Skip to content

Latest commit

 

History

History
1677 lines (1382 loc) · 134 KB

CHANGELOG.md

File metadata and controls

1677 lines (1382 loc) · 134 KB

Parse Server Changelog

master

Full Changelog

  • IMPROVE: Optimized deletion of class field from schema by using an index if available to do an index scan instead of a collection scan. #6815. Thanks to Manuel Trezza.

4.3.0

Full Changelog

  • PERFORMANCE: Optimizing pointer CLP query decoration done by DatabaseController#addPointerPermissions #6747. Thanks to mess-lelouch.
  • SECURITY: Fix security breach on GraphQL viewer 78239ac, secuity advisory. Thanks to Antoine Cormouls.
  • FIX: Save context not present if direct access enabled #6764. Thanks to Omair Vaiyani.
  • NEW: Before Connect + Before Subscribe #6793. Thanks to dblythy.
  • FIX: Add version to playground to fix CDN #6804. Thanks to Antoine Cormouls.
  • NEW (EXPERIMENTAL): Idempotency enforcement for client requests. This deduplicates requests where the client intends to send one request to Parse Server but due to network issues the server receives the request multiple times. Caution, this is an experimental feature that may not be appropriate for production. #6748. Thanks to Manuel Trezza.
  • FIX: Add production Google Auth Adapter instead of using the development url #6734. Thanks to SebC..
  • IMPROVE: Run Prettier JS Again Without requiring () on arrow functions #6796. Thanks to Diamond Lewis.
  • IMPROVE: Run Prettier JS #6795. Thanks to Diamond Lewis.
  • IMPROVE: Replace bcrypt with @node-rs/bcrypt #6794. Thanks to LongYinan.
  • IMPROVE: Make clear description of anonymous user #6655. Thanks to Jerome De Leon.
  • IMPROVE: Simplify GraphQL merge system to avoid js ref bugs #6791. Thanks to Antoine Cormouls.
  • NEW: Pass context in beforeDelete, afterDelete, beforeFind and Parse.Cloud.run #6666. Thanks to yog27ray.
  • NEW: Allow passing custom gql schema function to ParseServer#start options #6762. Thanks to Luca.
  • NEW: Allow custom cors origin header #6772. Thanks to Kevin Yao.
  • FIX: Fix context for cascade-saving and saving existing object #6735. Thanks to Manuel.
  • NEW: Add file bucket encryption using fileKey #6765. Thanks to Corey Baker.
  • FIX: Removed gaze from dev dependencies and removed not working dev script #6745. Thanks to Vincent Semrau.
  • IMPROVE: Upgrade graphql-tools to v6 #6701. Thanks to Yaacov Rydzinski.
  • NEW: Support Metadata in GridFSAdapter #6660. Thanks to Diamond Lewis.
  • NEW: Allow to unset file from graphql #6651. Thanks to Antoine Cormouls.
  • NEW: Handle shutdown for RedisCacheAdapter #6658. Thanks to promisenxu.
  • FIX: Fix explain on user class #6650. Thanks to Manuel.
  • FIX: Fix read preference for aggregate #6585. Thanks to Manuel.
  • NEW: Add context to Parse.Object.save #6626. Thanks to Manuel.
  • NEW: Adding ssl config params to Postgres URI #6580. Thanks to Corey Baker.
  • FIX: Travis postgres update: removing unnecessary start of mongo-runner #6594. Thanks to Corey Baker.
  • FIX: ObjectId size for Pointer in Postgres #6619. Thanks to Corey Baker.
  • IMPROVE: Improve a test case #6629. Thanks to Gordon Sun.
  • NEW: Allow to resolve automatically Parse Type fields from Custom Schema #6562. Thanks to Antoine Cormouls.
  • FIX: Remove wrong console log in test #6627. Thanks to Gordon Sun.
  • IMPROVE: Graphql tools v5 #6611. Thanks to Yaacov Rydzinski.
  • FIX: Catch JSON.parse and return 403 properly #6589. Thanks to Gordon Sun.
  • PERFORMANCE: Allow covering relation queries with minimal index #6581. Thanks to Noah Silas.
  • FIX: Fix Postgres group aggregation #6522. Thanks to Siddharth Ramesh.
  • NEW: Allow set user mapped from JWT directly on request #6411. Thanks to Gordon Sun.

4.2.0

Full Changelog

BREAKING CHANGES:

  • CHANGE: The Sign-In with Apple authentication adapter parameter client_id has been changed to clientId. If using the Apple authentication adapter, this change requires to update the Parse Server configuration accordingly. See #6523 for details.

4.1.0

Full Changelog

SECURITY RELEASE: see advisory for details

4.0.2

Full Changelog

BREAKING CHANGES:

  1. Remove Support for Mongo 3.2 & 3.4. The new minimum supported version is Mongo 3.6.
  2. Change username and email validation to be case insensitive. This change should be transparent in most use cases. The validation behavior should now behave 'as expected'. See #5634 for details.

Special Note on Upgrading to Parse Server 4.0.0 and above

In addition to the breaking changes noted above, #5634 introduces a two new case insensitive indexes on the User collection. Special care should be taken when upgrading to this version to ensure that:

  1. The new indexes can be successfully created (see issue #6465 for details on a potential issue for your installation).

  2. Care is taken ensure that there is adequate compute capacity to create the index in the background while still servicing requests.

4.0.1

Full Changelog

  • FIX: correct 'new' travis config to properly deploy. See #6452. Thanks to Arthur Cinader.
  • FIX: Better message on not allowed to protect default fields. See #6439.Thanks to Old Grandpa

4.0

Full Changelog

Special Note on Upgrading to Parse Server 4.0.0 and above

In addition to the breaking changes noted below, #5634 introduces a two new case insensitive indexes on the User collection. Special care should be taken when upgrading to this version to ensure that:

  1. The new indexes can be successfully created (see issue #6465 for details on a potential issue for your installation).

  2. Care is taken ensure that there is adequate compute capacity to create the index in the background while still servicing requests.

3.10.0

Full Changelog

3.9.0

Full Changelog

3.8.0

Full Changelog

Breaking Changes:

  • If you are running Parse Server on top of a MongoDB deployment which does not fit the Retryable Writes Requirements, you will have to add retryWrites=false to your connection string in order to upgrade to Parse Server 3.8.

3.7.2

Full Changelog

  • FIX: Live Query was failing on release 3.7.1

3.7.1

Full Changelog

3.7.0

Full Changelog

3.6.0

Full Changelog

3.5.0

Full Changelog

GraphQL Guide

3.4.4

Full Changelog

Fix: Commit changes

3.4.3

Full Changelog

Fix: Use changes in master to travis configuration to enable pushing to npm and gh_pages. See diff for details.

3.4.2

Full Changelog

Fix: In my haste to get a Security Fix out, I added 8709daf to master instead of to 3.4.1. This commit fixes that. Arthur Cinader

3.4.1

Full Changelog

Security Fix: see Advisory: GHSA-2479-qvv7-47q for details 8709daf. Big thanks to: Benjamin Simonsson for identifying the issue and promptly bringing it to the Parse Community's attention and also big thanks to the indefatigable Diamond Lewis for crafting a failing test and then a solution within an hour of the report.

3.4.0

Full Changelog

3.3.0

Full Changelog

3.2.3

Full Changelog

  • Correct previous release with patch that is fully merged

3.2.2

Full Changelog

  • Security fix to properly process userSensitiveFields when parse-server is started with ../lib/cli/parse-server #5463

3.2.1

Full Changelog

  • Increment package.json version to match the deployment tag

3.2.0

Full Changelog

  • NEW: Support accessing sensitive fields with an explicit ACL. Not documented yet, see tests for examples
  • Upgrade Parse SDK JS to 2.3.1 #5457
  • Hides token contents in logStartupOptions if they arrive as a buffer #6a9380
  • Support custom message for password requirements #5399
  • Support for Ajax password reset #5332
  • Postgres: Refuse to build unsafe JSON lists for contains #5337
  • Properly handle return values in beforeSave #5228
  • Fixes issue when querying user roles #5276
  • Fixes issue affecting update with CLP #5269

3.1.3

Full Changelog

  • Postgres: Fixes support for global configuration
  • Postgres: Fixes support for numeric arrays
  • Postgres: Fixes issue affecting queries on empty arrays
  • LiveQuery: Adds support for transmitting the original object
  • Queries: Use estimated count if query is empty
  • Docker: Reduces the size of the docker image to 154Mb

3.1.2

Full Changelog

  • Removes dev script, use TDD instead of server.
  • Removes nodemon and problematic dependencies.
  • Addressed event-stream security debacle.

3.1.1

Full Changelog

Improvements:

  • Fixes issue that would prevent users with large number of roles to resolve all of them Antoine Cormouls (#5131, #5132)
  • Fixes distinct query on special fields (#5144)

3.1.0

Full Changelog

Breaking Changes:

  • Return success on sendPasswordResetEmail even if email not found. (#7fe4030)

Security Fix:

  • Expire password reset tokens on email change (#5104)

Improvements:

  • Live Query CLPs (#4387)
  • Reduces number of calls to injectDefaultSchema (#5107)
  • Remove runtime dependency on request (#5076)

Bug fixes:

  • Fixes issue with vkontatke authentication (#4977)
  • Use the correct function when validating google auth tokens (#5018)
  • fix unexpected 'delete' trigger issue on LiveQuery (#5031)
  • Improves performance for roles and ACL's in live query server (#5126)

3.0.0

Full Changelog

parse-server 3.0.0 comes with brand new handlers for cloud code. It now fully supports promises and async / await. For more informations, visit the v3.0.0 migration guide.

Breaking changes:

  • Cloud Code handlers have a new interface based on promises.
  • response.success / response.error are removed in Cloud Code
  • Cloud Code runs with Parse-SDK 2.0
  • The aggregate now require aggregates to be passed in the form: {"pipeline": [...]} (REST Only)

Improvements:

  • Adds Pipeline Operator to Aggregate Router.
  • Adds documentations for parse-server's adapters, constructors and more.
  • Adds ability to pass a context object between beforeSave and afterSave affecting the same object.

Bug Fixes:

  • Fixes issue that would crash the server when mongo objects had undefined values #4966
  • Fixes issue that prevented ACL's from being used with select (see #571)

Dependency updates:

Devevelopment Dependencies Updates:

2.8.4

Full Changelog

Improvements:

  • Adds ability to forward errors to express handler (#4697)
  • Adds ability to increment the push badge with an arbitrary value (#4889)
  • Adds ability to preserve the file names when uploading (#4915)
  • _User now follow regular ACL policy. Letting administrator lock user out. (#4860) and (#4898)
  • Ensure dates are properly handled in aggregates (#4743)
  • Aggregates: Improved support for stages sharing the same name
  • Add includeAll option
  • Added verify password to users router and tests. (#4747)
  • Ensure read preference is never overriden, so DB config prevails (#4833)
  • add support for geoWithin.centerSphere queries via withJSON (#4825)
  • Allow sorting an object field (#4806)
  • Postgres: Don't merge JSON fields after save() to keep same behaviour as MongoDB (#4808) (#4815)

Dependency updates

Devevelopment Dependencies Updates:

2.8.3

Full Changelog

Improvements:

  • Adds support for JS SDK 2.0 job status header
  • Removes npm-git scripts as npm supports using git repositories that build, thanks to Florent Vilmart

2.8.2

Full Changelog

Bug Fixes:
  • Ensure legacy users without ACL's are not locked out, thanks to Florent Vilmart

Improvements:

  • Use common HTTP agent to increase webhooks performance, thanks to Tyler Brock
  • Adds withinPolygon support for Polygon objects, thanks to Mads Bjerre

Dependency Updates:

Devevelopment Dependencies Updates:

2.8.1

Full Changelog

Ensure all the files are properly exported to the final package.

2.8.0

Full Changelog

New Features

Bug fixes:

  • Fixes issue when using afterFind with relations (#4752), thanks to Florent Vilmart
  • New query condition support to match all strings that starts with some other given strings (#3864), thanks to Eduard Bosch Bertran
  • Allow creation of indices on default fields (#4738), thanks to Claire Neveu
  • Purging empty class (#4676), thanks to Diamond Lewis
  • Postgres: Fixes issues comparing to zero or false (#4667), thanks to Diamond Lewis
  • Fix Aggregate Match Pointer (#4643), thanks to Diamond Lewis

Improvements:

  • Allow Parse.Error when returning from Cloud Code (#4695), thanks to Saulo Tauil
  • Fix typo: "requrest" -> "request" (#4761), thanks to Joseph Frazier
  • Send version for Vkontakte API (#4725), thanks to oleg
  • Ensure we respond with invalid password even if email is unverified (#4708), thanks to dblythy
  • Add _password_history to default sensitive data (#4699), thanks to Jong Eun Lee
  • Check for node version in postinstall script (#4657), thanks to Diamond Lewis
  • Remove FB Graph API version from URL to use the oldest non deprecated version, thanks to SebC

Dependency Updates:

Devevelopment Dependencies Updates:

2.7.4

Full Changelog

Bug Fixes:

  • Fixes an issue affecting polygon queries, thanks to Diamond Lewis

Dependency Updates:

Development Dependencies Updates:

2.7.3

Full Changelog

Improvements:

  • Improve documentation for LiveQuery options, thanks to Arthur Cinader
  • Improve documentation for using cloud code with docker, thanks to Stephen Tuso
  • Adds support for Facebook's AccountKit, thanks to 6thfdwp
  • Disable afterFind routines when running aggregates, thanks to Diamond Lewis
  • Improve support for distinct aggregations of nulls, thanks to Diamond Lewis
  • Regenreate the email verification token when requesting a new email, thanks to Benjamin Wilson Friedman

Bug Fixes:

  • Fix issue affecting readOnly masterKey and purge command, thanks to AreyouHappy
  • Fixes Issue unsetting in beforeSave doesn't allow object creation, thanks to Diamond Lewis
  • Fixes issue crashing server on invalid live query payload, thanks to fridays
  • Fixes issue affecting postgres storage adapter "undefined property '__op'", thanks to Tyson Andre

Dependency Updates:

Devevelopment Dependencies Updates:

2.7.2

Full Changelog

Improvements:

  • Improved match aggregate
  • Do not mark the empty push as failed
  • Support pointer in aggregate query
  • Introduces flow types for storage
  • Postgres: Refactoring of Postgres Storage Adapter
  • Postgres: Support for multiple projection in aggregate
  • Postgres: performance optimizations
  • Adds infos about vulnerability disclosures
  • Adds ability to login with email when provided as username

Bug Fixes

  • Scrub Passwords with URL Encoded Characters
  • Fixes issue affecting using sorting in beforeFind

Dependency Updates:

Devevelopment Dependencies Updates:

2.7.1

Full Changelog

⚠️ Fixes a security issue affecting Class Level Permissions

2.7.0

Full Changelog

⚠️ This version contains an issue affecting Class Level Permissions on mongoDB. Please upgrade to 2.7.1.

Starting parse-server 2.7.0, the minimun nodejs version is 6.11.4, please update your engines before updating parse-server

New Features:

Bug fixes:

  • Fixes sessionTokens being overridden in 'find' (#4332), thanks to Benjamin Wilson Friedman
  • Proper handleShutdown() feature to close database connections (#4361), thanks to CHANG, TZU-YEN
  • Fixes issue affecting state of _PushStatus objects, thanks to Benjamin Wilson Friedman
  • Fixes issue affecting calling password reset password pages with wrong appid, thanks to Bryan de Leon
  • Fixes issue affecting duplicates _Sessions on successive logins, thanks to Florent Vilmart

Improvements:

Dependency Updates:

Devevelopment Dependencies Updates:

2.6.5

Full Changelog

New Features:

  • Adds support for read-only masterKey, thanks to Florent Vilmart
  • Adds support for relative time queries (mongodb only), thanks to Marvel Mathew

Improvements:

Bug Fixes:

  • The REST API key was improperly inferred from environment when using the CLI, thanks to Florent Vilmart

2.6.4

Full Changelog

Improvements:

Bug Fixes:

Dependency Updates:

Devevelopment Dependencies Updates:

2.6.3

Full Changelog

Improvements:

  • Queries on Pointer fields with $in and $nin now supports list of objectId's, thanks to Florent Vilmart
  • LiveQueries on $in and $nin for pointer fields work as expected thanks to Florent Vilmart
  • Also remove device token when APNS error is BadDeviceToken, thanks to Mauricio Tollin
  • LRU cache is not available on the ParseServer object, thanks to Tyler Brock
  • Error messages are more expressive, thanks to Tyler Brock
  • Postgres: Properly handle undefined field values, thanks to Diamond Lewis
  • Updating with two GeoPoints fails correctly, thanks to Anthony Mosca

New Features:

  • Adds ability to set a maxLimit on server configuration for queries, thanks to Chris Norris

Bug fixes:

  • Fixes issue affecting reporting _PushStatus with misconfigured serverURL, thanks to Florent Vilmart
  • Fixes issue affecting deletion of class that doesn't exist, thanks to Diamond Lewis

Dependency Updates:

Devevelopment Dependencies Updates:

2.6.2

Full Changelog

Improvements:

  • PushWorker/PushQueue channels are properly prefixed with the Parse applicationId, thanks to Marvel Mathew
  • You can use Parse.Cloud.afterSave hooks on _PushStatus
  • You can use Parse.Cloud.onLiveQueryEvent to track the number of clients and subscriptions
  • Adds support for more fields from the Audience class.

New Features:

  • Push: Adds ability to track sentPerUTC offset if your push scheduler supports it.
  • Push: Adds support for cleaning up invalid deviceTokens from _Installation (PARSE_SERVER_CLEANUP_INVALID_INSTALLATIONS=1).

Dependency Updates:

Devevelopment Dependencies Updates:

2.6.1

Full Changelog

Improvements:

  • Improves overall performance of the server, more particularly with large query results.
  • Improves performance of InMemoryCacheAdapter by removing serialization.
  • Improves logging performance by skipping necessary log calls.
  • Refactors object routers to simplify logic.
  • Adds automatic indexing on $text indexes, thanks to Diamon Lewis

New Features:

  • Push: Adds ability to send localized pushes according to the _Installation localeIdentifier
  • Push: proper support for scheduling push in user's locale time, thanks to Marvel Mathew
  • LiveQuery: Adds ability to use LiveQuery with a masterKey, thanks to Jeremy May

Bug Fixes:

  • Fixes an issue that would duplicate Session objects per userId-installationId pair.
  • Fixes an issue affecting pointer permissions introduced in this release.
  • Fixes an issue that would prevent displaying audiences correctly in dashboard.
  • Fixes an issue affecting preventLoginWithUnverifiedEmail upon signups.

Dependency Updates:

Devevelopment Dependencies Updates:

2.6.0

Full Changelog

Breaking Changes:

  • [email protected]: A new deprecation notice is introduced with parse-server-s3-adapter's version 1.2.0. An upcoming release will remove passing key and password arguments. AWS credentials should be set using AWS best practices. See the Deprecation Notice for AWS credentials section of the adapter's README.

New Features

Improvements

  • Postgres: Adds support nested contains and containedIn, thanks to Diamond Lewis
  • Postgres: Adds support for null in containsAll queries, thanks to Diamond Lewis
  • Cloud Code: Request headers are passed to the cloud functions, thanks to miguel-s
  • Push: All push queries now filter only where deviceToken exists

Bug Fixes:

  • Fixes issue affecting updates of _User objects when authData was passed.
  • Push: Pushing to an empty audience should now properly report a failed _PushStatus
  • Linking Users: Fixes issue affecting linking users with sessionToken only

Dependency Updates:

Devevelopment Dependencies Updates:

2.5.3

Full Changelog

New Features:

  • badge property on android installations will now be set as on iOS (#3970), thanks to Florent Vilmart

Bug Fixes:

  • Fixes incorrect number parser for cache options

2.5.2

Full Changelog

Improvements:

  • Restores ability to run on node >= 4.6
  • Adds ability to configure cache from CLI
  • Removes runtime check for node >= 4.6

2.5.1

Full Changelog

New Features:

  • Adds ability to set default objectId size (#3950), thanks to Steven Shipton

Improvements:

  • Uses LRU cache instead of InMemoryCache by default (#3979), thanks to Florent Vilmart
  • iOS pushes are now using HTTP/2.0 instead of binary API (#3983), thanks to Florent Vilmart

Dependency Updates:

2.5.0

Full Changelog

New Features:

  • Adds ability to run full text search (#3904), thanks to Diamond Lewis
  • Adds ability to run $withinPolygon queries (#3889), thanks to Diamond Lewis
  • Adds ability to pass read preference per query with mongodb (#3865), thanks to davimacedo
  • beforeFind trigger now includes isGet for get queries (#3862), thanks to davimacedo
  • Adds endpoints for dashboard's audience API (#3861), thanks to davimacedo
  • Restores the job scheduling endpoints (#3927), thanks to Florent Vilmart

Improvements:

  • Removes unnecessary warning when using maxTimeMs with mongodb, thanks to Tyler Brock
  • Improves access control on system classes (#3916), thanks to Worathiti Manosroi
  • Adds bytes support in postgres (#3894), thanks to Diamond Lewis

Bug Fixes:

  • Fixes issue with vkontakte adapter that would hang the request, thanks to Denis Trofimov
  • Fixes issue affecting null relational data (#3924), thanks to davimacedo
  • Fixes issue affecting session token deletion (#3937), thanks to Florent Vilmart
  • Fixes issue affecting the serverInfo endpoint (#3933), thanks to Florent Vilmart
  • Fixes issue affecting beforeSave with dot-noted sub-documents (#3912), thanks to IlyaDiallo
  • Fixes issue affecting emails being sent when using a 3rd party auth (#3882), thanks to davimacedo

Dependency Updates:

Devevelopment dependencies

2.4.2

Full Changelog

New Features:

Improvements:

Bug fixes:

Dependency Updates:

2.4.1

Full Changelog

Bug fixes:

Dependency Updates:

2.4.0

Full Changelog

Starting 2.4.0, parse-server is tested against node 6.10 and 7.10, mongodb 3.2 and 3.4. If you experience issues with older versions, please open a issue.

New Features:

Improvements

Bug Fixes:

Dependency Updates:

Devevelopment dependencies

2.3.8

Full Changelog

New Features

  • Support for PG-Promise options, thanks to ren dong

Improvements

Bug Fixes

  • Fixes issue affecting GeoPoint __type with Postgres, thanks to zhoul-HS
  • Prevent user creation if username or password is empty, thanks to Wissam Abirached

Dependency Updates:

2.3.7

Full Changelog

New Features

  • New endpoint to resend verification email, thanks to Xy Ziemba

Improvements

Bug Fixes

  • Add index on Role.name, fixes (#3579), thanks to Natan Rolnik
  • Fix default value of userSensitiveFields, fixes (#3593), thanks to Arthur Cinader

Dependency Updates:

2.3.6

Full Changelog

Improvements

Bug Fixes

Dependencies updates:

2.3.5

Full Changelog

Bug Fixes

  • Allow empty client key (#3497), thanks to Arthur Cinader
  • Fix LiveQuery unsafe user (#3525), thanks to David Starke
  • Use flushdb instead of flushall in RedisCacheAdapter (#3523), thanks to Jeremy Louie
  • Fix saving GeoPoints and Files in _GlobalConfig (Make sure we don't treat dot notation keys as topLevel atoms) (#3531), thanks to Florent Vilmart

2.3.3

Full Changelog

Breaking Changes

Bug Fixes

  • Add logging on failure to create file (#3424), thanks to Arthur Cinader
  • Log Parse Errors so they are intelligible (#3431), thanks to Arthur Cinader
  • MongoDB $or Queries avoid SERVER-13732 bug (#3476), thanks to Jack Wearden
  • Mongo object to Parse object date serialization - avoid re-serialization of iso of type Date (#3389), thanks to nodechefMatt

Improvements

  • Ground preparations for push scalability (#3080), thanks to Florent Vilmart
  • Use uWS as optional dependency for ws server (#3231), thanks to Florent Vilmart

2.3.2

Full Changelog

New features

  • Add parseFrameURL for masking user-facing pages (#3267), thanks to Lenart Rudel

Bug fixes

  • Fix Parse-Server to work with winston-daily-rotate-1.4.2 (#3335), thanks to Arthur Cinader

Improvements

  • Add support for regex string for password policy validatorPattern setting (#3331), thanks to Bhaskar Reddy Yasa
  • LiveQuery should match subobjects with dot notation (#3322), thanks to David Starke
  • Reduce time to process high number of installations for push (#3264), thanks to jeacott1
  • Fix trivial typo in error message (#3238), thanks to Arthur Cinader

2.3.1

Full Changelog

A major issue was introduced when refactoring the authentication modules. This release addresses only that issue.

2.3.0

Full Changelog

Breaking changes

New Features

  • Adds ability to restrict access through Class Level Permissions to only authenticated users see docs
  • Adds ability to strip sensitive data from _User responses, strips emails by default, thanks to Arthur Cinader
  • Adds password history support for password policies, thanks to Bhaskar Reddy Yasa

Improvements

  • Bump parse-server-s3-adapter to 1.0.6, thanks to Arthur Cinader
  • Using PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS let you create user sessions when passing {installationId: "xxx-xxx"} on signup in cloud code, thanks to Florent Vilmart
  • Add CLI option to pass host parameter when creating parse-server from CLI, thanks to Kulshekhar Kabra

Bug fixes

  • Ensure batch routes are only using posix paths, thanks to Steven Shipton
  • Ensure falsy options from CLI are properly taken into account, thanks to Steven Shipton
  • Fixes issues affecting calls to matchesKeyInQuery with pointers.
  • Ensure that select keys can be changed in triggers (beforeFind...), thanks to Arthur Cinader

Housekeeping

2.2.25

Postgres support requires v9.5

New Features

Improvements

Bug Fixes

  • Fixes issue when sending push to multiple installations, thanks to Florent Vilmart
  • Fixes issues with twitter authentication, thanks to jonas-db
  • Ignore createdAt fields update, thanks to Yuki Takeichi
  • Improve support for array equality with LiveQuery, thanks to David Poetzsch-Heffter
  • Improve support for batch endpoint when serverURL and publicServerURL have different paths, thanks to Florent Vilmart
  • Support saving relation objects, thanks to Yuki Takeichi

2.2.24

New Features

  • LiveQuery: Bring your own adapter (#2902), thanks to Florent Vilmart
  • LiveQuery: Adds "update" operator to update a query subscription (#2935), thanks to Florent Vilmart

Improvements

Bug Fixes

  • Better support for checking application and client keys, thanks to Steven Shipton
  • Google OAuth, better support for android and web logins, thanks to Florent Vilmart

2.2.23

Bug fixes

  • Fix error when updating installation with useMasterKey (#2888), thanks to Jeremy Louie
  • Fix bug affecting usage of multiple notEqualTo, thanks to Jeremy Louie
  • Improved support for null values in arrays, thanks to Florent Vilmart

2.2.22

  • Minimum nodejs engine is now 4.5

New Features

Bug fixes

  • Fix: Include with pointers are not conflicting with get CLP anymore, thanks to Florent Vilmart
  • Fix: Removes dependency on babel-polyfill, thanks to Florent Vilmart
  • Fix: Support nested select calls, thanks to Florent Vilmart
  • Fix: Use native column selection instead of runtime, thanks to Florent Vilmart
  • Fix: installationId header is properly used when updating _Installation objects, thanks to Florent Vilmart
  • Fix: don't crash parse-server on improperly formatted live-query messages, thanks to Florent Vilmart
  • Fix: Passwords are properly stripped out of logs, thanks to Arthur Cinader
  • Fix: Lookup for email in username if email is not set, thanks to Florent Vilmart

2.2.21

  • Fix: Reverts removal of babel-polyfill

2.2.20

  • New: Adds CloudCode handler for beforeFind, thanks to Florent Vilmart
  • New: RedisCacheAdapter for syncing schema, role and user caches across servers, thanks to Florent Vilmart
  • New: Latest master build available at ParsePlatform/parse-server#latest, thanks to Florent Vilmart
  • Fix: Better support for upgradeToRevocableSession with missing session token, thanks to Florent Vilmart
  • Fix: Removes babel-polyfill runtime dependency, thanks to Florent Vilmart
  • Fix: Cluster option now support a boolean value for automatically choosing the right number of processes, thanks to Florent Vilmart
  • Fix: Filenames now appear correctly, thanks to Lama Chandrasena
  • Fix: _acl is properly updated, thanks to Steven Shipton

Other fixes by Mathias Rangel Wulff

2.2.19

  • New: support for upgrading to revocable sessions, thanks to Florent Vilmart
  • New: NullCacheAdapter for disabling caching, thanks to Yuki Takeichi
  • New: Account lockout policy #2601, thanks to Diwakar Cherukumilli
  • New: Jobs endpoint for defining and run jobs (no scheduling), thanks to Florent Vilmart
  • New: Add --cluster option to the CLI, thanks to Florent Vilmart
  • New: Support for login with vk.com, thanks to Nurdaulet Bolatov
  • New: experimental support for postgres databases, thanks to Florent Vilmart
  • Fix: parse-server doesn't call next() after successful responses, thanks to Florent Vilmart
  • Fix: Nested objects are properly includeed with Pointer Permissions on, thanks to Florent Vilmart
  • Fix: null values in include calls are properly handled, thanks to Florent Vilmart
  • Fix: Schema validations now runs after beforeSave hooks, thanks to Florent Vilmart
  • Fix: usersname and passwords are properly type checked, thanks to Bam Wang
  • Fix: logging in info log would log also in error log, thanks to Florent Vilmart
  • Fix: removes extaneous logging from ParseLiveQueryServer, thanks to Flavio Torres
  • Fix: support for Range requests for files, thanks to Brage G. Staven

2.2.18

  • Fix: Improve support for objects in push alert, thanks to Antoine Lenoir
  • Fix; Prevent pointed from getting clobbered when they are changed in a beforeSave, thanks to sud
  • Fix: Improve support for "Bytes" type, thanks to CongHoang
  • Fix: Better logging compatability with Parse.com, thanks to Arthur Cinader
  • New: Add Janrain Capture and Janrain Engage auth provider, thanks to Andrew Lane
  • Improved: Include content length header in files response, thanks to Steven Van Bael
  • Improved: Support byte range header for files, thanks to Brage G. Staven
  • Improved: Validations for LinkedIn access_tokens, thanks to Felix Dumit
  • Improved: Experimental postgres support, thanks to Florent Vilmart
  • Perf: Use native bcrypt implementation if available, thanks to Florent Vilmart

2.2.17 (07/23/2016)

Full Changelog

2.2.16 (7/10/2016)

  • New: Expose InMemoryCacheAdapter publicly, thanks to Steven Shipton
  • New: Add ability to prevent login with unverified email, thanks to Diwakar Cherukumilli
  • Improved: Better error message for incorrect type, thanks to Andrew Lane
  • Improved: Better error message for permission denied, thanks to Blayne Chard
  • Improved: Update authData on login, thanks to Florent Vilmart
  • Improved: Ability to not check for old files on Parse.com, thanks to OzgeAkin
  • Fix: Issues with email adapter validation, thanks to Tyler Brock
  • Fix: Issues with nested $or queries, thanks to Florent Vilmart

2.2.15 (6/30/2016)

  • Fix: Type in description for Parse.Error.INVALID_QUERY, thanks to Andrew Lane
  • Improvement: Stop requiring verifyUserEmails for password reset functionality, thanks to Tyler Brock
  • Improvement: Kill without validation, thanks to Drew Gross
  • Fix: Deleting a file does not delete from fs.files, thanks to David Keita
  • Fix: Postgres stoage adapter fix, thanks to Vitaly Tomilov
  • Fix: Results invalid session when providing an invalid session token, thanks to Florent Vilmart
  • Fix: issue creating an anonymous user, thanks to Hussam Moqhim
  • Fix: make http response serializable, thanks to Florent Vilmart
  • New: Add postmark email adapter alternative Glenn Reyes

2.2.14 (6/25/2016)

  • Hotfix: Fix Parse.Cloud.HTTPResponse serialization

2.2.13 (6/12/2016)

  • Hotfix: Pin version of deepcopy

2.2.12 (6/9/2016)

  • New: Custom error codes in cloud code response.error, thanks to Jeremy Pease
  • Fix: Crash in beforeSave when response is not an object, thanks to Tyler Brock
  • Fix: Allow "get" on installations
  • Fix: Fix overly restrictive Class Level Permissions, thanks to Florent Vilmart
  • Fix: Fix nested date parsing in Cloud Code, thanks to Marco Cheung
  • Fix: Support very old file formats from Parse.com

2.2.11 (5/31/2016)

  • Security: Censor user password in logs, thanks to Marco Cheung
  • New: Add PARSE_SERVER_LOGS_FOLDER env var for setting log folder, thanks to KartikeyaRokde
  • New: Webhook key support, thanks to Tyler Brock
  • Perf: Add cache adapter and default caching of certain objects, thanks to Blayne Chard
  • Improvement: Better error messages for schema type mismatches, thanks to Jeremy Pease
  • Improvement: Better error messages for reset password emails
  • Improvement: Webhook key support in CLI, thanks to Tyler Brock
  • Fix: Remove read only fields when using beforeSave, thanks to Tyler Brock
  • Fix: Use content type provided by JS SDK, thanks to Blayne Chard and Florent Vilmart
  • Fix: Tell the dashboard the stored push data is available, thanks to Jeremy Pease
  • Fix: Add support for HTTP Basic Auth, thanks to Hussam Moqhim
  • Fix: Support for MongoDB version 3.2.6, (note: do not use MongoDB 3.2 with migrated apps that still have traffic on Parse.com), thanks to Tyler Brock
  • Fix: Prevent pm2 from crashing when push notifications fail, thanks to benishak
  • Fix: Add full list of default _Installation fields, thanks to Jeremy Pease
  • Fix: Strip objectId out of hooks responses, thanks to Tyler Brock
  • Fix: Fix external webhook response format, thanks to Tyler Brock
  • Fix: Fix beforeSave when object is passed to success, thanks to Madhav Bhagat
  • Fix: Remove use of deprecated APIs, thanks to Emad Ehsan
  • Fix: Crash when multiple Parse Servers on the same machine try to write to the same logs folder, thanks to Steven Shipton
  • Fix: Various issues with key names in Parse.Objects
  • Fix: Treat Bytes type properly
  • Fix: Caching bugs that caused writes by masterKey or other session token to not show up to users reading with a different session token
  • Fix: Pin mongo driver version, preventing a regression in version 2.1.19
  • Fix: Various issues with pointer fields not being treated properly
  • Fix: Issues with pointed getting un-fetched due to changes in beforeSave
  • Fix: Fixed crash when deleting classes that have CLPs

2.2.10 (5/15/2016)

  • Fix: Write legacy ACLs to Mongo so that clients that still go through Parse.com can read them, thanks to Tyler Brock and carmenlau
  • Fix: Querying installations with limit = 0 and count = 1 now works, thanks to ssk7833
  • Fix: Return correct error when violating unique index, thanks to Marco Cheung
  • Fix: Allow unsetting user's email, thanks to Marco Cheung
  • New: Support for Node 6.1

2.2.9 (5/9/2016)

  • Fix: Fix a regression that caused Parse Server to crash when a null parameter is passed to a Cloud function

2.2.8 (5/8/2016)

  • New: Support for Pointer Permissions
  • New: Expose logger in Cloud Code
  • New: Option to revoke sessions on password reset
  • New: Option to expire inactive sessions
  • Perf: Improvements in ACL checking query
  • Fix: Issues when sending pushes to list of devices that contains invalid values
  • Fix: Issues caused by using babel-polyfill outside of Parse Server, but in the same express app
  • Fix: Remove creation of extra session tokens
  • Fix: Return authData when querying with master key
  • Fix: Bugs when deleting webhooks
  • Fix: Ignore _RevocableSession header, which might be sent by the JS SDK
  • Fix: Issues with querying via URL params
  • Fix: Properly encode "Date" parameters to cloud code functions

2.2.7 (4/15/2016)

2.2.6 (4/5/2016)

2.2.5 (4/4/2016)

2.2.4 (3/29/2016)

  • Hotfix: fixed imports issue for S3Adapter, GCSAdapter, FileSystemAdapter #1263 (drew-gross
  • Fix: Clean null authData values on _User update #1199 (yuzeh)

2.2.3 (3/29/2016)

2.2.2 (3/23/2016)

  • Important Fix: Mounts createLiveQueryServer, fix babel induced problem #1153 (flovilmart)
  • Move ParseServer to it's own file #1166 (flovilmart)
  • Update README.md * remove deploy buttons * replace with community links #1139 (drew-gross)
  • Adds bootstrap.sh #1138 (flovilmart)
  • Fix: Do not override username #1142 (flovilmart)
  • Fix: Add pushId back to GCM payload #1168 (wangmengyan95)

2.2.1 (3/22/2016)

  • New: Add FileSystemAdapter file adapter #1098 (dtsolis)
  • New: Enabled CLP editing #1128 (drew-gross)
  • Improvement: Reduces the number of connections to mongo created #1111 (flovilmart)
  • Improvement: Make ParseServer a class #980 (flovilmart)
  • Fix: Adds support for plain object in $add, $addUnique, $remove #1114 (flovilmart)
  • Fix: Generates default CLP, freezes objects #1132 (flovilmart)
  • Fix: Properly sets installationId on creating session with 3rd party auth #1110 (flovilmart)

2.2.0 (3/18/2016)

  • New Feature: Real-time functionality with Live Queries! #1092 (wangmengyan95)
  • Improvement: Push Status API #1004 (flovilmart)
  • Improvement: Allow client operations on Roles #1068 (flovilmart)
  • Improvement: Add URI encoding to mongo auth parameters #986 (bgw)
  • Improvement: Adds support for apps key in config file, but only support single app for now #979 (flovilmart)
  • Documentation: Getting Started and Configuring Parse Server #988 (hramos)
  • Fix: Various edge cases with REST API #1066 (flovilmart)
  • Fix: Makes sure the location in results has the proper objectId #1065 (flovilmart)
  • Fix: Third-party auth is properly removed when unlinked #1081 (flovilmart)
  • Fix: Clear the session-user cache when changing _User objects #1072 (gfosco)
  • Fix: Bug related to subqueries on unfetched objects #1046 (flovilmart)
  • Fix: Properly urlencode parameters for email validation and password reset #1001 (flovilmart)
  • Fix: Better sanitization/decoding of object data for afterSave triggers #992 (flovilmart)
  • Fix: Changes default encoding for httpRequest #892 (flovilmart)

2.1.6 (3/11/2016)

  • Improvement: Full query support for badge Increment (#931) #983 (flovilmart)
  • Improvement: Shutdown standalone parse server gracefully #958 (raulr)
  • Improvement: Add database options to ParseServer constructor and pass to MongoStorageAdapter #956 (steven-supersolid)
  • Improvement: AuthData logic refactor #952 (flovilmart)
  • Improvement: Changed FileLoggerAdapterSpec to fail gracefully on Windows #946 (aneeshd16)
  • Improvement: Add new schema collection type and replace all usages of direct mongo collection for schema operations. #943 (nlutsenko)
  • Improvement: Adds CLP API to Schema router #898 (flovilmart)
  • Fix: Cleans up authData null keys on login for android crash #978 (flovilmart)
  • Fix: Do master query for before/afterSaveHook #959 (wangmengyan95)
  • Fix: re-add shebang #944 (flovilmart)
  • Fix: Added test command for Windows support #886 (aneeshd16)

2.1.5 (3/9/2016)

  • New: FileAdapter for Google Cloud Storage #708 (mcdonamp)
  • Improvement: Minimize extra schema queries in some scenarios. #919 (Marco129)
  • Improvement: Move DatabaseController and Schema fully to adaptive mongo collection. #909 (nlutsenko)
  • Improvement: Cleanup PushController/PushRouter, remove raw mongo collection access. #903 (nlutsenko)
  • Improvement: Increment badge the right way #902 (flovilmart)
  • Improvement: Migrate ParseGlobalConfig to new database storage API. #901 (nlutsenko)
  • Improvement: Improve delete flow for non-existent _Join collection #881 (Marco129)
  • Improvement: Adding a role scenario test for issue 827 #878 (gfosco)
  • Improvement: Test empty authData block on login for #413 #863 (gfosco)
  • Improvement: Modified the npm dev script to support Windows #846 (aneeshd16)
  • Improvement: Move HooksController to use MongoCollection instead of direct Mongo access. #844 (nlutsenko)
  • Improvement: Adds public_html and views for packaging #839 (flovilmart)
  • Improvement: Better support for windows builds #831 (flovilmart)
  • Improvement: Convert Schema.js to ES6 class. #826 (nlutsenko)
  • Improvement: Remove duplicated instructions #816 (hramos)
  • Improvement: Completely migrate SchemasRouter to new MongoCollection API. #794 (nlutsenko)
  • Fix: Do not require where clause in $dontSelect condition on queries. #925 (nlutsenko)
  • Fix: Make sure that ACLs propagate to before/after save hooks. #924 (nlutsenko)
  • Fix: Support params option in Parse.Cloud.httpRequest. #912 (carmenlau)
  • Fix: Fix flaky Parse.GeoPoint test. #908 (nlutsenko)
  • Fix: Handle legacy _client_permissions key in _SCHEMA. #900 (drew-gross)
  • Fix: Fixes bug when querying equalTo on objectId and relation #887 (flovilmart)
  • Fix: Allow crossdomain on filesRouter #876 (flovilmart)
  • Fix: Remove limit when counting results. #867 (gfosco)
  • Fix: beforeSave changes should propagate to the response #865 (gfosco)
  • Fix: Delete relation field when _Join collection not exist #864 (Marco129)
  • Fix: Related query on non-existing column #861 (gfosco)
  • Fix: Update markdown in .github/ISSUE_TEMPLATE.md #859 (igorshubovych)
  • Fix: Issue with creating wrong _Session for Facebook login #857 (tobernguyen)
  • Fix: Leak warnings in tests, use mongodb-runner from node_modules #843 (drew-gross)
  • Fix: Reversed roles lookup #841 (flovilmart)
  • Fix: Improves loading of Push Adapter, fix loading of S3Adapter #833 (flovilmart)
  • Fix: Add field to system schema #828 (Marco129)

2.1.4 (3/3/2016)

  • New: serverInfo endpoint that returns server version and info about the server's features
  • Improvement: Add support for badges on iOS
  • Improvement: Improve failure handling in cloud code http requests
  • Improvement: Add support for queries on pointers and relations
  • Improvement: Add support for multiple $in clauses in a query
  • Improvement: Add allowClientClassCreation config option
  • Improvement: Allow atomically setting subdocument keys
  • Improvement: Allow arbitrarily deeply nested roles
  • Improvement: Set proper content-type in S3 File Adapter
  • Improvement: S3 adapter auto-creates buckets
  • Improvement: Better error messages for many errors
  • Performance: Improved algorithm for validating client keys
  • Experimental: Parse Hooks and Hooks API
  • Experimental: Email verification and password reset emails
  • Experimental: Improve compatability of logs feature with Parse.com
  • Fix: Fix for attempting to delete missing classes via schemas API
  • Fix: Allow creation of system classes via schemas API
  • Fix: Allow missing where cause in $select
  • Fix: Improve handling of invalid object ids
  • Fix: Replace query overwriting existing query
  • Fix: Propagate installationId in cloud code triggers
  • Fix: Session expiresAt is now a Date instead of a string
  • Fix: Fix count queries
  • Fix: Disallow _Role objects without names or without ACL
  • Fix: Better handling of invalid types submitted
  • Fix: beforeSave will not be triggered for attempts to save with invalid authData
  • Fix: Fix duplicate device token issues on Android
  • Fix: Allow empty authData on signup
  • Fix: Allow Master Key Headers (CORS)
  • Fix: Fix bugs if JavaScript key was not provided in server configuration
  • Fix: Parse Files on objects can now be stored without URLs
  • Fix: allow both objectId or installationId when modifying installation
  • Fix: Command line works better when not given options

2.1.3 (2/24/2016)

  • Feature: Add initial support for in-app purchases
  • Feature: Better error messages when attempting to run the server on a port that is already in use or without a server URL
  • Feature: Allow customization of max file size
  • Performance: Faster saves if not using beforeSave triggers
  • Fix: Send session token in response to current user endpoint
  • Fix: Remove triggers for _Session collection
  • Fix: Improve compatability of cloud code beforeSave hook for newly created object
  • Fix: ACL creation for master key only objects
  • Fix: Allow uploading files without Content-Type
  • Fix: Add features to http request to match Parse.com
  • Fix: Bugs in development script when running from locations other than project root
  • Fix: Can pass query constraints in URL
  • Fix: Objects with legacy "_tombstone" key now don't cause issues.
  • Fix: Allow nested keys in objects to begin with underscores
  • Fix: Allow correct headers for CORS

2.1.2 (2/19/2016)

  • Change: The S3 file adapter constructor requires a bucket name
  • Fix: Parse Query should throw if improperly encoded
  • Fix: Issue where roles were not used in some requests
  • Fix: serverURL will no longer default to api.parse.com/1

2.1.1 (2/18/2016)

  • Experimental: Schemas API support for DELETE operations
  • Fix: Session token issue fetching Users
  • Fix: Facebook auth validation
  • Fix: Invalid error when deleting missing session

2.1.0 (2/17/2016)

  • Feature: Support for additional OAuth providers
  • Feature: Ability to implement custom OAuth providers
  • Feature: Support for deleting Parse Files
  • Feature: Allow querying roles
  • Feature: Support for logs, extensible via Log Adapter
  • Feature: New Push Adapter for sending push notifications through OneSignal
  • Feature: Tighter default security for Users
  • Feature: Pass parameters to cloud code in query string
  • Feature: Disable anonymous users via configuration.
  • Experimental: Schemas API support for PUT operations
  • Fix: Prevent installation ID from being added to User
  • Fix: Becoming a user works properly with sessions
  • Fix: Including multiple object when some object are unavailable will get all the objects that are available
  • Fix: Invalid URL for Parse Files
  • Fix: Making a query without a limit now returns 100 results
  • Fix: Expose installation id in cloud code
  • Fix: Correct username for Anonymous users
  • Fix: Session token issue after fetching user
  • Fix: Issues during install process
  • Fix: Issue with Unity SDK sending _noBody

2.0.8 (2/11/2016)

  • Add: support for Android and iOS push notifications
  • Experimental: cloud code validation hooks (can mark as non-experimental after we have docs)
  • Experimental: support for schemas API (GET and POST only)
  • Experimental: support for Parse Config (GET and POST only)
  • Fix: Querying objects with equality constraint on array column
  • Fix: User logout will remove session token
  • Fix: Various files related bugs
  • Fix: Force minimum node version 4.3 due to security issues in earlier version
  • Performance Improvement: Improved caching