Skip to content

5.5.0

Compare
Choose a tag to compare
@parseplatformorg parseplatformorg released this 20 May 23:22
· 22 commits to release-5.x.x since this release

5.5.0 (2023-05-20)

Features

  • Add new Parse Server option fileUpload.fileExtensions to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern ^[^hH][^tT][^mM][^lL]?$, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to ['.*'] (#8537) (196e05f)