Skip to content

Commit 1306da7

Browse files
mtrezzamtrezza
committed
Merge pull request from GHSA-23r4-5mxp-c7g5 
1 parent 3c00bcd commit 1306da7

File tree

5 files changed

+2056
-3508
lines changed

5 files changed

+2056
-3508
lines changed

CHANGELOG.md

+10-1
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,16 @@
11
## Parse Server Changelog
22

33
### master
4-
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.0...master)
4+
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.2...master)
5+
6+
### 4.5.2
7+
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.1...4.5.2)
8+
9+
### Security Fixes
10+
- SECURITY FIX: Fixes incorrect session property `authProvider: password` of anonymous users. When signing up an anonymous user, the session field `createdWith` indicates incorrectly that the session has been created using username and password with `authProvider: password`, instead of an anonymous sign-up with `authProvider: anonymous`. This fixes the issue by setting the correct `authProvider: anonymous` for future sign-ups of anonymous users. This fix does not fix incorrect `authProvider: password` for existing sessions of anonymous users. Consider this if your app logic depends on the `authProvider` field. (Corey Baker) [GHSA-23r4-5mxp-c7g5](https://github.com/parse-community/parse-server/security/advisories/GHSA-23r4-5mxp-c7g5)
11+
12+
### 4.5.1
13+
*This version was published by mistake and was deprecated.*
514

615
### 4.5.0
716
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.4.0...4.5.0)

0 commit comments

Comments
 (0)