-
-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Custom object ID allows to acquire role privileges (GHSA-8xq9-g7ch-35hg) #9317
Conversation
…tom object ids
Signed-off-by: Manuel <[email protected]>
Signed-off-by: Manuel <[email protected]>
Signed-off-by: Manuel <[email protected]>
I will reformat the title to use the proper commit message syntax. |
Thanks for opening this pull request!
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## alpha #9317 +/- ##
==========================================
- Coverage 93.49% 93.48% -0.02%
==========================================
Files 186 186
Lines 14807 14811 +4
==========================================
+ Hits 13844 13846 +2
- Misses 963 965 +2 ☔ View full report in Codecov by Sentry. |
# [7.3.0-alpha.9](7.3.0-alpha.8...7.3.0-alpha.9) (2024-10-03) ### Bug Fixes * Custom object ID allows to acquire role privileges ([GHSA-8xq9-g7ch-35hg](GHSA-8xq9-g7ch-35hg)) ([#9317](#9317)) ([13ee52f](13ee52f))
🎉 This change has been released in version 7.3.0-alpha.9 |
# [7.3.0-beta.1](7.2.0...7.3.0-beta.1) (2024-10-03) ### Bug Fixes * Custom object ID allows to acquire role privileges ([GHSA-8xq9-g7ch-35hg](GHSA-8xq9-g7ch-35hg)) ([#9317](#9317)) ([13ee52f](13ee52f)) * Parse Server `databaseOptions` nested keys incorrectly identified as invalid ([#9213](#9213)) ([77206d8](77206d8)) * Parse Server installation fails due to post install script incorrectly parsing required min. Node version ([#9216](#9216)) ([0fa82a5](0fa82a5)) * Parse Server option `maxLogFiles` doesn't recognize day duration literals such as `1d` to mean 1 day ([#9215](#9215)) ([0319cee](0319cee)) * Security upgrade path-to-regexp from 6.2.1 to 6.3.0 ([#9314](#9314)) ([8b7fe69](8b7fe69)) ### Features * Add atomic operations for Cloud Config parameters ([#9219](#9219)) ([35cadf9](35cadf9)) * Add Cloud Code triggers `Parse.Cloud.beforeSave` and `Parse.Cloud.afterSave` for Parse Config ([#9232](#9232)) ([90a1e4a](90a1e4a)) * Add Node 22 support ([#9187](#9187)) ([7778471](7778471)) * Add support for asynchronous invocation of `FilesAdapter.getFileLocation` ([#9271](#9271)) ([1a2da40](1a2da40))
🎉 This change has been released in version 7.3.0-beta.1 |
# [7.3.0](7.2.0...7.3.0) (2024-10-03) ### Bug Fixes * Custom object ID allows to acquire role privileges ([GHSA-8xq9-g7ch-35hg](GHSA-8xq9-g7ch-35hg)) ([#9317](#9317)) ([13ee52f](13ee52f)) * Parse Server `databaseOptions` nested keys incorrectly identified as invalid ([#9213](#9213)) ([77206d8](77206d8)) * Parse Server installation fails due to post install script incorrectly parsing required min. Node version ([#9216](#9216)) ([0fa82a5](0fa82a5)) * Parse Server option `maxLogFiles` doesn't recognize day duration literals such as `1d` to mean 1 day ([#9215](#9215)) ([0319cee](0319cee)) * Security upgrade path-to-regexp from 6.2.1 to 6.3.0 ([#9314](#9314)) ([8b7fe69](8b7fe69)) ### Features * Add atomic operations for Cloud Config parameters ([#9219](#9219)) ([35cadf9](35cadf9)) * Add Cloud Code triggers `Parse.Cloud.beforeSave` and `Parse.Cloud.afterSave` for Parse Config ([#9232](#9232)) ([90a1e4a](90a1e4a)) * Add Node 22 support ([#9187](#9187)) ([7778471](7778471)) * Add support for asynchronous invocation of `FilesAdapter.getFileLocation` ([#9271](#9271)) ([1a2da40](1a2da40))
🎉 This change has been released in version 7.3.0 |
Fixes security vulnerability GHSA-8xq9-g7ch-35hg