From 6f72c5a29b8f701f745c7e236120f041cf76b8a6 Mon Sep 17 00:00:00 2001
From: Drew Gross <drew.a.gross@gmail.com>
Date: Tue, 24 May 2016 11:53:07 -0700
Subject: [PATCH 1/5] move key name validation up one level

---
 src/Adapters/Storage/Mongo/MongoTransform.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Adapters/Storage/Mongo/MongoTransform.js b/src/Adapters/Storage/Mongo/MongoTransform.js
index 898c62e00f..725b3a0776 100644
--- a/src/Adapters/Storage/Mongo/MongoTransform.js
+++ b/src/Adapters/Storage/Mongo/MongoTransform.js
@@ -313,6 +313,9 @@ const transformUpdate = (className, restUpdate, parseFormatSchema) => {
     }
   }
   for (var restKey in restUpdate) {
+    if (Object.keys(restUpdate[restKey]).some(innerKey => innerKey.includes('$') || innerKey.includes('.'))) {
+      throw new Parse.Error(Parse.Error.INVALID_NESTED_KEY, "Nested keys should not contain the '$' or '.' characters");
+    }
     var out = transformKeyValueForUpdate(className, restKey, restUpdate[restKey], parseFormatSchema);
 
     // If the output value is an object with any $ keys, it's an

From fdf5ea3ba9271f911ad70c8b12e35df5d1d08a42 Mon Sep 17 00:00:00 2001
From: Drew Gross <drew.a.gross@gmail.com>
Date: Tue, 24 May 2016 12:02:32 -0700
Subject: [PATCH 2/5] Move validation out of mongo adapter

---
 src/Adapters/Storage/Mongo/MongoTransform.js | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/Adapters/Storage/Mongo/MongoTransform.js b/src/Adapters/Storage/Mongo/MongoTransform.js
index 725b3a0776..898c62e00f 100644
--- a/src/Adapters/Storage/Mongo/MongoTransform.js
+++ b/src/Adapters/Storage/Mongo/MongoTransform.js
@@ -313,9 +313,6 @@ const transformUpdate = (className, restUpdate, parseFormatSchema) => {
     }
   }
   for (var restKey in restUpdate) {
-    if (Object.keys(restUpdate[restKey]).some(innerKey => innerKey.includes('$') || innerKey.includes('.'))) {
-      throw new Parse.Error(Parse.Error.INVALID_NESTED_KEY, "Nested keys should not contain the '$' or '.' characters");
-    }
     var out = transformKeyValueForUpdate(className, restKey, restUpdate[restKey], parseFormatSchema);
 
     // If the output value is an object with any $ keys, it's an

From 058cd4664930e261ccd0042d478ff8165363e756 Mon Sep 17 00:00:00 2001
From: Drew Gross <drew.a.gross@gmail.com>
Date: Tue, 24 May 2016 16:21:27 -0700
Subject: [PATCH 3/5] Remove schemaController in more places

---
 src/Routers/GlobalConfigRouter.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Routers/GlobalConfigRouter.js b/src/Routers/GlobalConfigRouter.js
index f876ab0bbf..bb9e3f480b 100644
--- a/src/Routers/GlobalConfigRouter.js
+++ b/src/Routers/GlobalConfigRouter.js
@@ -24,6 +24,13 @@ export class GlobalConfigRouter extends PromiseRouter {
       return acc;
     }, {});
     let database = req.config.database.WithoutValidation();
+    // TODO: We don't want to require db adapters to support upsert, so we create
+    // and then update whether the object already existed or not. The result
+    // is that simultaneous changes of _GlobalConfig might not work, but I
+    // think given the low write load of _GlobalConfig, thats probably fine.
+
+    // However, we could allow db adapters to optionally support upsert, and
+    // use upsert if its there. That will come later though.
     return database.update('_GlobalConfig', {objectId: 1}, update, {upsert: true}).then(() => ({ response: { result: true } }));
   }
 

From 07749cb7ce51c90e32550506186db7a4b30cd978 Mon Sep 17 00:00:00 2001
From: Drew Gross <drew.a.gross@gmail.com>
Date: Tue, 24 May 2016 16:42:19 -0700
Subject: [PATCH 4/5] Remove comment

---
 src/Routers/GlobalConfigRouter.js | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/src/Routers/GlobalConfigRouter.js b/src/Routers/GlobalConfigRouter.js
index bb9e3f480b..f876ab0bbf 100644
--- a/src/Routers/GlobalConfigRouter.js
+++ b/src/Routers/GlobalConfigRouter.js
@@ -24,13 +24,6 @@ export class GlobalConfigRouter extends PromiseRouter {
       return acc;
     }, {});
     let database = req.config.database.WithoutValidation();
-    // TODO: We don't want to require db adapters to support upsert, so we create
-    // and then update whether the object already existed or not. The result
-    // is that simultaneous changes of _GlobalConfig might not work, but I
-    // think given the low write load of _GlobalConfig, thats probably fine.
-
-    // However, we could allow db adapters to optionally support upsert, and
-    // use upsert if its there. That will come later though.
     return database.update('_GlobalConfig', {objectId: 1}, update, {upsert: true}).then(() => ({ response: { result: true } }));
   }
 

From 23963934a62e084b3071d3f0ff78b3554010aa34 Mon Sep 17 00:00:00 2001
From: Drew Gross <drew.a.gross@gmail.com>
Date: Tue, 24 May 2016 17:29:20 -0700
Subject: [PATCH 5/5] Changelog for 2.2.11

---
 CHANGELOG.md | 16 ++++++++++++++++
 package.json |  2 +-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2d1dcf2a55..4822dffdca 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,21 @@
 ## Parse Server Changelog
 
+### 2.2.11 (5/26/2016)
+
+* Security: Censor user password in logs, thanks to [Marco Cheung](https://github.com/Marco129)
+* New: Add PARSE_SERVER_LOGS_FOLDER env var for setting log folder, thanks to [KartikeyaRokde](https://github.com/KartikeyaRokde)
+* Perf: Add cache adapter and default caching of certain objects, thanks to [Blayne Chard](https://github.com/blacha)
+* Fix: Add support for HTTP Basic Auth, thanks to [Hussam Moqhim](https://github.com/hmoqhim)
+* Fix: Support for MongoDB version 3.2.6, (note: do not use MongoDB 3.2 with migrated apps that still have traffic on Parse.com), thanks to [Tyler Brock](https://github.com/TylerBrock)
+* Fix: Prevent `pm2` from crashing when push notifications fail, thanks to [benishak](https://github.com/benishak)
+* Fix: Add full list of default _Installation fields, thanks to [Jeremy Pease](https://github.com/JeremyPlease)
+* Fix: Crash when multiple Parse Servers on the same machine try to write to the same logs folder, thanks to [Steven Shipton](https://github.com/steven-supersolid)
+* Fix: Various issues with key names in `Parse.Object`s
+* Fix: Treat Bytes type properly
+* Fix: Caching bugs that caused writes by masterKey or other session token to not show up to users reading with a different session token
+* Fix: Pin mongo driver version, preventing a regression in version 2.1.19
+* Fix: Various issues with pointer fields not being treated properly
+
 ### 2.2.10 (5/15/2016)
 
 * Fix: Write legacy ACLs to Mongo so that clients that still go through Parse.com can read them, thanks to [Tyler Brock](https://github.com/TylerBrock) and [carmenlau](https://github.com/carmenlau)
diff --git a/package.json b/package.json
index c767ca7177..d6497c9b01 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "2.2.10",
+  "version": "2.2.11",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {