX: LiveQuery create event with fields #5790, thanks to Diamond Lewis
- FIX: Generate sessionToken with linkWith #5799, thanks to Diamond Lewis
- NEW: GraphQL Support #5674, thanks to Antonio Davi Macedo Coelho de Castro
- NEW: Sign in with Apple #5694, thanks to Diamond Lewis
- NEW: AppSecret to Facebook Auth #5695, thanks to Diamond Lewis
- NEW: Postgres: Regex support foreign characters #5598, thanks to Jeff Gu Kang
- FIX: Winston Logger string interpolation #5729, thanks to Diamond Lewis
Fix: Commit changes
Fix: Use changes in master to travis configuration to enable pushing to npm and gh_pages. See diff for details.
Fix: In my haste to get a Security Fix out, I added 8709daf to master instead of to 3.4.1. This commit fixes that. Arthur Cinader
Security Fix: see Advisory: GHSA-2479-qvv7-47q for details 8709daf. Big thanks to: Benjamin Simonsson for identifying the issue and promptly bringing it to the Parse Community's attention and also big thanks to the indefatigable Diamond Lewis for crafting a failing test and then a solution within an hour of the report.
- NEW: Aggregate supports group by date fields #5538 thanks to Antonio Davi Macedo Coelho de Castro
- NEW: API for Read Preferences #3963 thanks to Antonio Davi Macedo Coelho de Castro
- NEW: Add Redis options for LiveQuery #5584 thanks to Diamond Lewis
- NEW: Add Direct Access option for Server Config #5550 thanks to Diamond Lewis
- FIX: updating mixed array in Postgres #5552 thanks to Diamond Lewis
- FIX: notEqualTo GeoPoint Query in Postgres #5549, thanks to Diamond Lewis
- FIX: put the timestamp back in logs that was lost after Winston upgrade #5571, thanks to Steven Rowe and Arthur Cinader
- FIX: Validates permission before calling beforeSave #5546, thanks to Antonio Davi Macedo Coelho de Castro
- FIX: Remove userSensitiveFields default value. #5588, thanks to William George
- FIX: Decode Date JSON value in LiveQuery. #5540, thanks to ananfang
- NEW: beforeLogin trigger with support for auth providers (#5445), thanks to Omair Vaiyani
- NEW: RFC 7662 compliant OAuth2 auth adapter (#4910), thanks to Müller Zsolt
- FIX: cannot change password when maxPasswordHistory is 1 (#5191), thanks to Tulsi Sapkota
- FIX (Postgres): count being very slow on large Parse Classes' collections (#5330), thanks to CoderickLamar
- FIX: using per-key basis queue (#5420), thanks to Georges Jamous
- FIX: issue on count with Geo constraints and mongo (#5286), thanks to Julien Quéré
- Correct previous release with patch that is fully merged
- Security fix to properly process userSensitiveFields when parse-server is started with ../lib/cli/parse-server #5463
- Increment package.json version to match the deployment tag
- NEW: Support accessing sensitive fields with an explicit ACL. Not documented yet, see tests for examples
- Upgrade Parse SDK JS to 2.3.1 #5457
- Hides token contents in logStartupOptions if they arrive as a buffer #6a9380
- Support custom message for password requirements #5399
- Support for Ajax password reset #5332
- Postgres: Refuse to build unsafe JSON lists for contains #5337
- Properly handle return values in beforeSave #5228
- Fixes issue when querying user roles #5276
- Fixes issue affecting update with CLP #5269
- Postgres: Fixes support for global configuration
- Postgres: Fixes support for numeric arrays
- Postgres: Fixes issue affecting queries on empty arrays
- LiveQuery: Adds support for transmitting the original object
- Queries: Use estimated count if query is empty
- Docker: Reduces the size of the docker image to 154Mb
- Removes dev script, use TDD instead of server.
- Removes nodemon and problematic dependencies.
- Addressed event-stream security debacle.
- Fixes issue that would prevent users with large number of roles to resolve all of them Antoine Cormouls (#5131, #5132)
- Fixes distinct query on special fields (#5144)
- Return success on sendPasswordResetEmail even if email not found. (#7fe4030)
- Expire password reset tokens on email change (#5104)
- Live Query CLPs (#4387)
- Reduces number of calls to injectDefaultSchema (#5107)
- Remove runtime dependency on request (#5076)
- Fixes issue with vkontatke authentication (#4977)
- Use the correct function when validating google auth tokens (#5018)
- fix unexpected 'delete' trigger issue on LiveQuery (#5031)
- Improves performance for roles and ACL's in live query server (#5126)
parse-server
3.0.0 comes with brand new handlers for cloud code. It now fully supports promises and async / await.
For more informations, visit the v3.0.0 migration guide.
- Cloud Code handlers have a new interface based on promises.
- response.success / response.error are removed in Cloud Code
- Cloud Code runs with Parse-SDK 2.0
- The aggregate now require aggregates to be passed in the form:
{"pipeline": [...]}
(REST Only)
- Adds Pipeline Operator to Aggregate Router.
- Adds documentations for parse-server's adapters, constructors and more.
- Adds ability to pass a context object between
beforeSave
andafterSave
affecting the same object.
- Fixes issue that would crash the server when mongo objects had undefined values #4966
- Fixes issue that prevented ACL's from being used with
select
(see #571)
- Adds ability to forward errors to express handler (#4697)
- Adds ability to increment the push badge with an arbitrary value (#4889)
- Adds ability to preserve the file names when uploading (#4915)
_User
now follow regular ACL policy. Letting administrator lock user out. (#4860) and (#4898)- Ensure dates are properly handled in aggregates (#4743)
- Aggregates: Improved support for stages sharing the same name
- Add includeAll option
- Added verify password to users router and tests. (#4747)
- Ensure read preference is never overriden, so DB config prevails (#4833)
- add support for geoWithin.centerSphere queries via withJSON (#4825)
- Allow sorting an object field (#4806)
- Postgres: Don't merge JSON fields after save() to keep same behaviour as MongoDB (#4808) (#4815)
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- Adds support for JS SDK 2.0 job status header
- Removes npm-git scripts as npm supports using git repositories that build, thanks to Florent Vilmart
- Ensure legacy users without ACL's are not locked out, thanks to Florent Vilmart
- Use common HTTP agent to increase webhooks performance, thanks to Tyler Brock
- Adds withinPolygon support for Polygon objects, thanks to Mads Bjerre
Ensure all the files are properly exported to the final package.
- Adding Mongodb element to add
arrayMatches
the #4762 (#4766), thanks to Jérémy Piednoel - Adds ability to Lockout users (#4749), thanks to Florent Vilmart
- Fixes issue when using afterFind with relations (#4752), thanks to Florent Vilmart
- New query condition support to match all strings that starts with some other given strings (#3864), thanks to Eduard Bosch Bertran
- Allow creation of indices on default fields (#4738), thanks to Claire Neveu
- Purging empty class (#4676), thanks to Diamond Lewis
- Postgres: Fixes issues comparing to zero or false (#4667), thanks to Diamond Lewis
- Fix Aggregate Match Pointer (#4643), thanks to Diamond Lewis
- Allow Parse.Error when returning from Cloud Code (#4695), thanks to Saulo Tauil
- Fix typo: "requrest" -> "request" (#4761), thanks to Joseph Frazier
- Send version for Vkontakte API (#4725), thanks to oleg
- Ensure we respond with invalid password even if email is unverified (#4708), thanks to dblythy
- Add _password_history to default sensitive data (#4699), thanks to Jong Eun Lee
- Check for node version in postinstall script (#4657), thanks to Diamond Lewis
- Remove FB Graph API version from URL to use the oldest non deprecated version, thanks to SebC
- @parse/[email protected]
- @parse/[email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- Fixes an issue affecting polygon queries, thanks to Diamond Lewis
- Improve documentation for LiveQuery options, thanks to Arthur Cinader
- Improve documentation for using cloud code with docker, thanks to Stephen Tuso
- Adds support for Facebook's AccountKit, thanks to 6thfdwp
- Disable afterFind routines when running aggregates, thanks to Diamond Lewis
- Improve support for distinct aggregations of nulls, thanks to Diamond Lewis
- Regenreate the email verification token when requesting a new email, thanks to Benjamin Wilson Friedman
- Fix issue affecting readOnly masterKey and purge command, thanks to AreyouHappy
- Fixes Issue unsetting in beforeSave doesn't allow object creation, thanks to Diamond Lewis
- Fixes issue crashing server on invalid live query payload, thanks to fridays
- Fixes issue affecting postgres storage adapter "undefined property '__op'", thanks to Tyson Andre
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- Improved match aggregate
- Do not mark the empty push as failed
- Support pointer in aggregate query
- Introduces flow types for storage
- Postgres: Refactoring of Postgres Storage Adapter
- Postgres: Support for multiple projection in aggregate
- Postgres: performance optimizations
- Adds infos about vulnerability disclosures
- Adds ability to login with email when provided as username
- Scrub Passwords with URL Encoded Characters
- Fixes issue affecting using sorting in beforeFind
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- Adds support for dot notation when using matchesKeyInQuery, thanks to Henrik and Arthur Cinader
Starting parse-server 2.7.0, the minimun nodejs version is 6.11.4, please update your engines before updating parse-server
- Aggregation endpoints, thanks to Diamond Lewis
- Adds indexation options onto Schema endpoints, thanks to Diamond Lewis
- Fixes sessionTokens being overridden in 'find' (#4332), thanks to Benjamin Wilson Friedman
- Proper
handleShutdown()
feature to close database connections (#4361), thanks to CHANG, TZU-YEN - Fixes issue affecting state of _PushStatus objects, thanks to Benjamin Wilson Friedman
- Fixes issue affecting calling password reset password pages with wrong appid, thanks to Bryan de Leon
- Fixes issue affecting duplicates _Sessions on successive logins, thanks to Florent Vilmart
- Updates contributing guides, and improves windows support, thanks to Addison Elliott
- Uses new official scoped packaged, thanks to Florent Vilmart
- Improves health checks responses, thanks to Benjamin Wilson Friedman
- Add password confirmation to choose_password, thanks to Worathiti Manosroi
- Improve performance of relation queries, thanks to Florent Vilmart
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- Adds support for read-only masterKey, thanks to Florent Vilmart
- Adds support for relative time queries (mongodb only), thanks to Marvel Mathew
- Handle possible afterSave exception, thanks to Benjamin Wilson Friedman
- Add support for expiration interval in Push, thanks to Marvel Mathew
- The REST API key was improperly inferred from environment when using the CLI, thanks to Florent Vilmart
- Improves management of configurations and default values, thanks to Florent Vilmart
- Adds ability to start ParseServer with
ParseServer.start(options)
, thanks to Florent Vilmart - Adds request original IP to cloud code hooks, thanks to Gustav Ahlberg
- Corrects some outdated links, thanks to Benjamin Wilson Friedman
- Adds serverURL validation on startup, thanks to Benjamin Wilson Friedman
- Adds ability to login with POST requests alongside GET, thanks to Benjamin Wilson Friedman
- Adds ability to login with email, instead of username, thanks to Florent Vilmart
- Fixes issue affecting beforeSaves and increments, thanks to Benjamin Wilson Friedman
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- Queries on Pointer fields with
$in
and$nin
now supports list of objectId's, thanks to Florent Vilmart - LiveQueries on
$in
and$nin
for pointer fields work as expected thanks to Florent Vilmart - Also remove device token when APNS error is BadDeviceToken, thanks to Mauricio Tollin
- LRU cache is not available on the ParseServer object, thanks to Tyler Brock
- Error messages are more expressive, thanks to Tyler Brock
- Postgres: Properly handle undefined field values, thanks to Diamond Lewis
- Updating with two GeoPoints fails correctly, thanks to Anthony Mosca
- Adds ability to set a maxLimit on server configuration for queries, thanks to Chris Norris
- Fixes issue affecting reporting
_PushStatus
with misconfigured serverURL, thanks to Florent Vilmart - Fixes issue affecting deletion of class that doesn't exist, thanks to Diamond Lewis
- PushWorker/PushQueue channels are properly prefixed with the Parse applicationId, thanks to Marvel Mathew
- You can use Parse.Cloud.afterSave hooks on _PushStatus
- You can use Parse.Cloud.onLiveQueryEvent to track the number of clients and subscriptions
- Adds support for more fields from the Audience class.
- Push: Adds ability to track sentPerUTC offset if your push scheduler supports it.
- Push: Adds support for cleaning up invalid deviceTokens from _Installation (PARSE_SERVER_CLEANUP_INVALID_INSTALLATIONS=1).
- Improves overall performance of the server, more particularly with large query results.
- Improves performance of InMemoryCacheAdapter by removing serialization.
- Improves logging performance by skipping necessary log calls.
- Refactors object routers to simplify logic.
- Adds automatic indexing on $text indexes, thanks to Diamon Lewis
- Push: Adds ability to send localized pushes according to the _Installation localeIdentifier
- Push: proper support for scheduling push in user's locale time, thanks to Marvel Mathew
- LiveQuery: Adds ability to use LiveQuery with a masterKey, thanks to Jeremy May
- Fixes an issue that would duplicate Session objects per userId-installationId pair.
- Fixes an issue affecting pointer permissions introduced in this release.
- Fixes an issue that would prevent displaying audiences correctly in dashboard.
- Fixes an issue affecting preventLoginWithUnverifiedEmail upon signups.
- [email protected]: A new deprecation notice is introduced with parse-server-s3-adapter's version 1.2.0. An upcoming release will remove passing key and password arguments. AWS credentials should be set using AWS best practices. See the Deprecation Notice for AWS credentials section of the adapter's README.
- Polygon is fully supported as a type, thanks to Diamond Lewis
- Query supports PolygonContains, thanks to Diamond Lewis
- Postgres: Adds support nested contains and containedIn, thanks to Diamond Lewis
- Postgres: Adds support for
null
in containsAll queries, thanks to Diamond Lewis - Cloud Code: Request headers are passed to the cloud functions, thanks to miguel-s
- Push: All push queries now filter only where deviceToken exists
- Fixes issue affecting updates of _User objects when authData was passed.
- Push: Pushing to an empty audience should now properly report a failed _PushStatus
- Linking Users: Fixes issue affecting linking users with sessionToken only
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- badge property on android installations will now be set as on iOS (#3970), thanks to Florent Vilmart
- Fixes incorrect number parser for cache options
- Restores ability to run on node >= 4.6
- Adds ability to configure cache from CLI
- Removes runtime check for node >= 4.6
- Adds ability to set default objectId size (#3950), thanks to Steven Shipton
- Uses LRU cache instead of InMemoryCache by default (#3979), thanks to Florent Vilmart
- iOS pushes are now using HTTP/2.0 instead of binary API (#3983), thanks to Florent Vilmart
- Adds ability to run full text search (#3904), thanks to Diamond Lewis
- Adds ability to run
$withinPolygon
queries (#3889), thanks to Diamond Lewis - Adds ability to pass read preference per query with mongodb (#3865), thanks to davimacedo
- beforeFind trigger now includes
isGet
for get queries (#3862), thanks to davimacedo - Adds endpoints for dashboard's audience API (#3861), thanks to davimacedo
- Restores the job scheduling endpoints (#3927), thanks to Florent Vilmart
- Removes unnecessary warning when using maxTimeMs with mongodb, thanks to Tyler Brock
- Improves access control on system classes (#3916), thanks to Worathiti Manosroi
- Adds bytes support in postgres (#3894), thanks to Diamond Lewis
- Fixes issue with vkontakte adapter that would hang the request, thanks to Denis Trofimov
- Fixes issue affecting null relational data (#3924), thanks to davimacedo
- Fixes issue affecting session token deletion (#3937), thanks to Florent Vilmart
- Fixes issue affecting the serverInfo endpoint (#3933), thanks to Florent Vilmart
- Fixes issue affecting beforeSave with dot-noted sub-documents (#3912), thanks to IlyaDiallo
- Fixes issue affecting emails being sent when using a 3rd party auth (#3882), thanks to davimacedo
- ParseQuery: Support for withinPolygon #3866, thanks to Diamond Lewis
- Postgres: Use transactions when deleting a class, #3869, thanks to Vitaly Tomilov
- Postgres: Proper support for GeoPoint equality query, #3874, thanks to Diamond Lewis
- beforeSave and liveQuery will be correctly triggered on email verification #3851, thanks to Florent Vilmart
- Skip authData validation if it hasn't changed, on PUT requests #3872, thanks to Florent Vilmart
- Fixes issue affecting relation updates (#3835, #3836), thanks to Florent Vilmart
- Fixes issue affecting sending push notifications, thanks to Felipe Andrade
- Session are always cleared when updating the passwords (#3289, #3821, thanks to Florent Vilmart
Starting 2.4.0, parse-server is tested against node 6.10 and 7.10, mongodb 3.2 and 3.4. If you experience issues with older versions, please open a issue.
- Adds
count
Class Level Permission (#3814), thanks to Florent Vilmart - Proper graceful shutdown support (#3786), thanks to Florent Vilmart
- Let parse-server store as
scheduled
Push Notifications with push_time (#3717, #3722), thanks to Felipe Andrade
- Parse-Server images are built through docker hub, thanks to Florent Vilmart
- Skip authData validation if it hasn't changed, thanks to Florent Vilmart
- [postgres] Improve performance when adding many new fields to the Schema (#3740), thanks to Paulo Vítor S Reis
- Test maintenance, wordsmithing and nits (#3744), thanks to Arthur Cinader
- [postgres] Fixes issue affecting deleting multiple fields of a Schema (#3734, #3735), thanks to Paulo Vítor S Reis
- Fix issue affecting _PushStatus state (#3808), thanks to Florent Vilmart
- requiresAuthentication Class Level Permission behaves correctly, thanks to Florent Vilmart
- Email Verification related fields are not exposed (#3681, #3393, #3432), thanks to Anthony Mosca
- HTTP query parameters are properly obfuscated in logs (#3793, #3789), thanks to @youngerong
- Improve handling of
$near
operators in$or
queries (#3767, #3798), thanks to Jack Wearden - Fix issue affecting arrays of pointers (#3169), thanks to Florent Vilmart
- Fix issue affecting overloaded query constraints (#3723, #3678), thanks to Florent Vilmart
- Properly catch unhandled rejections in _Installation updates (#3795), thanks to kahoona77
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- Support for PG-Promise options, thanks to ren dong
- Improves support for graceful shutdown, thanks to Florent Vilmart
- Improves configuration validation for Twitter Authentication, thanks to Benjamin Wilson Friedman
- Fixes issue affecting GeoPoint __type with Postgres, thanks to zhoul-HS
- Prevent user creation if username or password is empty, thanks to Wissam Abirached
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- New endpoint to resend verification email, thanks to Xy Ziemba
- Add TTL option for Redis Cache Adapter, thanks to Ryan Foster
- Update Postgres Storage Adapter, thanks to Vitaly Tomilov
- Add index on Role.name, fixes (#3579), thanks to Natan Rolnik
- Fix default value of userSensitiveFields, fixes (#3593), thanks to Arthur Cinader
- Adds support for injecting a middleware for instumentation in the CLI, thanks to Florent Vilmart
- Alleviate mongodb bug with $or queries SERVER-13732, thanks to Jack Wearden
- Fix issue affecting password policy and empty passwords, thanks to Bhaskar Reddy Yasa
- Fix issue when logging url in non string objects, thanks to Paulo Vítor S Reis
- Allow empty client key (#3497), thanks to Arthur Cinader
- Fix LiveQuery unsafe user (#3525), thanks to David Starke
- Use
flushdb
instead offlushall
in RedisCacheAdapter (#3523), thanks to Jeremy Louie - Fix saving GeoPoints and Files in
_GlobalConfig
(Make sure we don't treat dot notation keys as topLevel atoms) (#3531), thanks to Florent Vilmart
- Minimum Node engine bumped to 4.6 (#3480), thanks to Florent Vilmart
- Add logging on failure to create file (#3424), thanks to Arthur Cinader
- Log Parse Errors so they are intelligible (#3431), thanks to Arthur Cinader
- MongoDB $or Queries avoid SERVER-13732 bug (#3476), thanks to Jack Wearden
- Mongo object to Parse object date serialization - avoid re-serialization of iso of type Date (#3389), thanks to nodechefMatt
- Ground preparations for push scalability (#3080), thanks to Florent Vilmart
- Use uWS as optional dependency for ws server (#3231), thanks to Florent Vilmart
- Add parseFrameURL for masking user-facing pages (#3267), thanks to Lenart Rudel
- Fix Parse-Server to work with winston-daily-rotate-1.4.2 (#3335), thanks to Arthur Cinader
- Add support for regex string for password policy validatorPattern setting (#3331), thanks to Bhaskar Reddy Yasa
- LiveQuery should match subobjects with dot notation (#3322), thanks to David Starke
- Reduce time to process high number of installations for push (#3264), thanks to jeacott1
- Fix trivial typo in error message (#3238), thanks to Arthur Cinader
A major issue was introduced when refactoring the authentication modules. This release addresses only that issue.
- Parse.Cloud.useMasterKey() is a no-op, please refer to (Cloud Code migration guide)[https://github.com/ParsePlatform/parse-server/wiki/Compatibility-with-Hosted-Parse#cloud-code]
- Authentication helpers are now proper adapters, deprecates oauth option in favor of auth.
- DEPRECATES: facebookAppIds, use
auth: { facebook: { appIds: ["AAAAAAAAA" ] } }
email
field is not returned anymore forParse.User
queries. (Provided only on the user itself if provided).
- Adds ability to restrict access through Class Level Permissions to only authenticated users see docs
- Adds ability to strip sensitive data from
_User
responses, strips emails by default, thanks to Arthur Cinader - Adds password history support for password policies, thanks to Bhaskar Reddy Yasa
- Bump parse-server-s3-adapter to 1.0.6, thanks to Arthur Cinader
- Using PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS let you create user sessions when passing {installationId: "xxx-xxx"} on signup in cloud code, thanks to Florent Vilmart
- Add CLI option to pass
host
parameter when creating parse-server from CLI, thanks to Kulshekhar Kabra
- Ensure batch routes are only using posix paths, thanks to Steven Shipton
- Ensure falsy options from CLI are properly taken into account, thanks to Steven Shipton
- Fixes issues affecting calls to
matchesKeyInQuery
with pointers. - Ensure that
select
keys can be changed in triggers (beforeFind...), thanks to Arthur Cinader
- Enables and enforces linting with eslint, thanks to Arthur Cinader
Postgres support requires v9.5
- Dockerizing Parse Server, thanks to Kirill Kravinsky
- Login with qq, wechat, weibo, thanks to haifeizhang
- Password policy, validation and expiration, thanks to Bhaskar Reddy Yasa
- Health check on /health, thanks to Kirill Kravinsky
- Reuse SchemaCache across requests option, thanks to Steven Shipton
- Better support for CLI options, thanks to Steven Shipton
- Specity a database timeout with maxTimeMS, thanks to Tyler Brock
- Adds the username to reset password success pages, thanks to Halim Qarroum
- Better support for Redis cache adapter, thanks to Tyler Brock
- Better coverage of Postgres, thanks to Kulshekhar Kabra
- Fixes issue when sending push to multiple installations, thanks to Florent Vilmart
- Fixes issues with twitter authentication, thanks to jonas-db
- Ignore createdAt fields update, thanks to Yuki Takeichi
- Improve support for array equality with LiveQuery, thanks to David Poetzsch-Heffter
- Improve support for batch endpoint when serverURL and publicServerURL have different paths, thanks to Florent Vilmart
- Support saving relation objects, thanks to Yuki Takeichi
- LiveQuery: Bring your own adapter (#2902), thanks to Florent Vilmart
- LiveQuery: Adds "update" operator to update a query subscription (#2935), thanks to Florent Vilmart
- Better Postgres support, thanks to Kulshekhar Kabra
- Logs the function name when failing (#2963), thanks to Michael Helvey
- CLI: forces closing the connections with SIGINT/SIGTERM (#2964), thanks to Kulshekhar Kabra
- Reduce the number of calls to the
_SCHEMA
table (#2912), thanks to Steven Shipton - LiveQuery: Support for Role ACL's, thanks to Aaron Blondeau
- Better support for checking application and client keys, thanks to Steven Shipton
- Google OAuth, better support for android and web logins, thanks to Florent Vilmart
- Run liveQuery server from CLI with a different port, thanks to Florent Vilmart
- Support for Postgres databaseURI, thanks to Kulshekhar Kabra
- Support for Postgres options, thanks to Kulshekhar Kabra
- Improved support for google login (id_token and access_token), thanks to Florent Vilmart
- Improvements with VKontakte login, thanks to Eugene Antropov
- Improved support for
select
andinclude
, thanks to Florent Vilmart
- Fix error when updating installation with useMasterKey (#2888), thanks to Jeremy Louie
- Fix bug affecting usage of multiple
notEqualTo
, thanks to Jeremy Louie - Improved support for null values in arrays, thanks to Florent Vilmart
- Minimum nodejs engine is now 4.5
- New: CLI for parse-live-query-server, thanks to Florent Vilmart
- New: Start parse-live-query-server for parse-server CLI, thanks to Florent Vilmart
- Fix: Include with pointers are not conflicting with get CLP anymore, thanks to Florent Vilmart
- Fix: Removes dependency on babel-polyfill, thanks to Florent Vilmart
- Fix: Support nested select calls, thanks to Florent Vilmart
- Fix: Use native column selection instead of runtime, thanks to Florent Vilmart
- Fix: installationId header is properly used when updating
_Installation
objects, thanks to Florent Vilmart - Fix: don't crash parse-server on improperly formatted live-query messages, thanks to Florent Vilmart
- Fix: Passwords are properly stripped out of logs, thanks to Arthur Cinader
- Fix: Lookup for email in username if email is not set, thanks to Florent Vilmart
- Fix: Reverts removal of babel-polyfill
- New: Adds CloudCode handler for
beforeFind
, thanks to Florent Vilmart - New: RedisCacheAdapter for syncing schema, role and user caches across servers, thanks to Florent Vilmart
- New: Latest master build available at
ParsePlatform/parse-server#latest
, thanks to Florent Vilmart - Fix: Better support for upgradeToRevocableSession with missing session token, thanks to Florent Vilmart
- Fix: Removes babel-polyfill runtime dependency, thanks to Florent Vilmart
- Fix: Cluster option now support a boolean value for automatically choosing the right number of processes, thanks to Florent Vilmart
- Fix: Filenames now appear correctly, thanks to Lama Chandrasena
- Fix:
_acl
is properly updated, thanks to Steven Shipton
Other fixes by Mathias Rangel Wulff
- New: support for upgrading to revocable sessions, thanks to Florent Vilmart
- New: NullCacheAdapter for disabling caching, thanks to Yuki Takeichi
- New: Account lockout policy #2601, thanks to Diwakar Cherukumilli
- New: Jobs endpoint for defining and run jobs (no scheduling), thanks to Florent Vilmart
- New: Add --cluster option to the CLI, thanks to Florent Vilmart
- New: Support for login with vk.com, thanks to Nurdaulet Bolatov
- New: experimental support for postgres databases, thanks to Florent Vilmart
- Fix: parse-server doesn't call next() after successful responses, thanks to Florent Vilmart
- Fix: Nested objects are properly includeed with Pointer Permissions on, thanks to Florent Vilmart
- Fix: null values in include calls are properly handled, thanks to Florent Vilmart
- Fix: Schema validations now runs after beforeSave hooks, thanks to Florent Vilmart
- Fix: usersname and passwords are properly type checked, thanks to Bam Wang
- Fix: logging in info log would log also in error log, thanks to Florent Vilmart
- Fix: removes extaneous logging from ParseLiveQueryServer, thanks to Flavio Torres
- Fix: support for Range requests for files, thanks to Brage G. Staven
- Fix: Improve support for objects in push alert, thanks to Antoine Lenoir
- Fix; Prevent pointed from getting clobbered when they are changed in a beforeSave, thanks to sud
- Fix: Improve support for "Bytes" type, thanks to CongHoang
- Fix: Better logging compatability with Parse.com, thanks to Arthur Cinader
- New: Add Janrain Capture and Janrain Engage auth provider, thanks to Andrew Lane
- Improved: Include content length header in files response, thanks to Steven Van Bael
- Improved: Support byte range header for files, thanks to Brage G. Staven
- Improved: Validations for LinkedIn access_tokens, thanks to Felix Dumit
- Improved: Experimental postgres support, thanks to Florent Vilmart
- Perf: Use native bcrypt implementation if available, thanks to Florent Vilmart
2.2.17 (07/23/2016)
- Cloud code logs #2370 (flovilmart)
- Make sure _PushStatus operations are run in order #2367 (flovilmart)
- Typo fix for error message when can't ensure uniqueness of user email addresses #2360 (AndrewLane)
- LiveQuery constrains matching fix #2357 (simonas-notcat)
- Fix typo in logging for commander parseConfigFile #2352 (AndrewLane)
- Fix minor typos in test names #2351 (acinader)
- Makes sure we don't strip authData or session token from users using masterKey #2348 (flovilmart)
- Run coverage with istanbul #2340 (flovilmart)
- Run next() after successfully sending data to the client #2338 (blacha)
- Cache all the mongodb/version folder #2336 (flovilmart)
- updates usage of setting: emailVerifyTokenValidityDuration #2331 (cherukumilli)
- Update Mongodb client to 2.2.4 #2329 (flovilmart)
- Allow usage of analytics adapter #2327 (deashay)
- Fix flaky tests #2324 (flovilmart)
- don't serve null authData values #2320 (yuzeh)
- Fix null relation problem #2319 (flovilmart)
- Clear the connectionPromise upon close or error #2314 (flovilmart)
- Report validation errors with correct error code #2299 (flovilmart)
- Parses correctly Parse.Files and Dates when sent to Cloud Code Functions #2297 (flovilmart)
- Adding proper generic Not Implemented. #2292 (vitaly-t)
- Adds schema caching capabilities (5s by default) #2286 (flovilmart)
- add digits oauth provider #2284 (ranhsd)
- Improve installations query #2281 (flovilmart)
- Adding request headers to cloud functions fixes #1461 #2274 (blacha)
- Creates a new sessionToken when updating password #2266 (flovilmart)
- Add Gitter chat link to the README. #2264 (nlutsenko)
- Restores ability to include non pointer keys #2263 (flovilmart)
- Allow next middleware handle error in handleParseErrors #2260 (mejcz)
- Exposes the ClientSDK infos if available #2259 (flovilmart)
- Adds support for multiple twitter auths options #2256 (flovilmart)
- validate_purchase fix for SANDBOX requests #2253 (valeryvaskabovich)
- New: Expose InMemoryCacheAdapter publicly, thanks to Steven Shipton
- New: Add ability to prevent login with unverified email, thanks to Diwakar Cherukumilli
- Improved: Better error message for incorrect type, thanks to Andrew Lane
- Improved: Better error message for permission denied, thanks to Blayne Chard
- Improved: Update authData on login, thanks to Florent Vilmart
- Improved: Ability to not check for old files on Parse.com, thanks to OzgeAkin
- Fix: Issues with email adapter validation, thanks to Tyler Brock
- Fix: Issues with nested $or queries, thanks to Florent Vilmart
- Fix: Type in description for Parse.Error.INVALID_QUERY, thanks to Andrew Lane
- Improvement: Stop requiring verifyUserEmails for password reset functionality, thanks to Tyler Brock
- Improvement: Kill without validation, thanks to Drew Gross
- Fix: Deleting a file does not delete from fs.files, thanks to David Keita
- Fix: Postgres stoage adapter fix, thanks to Vitaly Tomilov
- Fix: Results invalid session when providing an invalid session token, thanks to Florent Vilmart
- Fix: issue creating an anonymous user, thanks to Hussam Moqhim
- Fix: make http response serializable, thanks to Florent Vilmart
- New: Add postmark email adapter alternative Glenn Reyes
- Hotfix: Fix Parse.Cloud.HTTPResponse serialization
- Hotfix: Pin version of deepcopy
- New: Custom error codes in cloud code response.error, thanks to Jeremy Pease
- Fix: Crash in beforeSave when response is not an object, thanks to Tyler Brock
- Fix: Allow "get" on installations
- Fix: Fix overly restrictive Class Level Permissions, thanks to Florent Vilmart
- Fix: Fix nested date parsing in Cloud Code, thanks to Marco Cheung
- Fix: Support very old file formats from Parse.com
- Security: Censor user password in logs, thanks to Marco Cheung
- New: Add PARSE_SERVER_LOGS_FOLDER env var for setting log folder, thanks to KartikeyaRokde
- New: Webhook key support, thanks to Tyler Brock
- Perf: Add cache adapter and default caching of certain objects, thanks to Blayne Chard
- Improvement: Better error messages for schema type mismatches, thanks to Jeremy Pease
- Improvement: Better error messages for reset password emails
- Improvement: Webhook key support in CLI, thanks to Tyler Brock
- Fix: Remove read only fields when using beforeSave, thanks to Tyler Brock
- Fix: Use content type provided by JS SDK, thanks to Blayne Chard and Florent Vilmart
- Fix: Tell the dashboard the stored push data is available, thanks to Jeremy Pease
- Fix: Add support for HTTP Basic Auth, thanks to Hussam Moqhim
- Fix: Support for MongoDB version 3.2.6, (note: do not use MongoDB 3.2 with migrated apps that still have traffic on Parse.com), thanks to Tyler Brock
- Fix: Prevent
pm2
from crashing when push notifications fail, thanks to benishak - Fix: Add full list of default _Installation fields, thanks to Jeremy Pease
- Fix: Strip objectId out of hooks responses, thanks to Tyler Brock
- Fix: Fix external webhook response format, thanks to Tyler Brock
- Fix: Fix beforeSave when object is passed to
success
, thanks to Madhav Bhagat - Fix: Remove use of deprecated APIs, thanks to Emad Ehsan
- Fix: Crash when multiple Parse Servers on the same machine try to write to the same logs folder, thanks to Steven Shipton
- Fix: Various issues with key names in
Parse.Object
s - Fix: Treat Bytes type properly
- Fix: Caching bugs that caused writes by masterKey or other session token to not show up to users reading with a different session token
- Fix: Pin mongo driver version, preventing a regression in version 2.1.19
- Fix: Various issues with pointer fields not being treated properly
- Fix: Issues with pointed getting un-fetched due to changes in beforeSave
- Fix: Fixed crash when deleting classes that have CLPs
- Fix: Write legacy ACLs to Mongo so that clients that still go through Parse.com can read them, thanks to Tyler Brock and carmenlau
- Fix: Querying installations with limit = 0 and count = 1 now works, thanks to ssk7833
- Fix: Return correct error when violating unique index, thanks to Marco Cheung
- Fix: Allow unsetting user's email, thanks to Marco Cheung
- New: Support for Node 6.1
- Fix: Fix a regression that caused Parse Server to crash when a null parameter is passed to a Cloud function
- New: Support for Pointer Permissions
- New: Expose logger in Cloud Code
- New: Option to revoke sessions on password reset
- New: Option to expire inactive sessions
- Perf: Improvements in ACL checking query
- Fix: Issues when sending pushes to list of devices that contains invalid values
- Fix: Issues caused by using babel-polyfill outside of Parse Server, but in the same express app
- Fix: Remove creation of extra session tokens
- Fix: Return authData when querying with master key
- Fix: Bugs when deleting webhooks
- Fix: Ignore _RevocableSession header, which might be sent by the JS SDK
- Fix: Issues with querying via URL params
- Fix: Properly encode "Date" parameters to cloud code functions
- Adds support for --verbose and verbose option when running ParseServer #1414 (flovilmart)
- Adds limit = 0 as a valid parameter for queries #1493 (seijiakiyama)
- Makes sure we preserve Installations when updating a token (#1475) #1486 (flovilmart)
- Hotfix for tests #1503 (flovilmart)
- Enable logs #1502 (drew-gross)
- Do some triple equals for great justice #1499 (TylerBrock)
- Apply credential stripping to all untransforms for _User #1498 (TylerBrock)
- Checking if object has defined key for Pointer constraints in liveQuery #1487 (simonas-notcat)
- Remove collection prefix and default mongo URI #1479 (drew-gross)
- Store collection prefix in mongo adapter, and clean up adapter interface #1472 (drew-gross)
- Move field deletion logic into mongo adapter #1471 (drew-gross)
- Adds support for Long and Double mongodb types (fixes #1316) #1470 (flovilmart)
- Schema.js database agnostic #1468 (flovilmart)
- Remove console.log #1465 (drew-gross)
- Push status nits #1462 (flovilmart)
- Fixes #1444 #1451 (flovilmart)
- Removing sessionToken and authData from _User objects included in a query #1450 (simonas-notcat)
- Move mongo field type logic into mongoadapter #1432 (drew-gross)
- Prevents _User lock out when setting ACL on signup or afterwards #1429 (flovilmart)
- Update .travis.yml #1428 (flovilmart)
- Adds relation fields to objects #1424 (flovilmart)
- Update .travis.yml #1423 (flovilmart)
- Sets the defaultSchemas keys in the SchemaCollection #1421 (flovilmart)
- Fixes #1417 #1420 (drew-gross)
- Untransform should treat Array's as nested objects #1416 (blacha)
- Adds X-Parse-Push-Status-Id header #1412 (flovilmart)
- Schema format cleanup #1407 (drew-gross)
- Updates the publicServerURL option #1397 (flovilmart)
- Fix exception with non-expiring session tokens. #1386 (0x18B2EE)
- Move mongo schema format related logic into mongo adapter #1385 (drew-gross)
- WIP: Huge performance improvement on roles queries #1383 (flovilmart)
- Removes GCS Adapter from provided adapters #1339 (flovilmart)
- DBController refactoring #1228 (flovilmart)
- Spotify authentication #1226 (1nput0utput)
- Expose DatabaseAdapter to simplify application tests #1121 (steven-supersolid)
- Important Fix: Disables find on installation from clients #1374 (flovilmart)
- Adds missing options to the CLI #1368 (flovilmart)
- Removes only master on travis #1367 (flovilmart)
- Auth._loadRoles should not query the same role twice. #1366 (blacha)
- Improves config loading and tests #1363 (flovilmart)
- Adds travis configuration to deploy NPM on new version tags #1361 (gfosco)
- Inject the default schemas properties when loading it #1357 (flovilmart)
- Adds console transport when testing with VERBOSE=1 #1351 (flovilmart)
- Make notEqual work on relations #1350 (flovilmart)
- Accept only bool for $exists in LiveQuery #1315 (drew-gross)
- Adds more options when using CLI/config #1305 (flovilmart)
- Update error message #1297 (drew-gross)
- Properly let masterKey add fields #1291 (flovilmart)
- Point to #1271 as how to write a good issue report #1290 (drew-gross)
- Adds ability to override mount with publicServerURL for production uses #1287 (flovilmart)
- Single object queries to use include and keys #1280 (jeremyjackson89)
- Improves report for Push error in logs and _PushStatus #1269 (flovilmart)
- Removes all stdout/err logs while testing #1268 (flovilmart)
- Matching queries with doesNotExist constraint #1250 (andrecardoso)
- Added session length option for session tokens to server configuration #997 (Kenishi)
- Regression test for #1259 #1286 (drew-gross)
- Regression test for #871 #1283 (drew-gross)
- Add a test to repro #701 #1281 (drew-gross)
- Fix for #1334: using relative cloud code files broken #1353 (airdrummingfool)
- Fix Issue/1288 #1346 (flovilmart)
- Fixes #1271 #1295 (drew-gross)
- Fixes issue #1302 #1314 (flovilmart)
- Fixes bug related to include in queries #1312 (flovilmart)
- Hotfix: fixed imports issue for S3Adapter, GCSAdapter, FileSystemAdapter #1263 (drew-gross
- Fix: Clean null authData values on _User update #1199 (yuzeh)
- Fixed bug with invalid email verification link on email update. #1253 (kzielonka)
- Badge update supports increment as well as Increment #1248 (flovilmart)
- Config/Push Tested with the dashboard. #1235 (drew-gross)
- Better logging with winston #1234 (flovilmart)
- Make GlobalConfig work like parse.com #1210 (framp)
- Improve flattening of results from pushAdapter #1204 (flovilmart)
- Push adapters are provided by external packages #1195 (flovilmart)
- Fix flaky test #1188 (drew-gross)
- Fixes problem affecting finding array pointers #1185 (flovilmart)
- Moves Files adapters to external packages #1172 (flovilmart)
- Mark push as enabled in serverInfo endpoint #1164 (drew-gross)
- Document email adapter #1144 (drew-gross)
- Reset password fix #1133 (carmenlau)
- Important Fix: Mounts createLiveQueryServer, fix babel induced problem #1153 (flovilmart)
- Move ParseServer to it's own file #1166 (flovilmart)
- Update README.md * remove deploy buttons * replace with community links #1139 (drew-gross)
- Adds bootstrap.sh #1138 (flovilmart)
- Fix: Do not override username #1142 (flovilmart)
- Fix: Add pushId back to GCM payload #1168 (wangmengyan95)
- New: Add FileSystemAdapter file adapter #1098 (dtsolis)
- New: Enabled CLP editing #1128 (drew-gross)
- Improvement: Reduces the number of connections to mongo created #1111 (flovilmart)
- Improvement: Make ParseServer a class #980 (flovilmart)
- Fix: Adds support for plain object in $add, $addUnique, $remove #1114 (flovilmart)
- Fix: Generates default CLP, freezes objects #1132 (flovilmart)
- Fix: Properly sets installationId on creating session with 3rd party auth #1110 (flovilmart)
- New Feature: Real-time functionality with Live Queries! #1092 (wangmengyan95)
- Improvement: Push Status API #1004 (flovilmart)
- Improvement: Allow client operations on Roles #1068 (flovilmart)
- Improvement: Add URI encoding to mongo auth parameters #986 (bgw)
- Improvement: Adds support for apps key in config file, but only support single app for now #979 (flovilmart)
- Documentation: Getting Started and Configuring Parse Server #988 (hramos)
- Fix: Various edge cases with REST API #1066 (flovilmart)
- Fix: Makes sure the location in results has the proper objectId #1065 (flovilmart)
- Fix: Third-party auth is properly removed when unlinked #1081 (flovilmart)
- Fix: Clear the session-user cache when changing _User objects #1072 (gfosco)
- Fix: Bug related to subqueries on unfetched objects #1046 (flovilmart)
- Fix: Properly urlencode parameters for email validation and password reset #1001 (flovilmart)
- Fix: Better sanitization/decoding of object data for afterSave triggers #992 (flovilmart)
- Fix: Changes default encoding for httpRequest #892 (flovilmart)
- Improvement: Full query support for badge Increment (#931) #983 (flovilmart)
- Improvement: Shutdown standalone parse server gracefully #958 (raulr)
- Improvement: Add database options to ParseServer constructor and pass to MongoStorageAdapter #956 (steven-supersolid)
- Improvement: AuthData logic refactor #952 (flovilmart)
- Improvement: Changed FileLoggerAdapterSpec to fail gracefully on Windows #946 (aneeshd16)
- Improvement: Add new schema collection type and replace all usages of direct mongo collection for schema operations. #943 (nlutsenko)
- Improvement: Adds CLP API to Schema router #898 (flovilmart)
- Fix: Cleans up authData null keys on login for android crash #978 (flovilmart)
- Fix: Do master query for before/afterSaveHook #959 (wangmengyan95)
- Fix: re-add shebang #944 (flovilmart)
- Fix: Added test command for Windows support #886 (aneeshd16)
- New: FileAdapter for Google Cloud Storage #708 (mcdonamp)
- Improvement: Minimize extra schema queries in some scenarios. #919 (Marco129)
- Improvement: Move DatabaseController and Schema fully to adaptive mongo collection. #909 (nlutsenko)
- Improvement: Cleanup PushController/PushRouter, remove raw mongo collection access. #903 (nlutsenko)
- Improvement: Increment badge the right way #902 (flovilmart)
- Improvement: Migrate ParseGlobalConfig to new database storage API. #901 (nlutsenko)
- Improvement: Improve delete flow for non-existent _Join collection #881 (Marco129)
- Improvement: Adding a role scenario test for issue 827 #878 (gfosco)
- Improvement: Test empty authData block on login for #413 #863 (gfosco)
- Improvement: Modified the npm dev script to support Windows #846 (aneeshd16)
- Improvement: Move HooksController to use MongoCollection instead of direct Mongo access. #844 (nlutsenko)
- Improvement: Adds public_html and views for packaging #839 (flovilmart)
- Improvement: Better support for windows builds #831 (flovilmart)
- Improvement: Convert Schema.js to ES6 class. #826 (nlutsenko)
- Improvement: Remove duplicated instructions #816 (hramos)
- Improvement: Completely migrate SchemasRouter to new MongoCollection API. #794 (nlutsenko)
- Fix: Do not require where clause in $dontSelect condition on queries. #925 (nlutsenko)
- Fix: Make sure that ACLs propagate to before/after save hooks. #924 (nlutsenko)
- Fix: Support params option in Parse.Cloud.httpRequest. #912 (carmenlau)
- Fix: Fix flaky Parse.GeoPoint test. #908 (nlutsenko)
- Fix: Handle legacy _client_permissions key in _SCHEMA. #900 (drew-gross)
- Fix: Fixes bug when querying equalTo on objectId and relation #887 (flovilmart)
- Fix: Allow crossdomain on filesRouter #876 (flovilmart)
- Fix: Remove limit when counting results. #867 (gfosco)
- Fix: beforeSave changes should propagate to the response #865 (gfosco)
- Fix: Delete relation field when _Join collection not exist #864 (Marco129)
- Fix: Related query on non-existing column #861 (gfosco)
- Fix: Update markdown in .github/ISSUE_TEMPLATE.md #859 (igorshubovych)
- Fix: Issue with creating wrong _Session for Facebook login #857 (tobernguyen)
- Fix: Leak warnings in tests, use mongodb-runner from node_modules #843 (drew-gross)
- Fix: Reversed roles lookup #841 (flovilmart)
- Fix: Improves loading of Push Adapter, fix loading of S3Adapter #833 (flovilmart)
- Fix: Add field to system schema #828 (Marco129)
- New: serverInfo endpoint that returns server version and info about the server's features
- Improvement: Add support for badges on iOS
- Improvement: Improve failure handling in cloud code http requests
- Improvement: Add support for queries on pointers and relations
- Improvement: Add support for multiple $in clauses in a query
- Improvement: Add allowClientClassCreation config option
- Improvement: Allow atomically setting subdocument keys
- Improvement: Allow arbitrarily deeply nested roles
- Improvement: Set proper content-type in S3 File Adapter
- Improvement: S3 adapter auto-creates buckets
- Improvement: Better error messages for many errors
- Performance: Improved algorithm for validating client keys
- Experimental: Parse Hooks and Hooks API
- Experimental: Email verification and password reset emails
- Experimental: Improve compatability of logs feature with Parse.com
- Fix: Fix for attempting to delete missing classes via schemas API
- Fix: Allow creation of system classes via schemas API
- Fix: Allow missing where cause in $select
- Fix: Improve handling of invalid object ids
- Fix: Replace query overwriting existing query
- Fix: Propagate installationId in cloud code triggers
- Fix: Session expiresAt is now a Date instead of a string
- Fix: Fix count queries
- Fix: Disallow _Role objects without names or without ACL
- Fix: Better handling of invalid types submitted
- Fix: beforeSave will not be triggered for attempts to save with invalid authData
- Fix: Fix duplicate device token issues on Android
- Fix: Allow empty authData on signup
- Fix: Allow Master Key Headers (CORS)
- Fix: Fix bugs if JavaScript key was not provided in server configuration
- Fix: Parse Files on objects can now be stored without URLs
- Fix: allow both objectId or installationId when modifying installation
- Fix: Command line works better when not given options
- Feature: Add initial support for in-app purchases
- Feature: Better error messages when attempting to run the server on a port that is already in use or without a server URL
- Feature: Allow customization of max file size
- Performance: Faster saves if not using beforeSave triggers
- Fix: Send session token in response to current user endpoint
- Fix: Remove triggers for _Session collection
- Fix: Improve compatability of cloud code beforeSave hook for newly created object
- Fix: ACL creation for master key only objects
- Fix: Allow uploading files without Content-Type
- Fix: Add features to http request to match Parse.com
- Fix: Bugs in development script when running from locations other than project root
- Fix: Can pass query constraints in URL
- Fix: Objects with legacy "_tombstone" key now don't cause issues.
- Fix: Allow nested keys in objects to begin with underscores
- Fix: Allow correct headers for CORS
- Change: The S3 file adapter constructor requires a bucket name
- Fix: Parse Query should throw if improperly encoded
- Fix: Issue where roles were not used in some requests
- Fix: serverURL will no longer default to api.parse.com/1
- Experimental: Schemas API support for DELETE operations
- Fix: Session token issue fetching Users
- Fix: Facebook auth validation
- Fix: Invalid error when deleting missing session
- Feature: Support for additional OAuth providers
- Feature: Ability to implement custom OAuth providers
- Feature: Support for deleting Parse Files
- Feature: Allow querying roles
- Feature: Support for logs, extensible via Log Adapter
- Feature: New Push Adapter for sending push notifications through OneSignal
- Feature: Tighter default security for Users
- Feature: Pass parameters to cloud code in query string
- Feature: Disable anonymous users via configuration.
- Experimental: Schemas API support for PUT operations
- Fix: Prevent installation ID from being added to User
- Fix: Becoming a user works properly with sessions
- Fix: Including multiple object when some object are unavailable will get all the objects that are available
- Fix: Invalid URL for Parse Files
- Fix: Making a query without a limit now returns 100 results
- Fix: Expose installation id in cloud code
- Fix: Correct username for Anonymous users
- Fix: Session token issue after fetching user
- Fix: Issues during install process
- Fix: Issue with Unity SDK sending _noBody
- Add: support for Android and iOS push notifications
- Experimental: cloud code validation hooks (can mark as non-experimental after we have docs)
- Experimental: support for schemas API (GET and POST only)
- Experimental: support for Parse Config (GET and POST only)
- Fix: Querying objects with equality constraint on array column
- Fix: User logout will remove session token
- Fix: Various files related bugs
- Fix: Force minimum node version 4.3 due to security issues in earlier version
- Performance Improvement: Improved caching