Skip to content

fix: Server crashes when receiving an array of Parse.Pointer in the request body #9010 for v6.x.x #9011

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 25 commits into from
Closed

fix: Server crashes when receiving an array of Parse.Pointer in the request body #9010 for v6.x.x #9011

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
933e822
refactor: Upgrade lru-cache from 9.1.1 to 10.1.0 (#8870)
parseplatformorg Jan 8, 2024
5179501
refactor: Upgrade redis from 4.6.6 to 4.6.12 (#8922)
parseplatformorg Feb 15, 2024
8fe0ae7
refactor: Upgrade ws from 8.13.0 to 8.16.0 (#8921)
parseplatformorg Feb 15, 2024
d0a5af3
refactor: Upgrade otpauth from 9.1.2 to 9.2.2 (#8923)
parseplatformorg Feb 16, 2024
223fde0
refactor: Upgrade pg-promise from 11.5.0 to 11.5.4 (#8924)
parseplatformorg Feb 16, 2024
e5de9da
refactor: Upgrade @parse/fs-files-adapter from 1.2.2 to 2.0.1 (#8930)
parseplatformorg Feb 20, 2024
897acb7
refactor: Upgrade semver from 7.5.2 to 7.5.4 (#8934)
parseplatformorg Feb 22, 2024
519dee9
refactor: Upgrade winston from 3.8.2 to 3.11.0 (#8933)
parseplatformorg Feb 23, 2024
70e0cb3
refactor: Upgrade jwks-rsa from 2.1.5 to 3.1.0 (#8932)
parseplatformorg Feb 24, 2024
4524c35
refactor: Upgrade follow-redirects from 1.15.2 to 1.15.5 (#8931)
parseplatformorg Feb 24, 2024
33c648d
refactor: Upgrade uuid from 9.0.0 to 9.0.1 (#8943)
parseplatformorg Feb 26, 2024
244e343
refactor: Upgrade redis from 4.6.12 to 4.6.13 (#8955)
parseplatformorg Feb 27, 2024
a6e6549
fix: Improve PostgreSQL injection detection; fixes security vulnerabi…
mtrezza Mar 1, 2024
297faae
ci: Fix incorrect release branch config (#8962)
mtrezza Mar 1, 2024
5f9a27f
chore(release): 6.5.0 [skip ci]
semantic-release-bot Mar 1, 2024
30258be
docs: Remove incorrect change log entries (#8963)
mtrezza Mar 1, 2024
bba24dd
fix: Security upgrade @parse/push-adapter from 5.0.2 to 5.1.0 (#8972)
parseplatformorg Mar 2, 2024
46761d3
chore(release): 6.5.1 [skip ci]
semantic-release-bot Mar 2, 2024
0fa0aab
fix: Security upgrade @parse/push-adapter from 5.1.0 to 5.1.1 (#8975)
parseplatformorg Mar 2, 2024
d3ec2e2
chore(release): 6.5.2 [skip ci]
semantic-release-bot Mar 2, 2024
d53c1f3
refactor: Upgrade winston-daily-rotate-file from 4.7.1 to 5.0.0 (#8974)
parseplatformorg Mar 2, 2024
47184f0
refactor: Upgrade graphql-list-fields from 2.0.2 to 2.0.4 (#8973)
parseplatformorg Mar 2, 2024
9282bc5
ci: Fix failing Docker release by removing arm/v6 and arm/v7 support …
cbaker6 Mar 5, 2024
b8535b3
ci: Fix LTS releases are published as pre-releases (#8989)
mtrezza Mar 5, 2024
9404271
Copied PR8784 for v6.x.x fix
jaysonng Mar 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,14 +123,14 @@ jobs:
uses: actions/checkout@v2
- name: Set up QEMU
id: qemu
uses: docker/setup-qemu-action@v1
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v2
- name: Build docker image
uses: docker/build-push-action@v2
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64
platforms: linux/amd64, linux/arm64/v8
check-lock-file-version:
name: NPM Lock File Version
timeout-minutes: 5
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/release-automated.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,29 +56,29 @@ jobs:
ref: ${{ needs.release.outputs.current_tag }}
- name: Set up QEMU
id: qemu
uses: docker/setup-qemu-action@v1
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v2
- name: Log into Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v3
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
flavor: |
latest=${{ steps.branch.outputs.branch_name == 'release' }}
tags: |
type=semver,pattern={{version}},value=${{ needs.release.outputs.current_tag }}
- name: Build and push Docker image
uses: docker/build-push-action@v2
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64/v8
platforms: linux/amd64, linux/arm64/v8
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
Expand Down Expand Up @@ -112,4 +112,4 @@ jobs:
uses: peaceiris/actions-gh-pages@v3.7.3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./docs
publish_dir: ./docs
12 changes: 6 additions & 6 deletions .github/workflows/release-manual-docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,18 +28,18 @@ jobs:
ref: ${{ github.event.inputs.ref }}
- name: Set up QEMU
id: qemu
uses: docker/setup-qemu-action@v1
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v2
- name: Log into Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v3
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
flavor: |
Expand All @@ -48,10 +48,10 @@ jobs:
type=semver,enable=true,pattern={{version}},value=${{ github.event.inputs.ref }}
type=raw,enable=${{ github.event.inputs.ref == '' }},value=latest
- name: Build and push Docker image
uses: docker/build-push-action@v2
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64/v8
platforms: linux/amd64, linux/arm64/v8
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
4 changes: 2 additions & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
############################################################
# Build stage
############################################################
FROM node:lts-alpine AS build
FROM node:18-alpine AS build

RUN apk --no-cache add git
WORKDIR /tmp
Expand All @@ -24,7 +24,7 @@ RUN npm ci --omit=dev --ignore-scripts \
############################################################
# Release stage
############################################################
FROM node:lts-alpine AS release
FROM node:18-alpine AS release

VOLUME /parse-server/cloud /parse-server/config

Expand Down
21 changes: 21 additions & 0 deletions changelogs/CHANGELOG_release.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,24 @@
## [6.5.2](https://github.com/parse-community/parse-server/compare/6.5.1...6.5.2) (2024-03-02)


### Bug Fixes

* Security upgrade @parse/push-adapter from 5.1.0 to 5.1.1 ([#8975](https://github.com/parse-community/parse-server/issues/8975)) ([0fa0aab](https://github.com/parse-community/parse-server/commit/0fa0aabefe6bc9d356ee70be78dafc5fa22d4e17))

## [6.5.1](https://github.com/parse-community/parse-server/compare/6.5.0...6.5.1) (2024-03-02)


### Bug Fixes

* Security upgrade @parse/push-adapter from 5.0.2 to 5.1.0 ([#8972](https://github.com/parse-community/parse-server/issues/8972)) ([bba24dd](https://github.com/parse-community/parse-server/commit/bba24dd8279ebb8e4084a5f00fbe3ab9fe6c01b4))

# [6.5.0](https://github.com/parse-community/parse-server/compare/6.4.0...6.5.0) (2024-03-01)


### Bug Fixes

* Improve PostgreSQL injection detection; fixes security vulnerability [GHSA-6927-3vr9-fxf2](https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2) which affects Parse Server deployments using a Postgres database ([#8960](https://github.com/parse-community/parse-server/issues/8960)) ([a6e6549](https://github.com/parse-community/parse-server/commit/a6e654943536932904a69b51e513507fcf90a504))

# [6.4.0](https://github.com/parse-community/parse-server/compare/6.3.1...6.4.0) (2023-11-16)


Expand Down
Loading