Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) #8074

Merged
merged 2 commits into from
Jun 30, 2022

Conversation

mtrezza
Copy link
Member

@mtrezza mtrezza commented Jun 26, 2022

No description provided.

@parse-github-assistant
Copy link

parse-github-assistant bot commented Jun 26, 2022

Thanks for opening this pull request!

  • ❌ Please edit your post and use the provided template when creating a new pull request. This helps everyone to understand your post better and asks for essential information to quicker review the pull request.

@codecov
Copy link

codecov bot commented Jun 26, 2022

Codecov Report

Merging #8074 (deb5172) into release-4.x.x (8580a52) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@              Coverage Diff               @@
##           release-4.x.x    #8074   +/-   ##
==============================================
  Coverage          93.82%   93.82%           
==============================================
  Files                170      170           
  Lines              12502    12521   +19     
==============================================
+ Hits               11730    11748   +18     
- Misses               772      773    +1     
Impacted Files Coverage Δ
src/Controllers/DatabaseController.js 95.22% <100.00%> (+<0.01%) ⬆️
src/LiveQuery/ParseCloudCodePublisher.js 100.00% <100.00%> (ø)
src/LiveQuery/ParseLiveQueryServer.js 95.18% <100.00%> (+0.14%) ⬆️
src/Routers/FilesRouter.js 87.60% <100.00%> (+0.53%) ⬆️
src/RestWrite.js 93.60% <0.00%> (-0.17%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6286d2e...deb5172. Read the comment docs.

@mtrezza mtrezza closed this Jun 26, 2022
@mtrezza mtrezza reopened this Jun 30, 2022
@mtrezza mtrezza changed the title fix release 4.x.x fix: protected fields exposed via LiveQuery ([GHSA-crrq-vr9j-fxxh](https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh)) Jun 30, 2022
@mtrezza mtrezza merged commit 054f3e6 into parse-community:release-4.x.x Jun 30, 2022
@mtrezza mtrezza changed the title fix: protected fields exposed via LiveQuery ([GHSA-crrq-vr9j-fxxh](https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh)) fix: protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) Jun 30, 2022
mtrezza added a commit that referenced this pull request Jun 30, 2022
…ields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields ([GHSA-crrq-vr9j-fxxh](GHSA-crrq-vr9j-fxxh)) (#8074) (#8073)
parseplatformorg pushed a commit that referenced this pull request Jun 30, 2022
## [4.10.13](4.10.12...4.10.13) (2022-06-30)

### Bug Fixes

* protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields ([GHSA-crrq-vr9j-fxxh](GHSA-crrq-vr9j-fxxh)) ([#8074](#8074)) ([054f3e6](054f3e6))
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 4.10.13

@parseplatformorg parseplatformorg added the state:released-4.x.x Released as LTS version label Jun 30, 2022
@parse-github-assistant
Copy link

The label state:released-4.x.x cannot be used here.

@parse-github-assistant parse-github-assistant bot removed the state:released-4.x.x Released as LTS version label Jun 30, 2022
parseplatformorg pushed a commit that referenced this pull request Jun 30, 2022
## [5.2.4](5.2.3...5.2.4) (2022-06-30)

### Bug Fixes

* protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields ([GHSA-crrq-vr9j-fxxh](GHSA-crrq-vr9j-fxxh)) (#8074) ([#8073](#8073)) ([309f64c](309f64c))
@mtrezza mtrezza deleted the fix-release-4.x.x branch July 2, 2022 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants