Releases: parse-community/parse-server
Releases · parse-community/parse-server
9.9.1-alpha.9
9.9.1-alpha.9 (2026-06-11)
Bug Fixes
9.9.1-alpha.8
9.9.1-alpha.8 (2026-06-10)
Bug Fixes
9.9.1-alpha.7
9.9.1-alpha.7 (2026-06-06)
Bug Fixes
9.9.1-alpha.6
9.9.1-alpha.6 (2026-06-03)
Bug Fixes
- Relation
$relatedToquery bypassesprotectedFieldsand owning-object ACL (GHSA-wmwx-jr2p-4j4r) (#10493) (43658f1)
9.9.1-alpha.5
9.9.1-alpha.5 (2026-06-03)
Bug Fixes
- Endpoints
/loginand/verifyPassworddisclose MFA secrets and protected fields when_Userget is denied (GHSA-75v4-m273-5j49) (#10492) (83e90ed)
8.6.80
9.9.1-alpha.4
9.9.1-alpha.4 (2026-06-01)
Bug Fixes
- Stored XSS via trailing-dot filename bypassing file upload extension blocklist (GHSA-7wqv-xjf3-x35v) (#10489) (66484ce)
8.6.79
8.6.79 (2026-06-01)
Bug Fixes
- Stored XSS via trailing-dot filename bypassing file upload extension blocklist (GHSA-7wqv-xjf3-x35v) (#10490) (9e99279)
9.9.1-alpha.3
9.9.1-alpha.3 (2026-05-27)
Bug Fixes
- Server option routeAllowList is bypassable through batch sub-requests (GHSA-p84r-h6rx-f2xr) (#10482) (552c6dd)
9.9.1-alpha.2
9.9.1-alpha.2 (2026-05-18)
Bug Fixes
- GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers (GHSA-8cph-rgr4-g5vj) (#10467) (155123a)