4.5.0

Full Changelog

BREAKING CHANGES:

• FIX: Consistent casing for afterLiveQueryEvent. The afterLiveQueryEvent was introduced in 4.4.0 with inconsistent casing for the event names, which was fixed in 4.5.0. #7023. Thanks to dblythy.

---

• FIX: Properly handle serverURL and publicServerUrl in Batch requests. #7049. Thanks to Zach Goldberg.
• IMPROVE: Prevent invalid column names (className and length). #7053. Thanks to Diamond Lewis.
• IMPROVE: GraphQL: Remove viewer from logout mutation. #7029. Thanks to Antoine Cormouls.
• IMPROVE: GraphQL: Optimize on Relation. #7044. Thanks to Antoine Cormouls.
• NEW: Include sessionToken in onLiveQueryEvent. #7043. Thanks to dblythy.
• FIX: Definitions for accountLockout and passwordPolicy. #7040. Thanks to dblythy.
• FIX: Fix typo in server definitions for emailVerifyTokenReuseIfValid. #7037. Thanks to dblythy.
• SECURITY FIX: LDAP auth stores password in plain text. See GHSA-4w46-w44m-3jq3 for more details about the vulnerability and da905a3 for the fix. Thanks to Fabian Strachanski.
• NEW: Reuse tokens if they haven't expired. #7017. Thanks to dblythy.
• NEW: Add LDAPS-support to LDAP-Authcontroller. #7014. Thanks to Fabian Strachanski.
• FIX: (beforeSave/afterSave): Return value instead of Parse.Op for nested fields. #7005. Thanks to Diamond Lewis.
• FIX: (beforeSave): Skip Sanitizing Database results. #7003. Thanks to Diamond Lewis.
• FIX: Fix includeAll for querying a Pointer and Pointer array. #7002. Thanks to Corey Baker.
• FIX: Add encryptionKey to src/options/index.js. #6999. Thanks to dblythy.
• IMPROVE: Update PostgresStorageAdapter.js. #6989. Thanks to Vitaly Tomilov.

4.4.0

Full Changelog

• IMPROVE: Update PostgresStorageAdapter.js. #6981. Thanks to Vitaly Tomilov
• NEW: skipWithMasterKey on Built-In Validator. #6972. Thanks to dblythy.
• NEW: Add fileKey rotation to GridFSBucketAdapter. #6768. Thanks to Corey Baker.
• IMPROVE: Remove unused parameter in Cloud Function. #6969. Thanks to Diamond Lewis.
• IMPROVE: Validation Handler Update. #6968. Thanks to dblythy.
• FIX: (directAccess): Properly handle response status. #6966. Thanks to Diamond Lewis.
• FIX: Remove hostnameMaxLen for Mongo URL. #6693. Thanks to markhoward02.
• IMPROVE: Show a message if cloud functions are duplicated. #6963. Thanks to dblythy.
• FIX: Pass request.query to afterFind. #6960. Thanks to dblythy.
• SECURITY FIX: Patch session vulnerability over Live Query. See GHSA-2xm2-xj2q-qgpj for more details about the vulnerability and 78b59fb for the fix. Thanks to Antonio Davi Macedo Coelho de Castro.
• IMPROVE: LiveQueryEvent Error Logging Improvements. #6951. Thanks to dblythy.
• IMPROVE: Include stack in Cloud Code. #6958. Thanks to dblythy.
• FIX: (jobs): Add Error Message to JobStatus Failure. #6954. Thanks to Diamond Lewis.
• NEW: Create Cloud function afterLiveQueryEvent. #6859. Thanks to dblythy.
• FIX: Update vkontakte API to the latest version. #6944. Thanks to Antonio Davi Macedo Coelho de Castro.
• FIX: Use an empty object as default value of options for Google Sign in. #6844. Thanks to Kevin Kuang.
• FIX: Postgres: prepend className to unique indexes. #6741. Thanks to Corey Baker.
• FIX: GraphQL: Transform input types also on user mutations. #6934. Thanks to Antoine Cormouls.
• FIX: Set objectId into query for Email Validation. #6930. Thanks to Danaru.
• FIX: GraphQL: Optimize queries, fixes some null returns (on object), fix stitched GraphQLUpload. #6709. Thanks to Antoine Cormouls.
• FIX: Do not throw error if user provide a pointer like index onMongo. #6923. Thanks to Antoine Cormouls.
• FIX: Hotfix instagram api. #6922. Thanks to Tim.
• FIX: (directAccess/cloud-code): Pass installationId with LogIn. #6903. Thanks to Diamond Lewis.
• FIX: Fix bcrypt binary incompatibility. #6891. Thanks to Manuel Trezza.
• NEW: Keycloak auth adapter. #6376. Thanks to Rhuan.
• IMPROVE: Changed incorrect key name in apple auth adapter tests. #6861. Thanks to Manuel Trezza.
• FIX: Fix mutating beforeSubscribe Query. #6868. Thanks to dblythy.
• FIX: Fix beforeLogin for users logging in with AuthData. #6872. Thanks to Kevin Kuang.
• FIX: Remove Facebook AccountKit auth. #6870. Thanks to Diamond Lewis.
• FIX: Updated TOKEN_ISSUER to 'accounts.google.com'. #6836. Thanks to Arjun Vedak.
• IMPROVE: Optimized deletion of class field from schema by using an index if available to do an index scan instead of a collection scan. #6815. Thanks to Manuel Trezza.
• IMPROVE: Enable MongoDB transaction test for MongoDB >= 4.0.4 #6827. Thanks to Manuel.

4.3.0

Full Changelog

• PERFORMANCE: Optimizing pointer CLP query decoration done by DatabaseController#addPointerPermissions #6747. Thanks to mess-lelouch.
• SECURITY: Fix security breach on GraphQL viewer 78239ac, secuity advisory. Thanks to Antoine Cormouls.
• FIX: Save context not present if direct access enabled #6764. Thanks to Omair Vaiyani.
• NEW: Before Connect + Before Subscribe #6793. Thanks to dblythy.
• FIX: Add version to playground to fix CDN #6804. Thanks to Antoine Cormouls.
• NEW (EXPERIMENTAL): Idempotency enforcement for client requests. This deduplicates requests where the client intends to send one request to Parse Server but due to network issues the server receives the request multiple times. Caution, this is an experimental feature that may not be appropriate for production. #6748. Thanks to Manuel Trezza.
• FIX: Add production Google Auth Adapter instead of using the development url #6734. Thanks to SebC..
• IMPROVE: Run Prettier JS Again Without requiring () on arrow functions #6796. Thanks to Diamond Lewis.
• IMPROVE: Run Prettier JS #6795. Thanks to Diamond Lewis.
• IMPROVE: Replace bcrypt with @node-rs/bcrypt #6794. Thanks to LongYinan.
• IMPROVE: Make clear description of anonymous user #6655. Thanks to Jerome De Leon.
• IMPROVE: Simplify GraphQL merge system to avoid js ref bugs #6791. Thanks to Antoine Cormouls.
• NEW: Pass context in beforeDelete, afterDelete, beforeFind and Parse.Cloud.run #6666. Thanks to yog27ray.
• NEW: Allow passing custom gql schema function to ParseServer#start options #6762. Thanks to Luca.
• NEW: Allow custom cors origin header #6772. Thanks to Kevin Yao.
• FIX: Fix context for cascade-saving and saving existing object #6735. Thanks to Manuel.
• NEW: Add file bucket encryption using fileKey #6765. Thanks to Corey Baker.
• FIX: Removed gaze from dev dependencies and removed not working dev script #6745. Thanks to Vincent Semrau.
• IMPROVE: Upgrade graphql-tools to v6 #6701. Thanks to Yaacov Rydzinski.
• NEW: Support Metadata in GridFSAdapter #6660. Thanks to Diamond Lewis.
• NEW: Allow to unset file from graphql #6651. Thanks to Antoine Cormouls.
• NEW: Handle shutdown for RedisCacheAdapter #6658. Thanks to promisenxu.
• FIX: Fix explain on user class #6650. Thanks to Manuel.
• FIX: Fix read preference for aggregate #6585. Thanks to Manuel.
• NEW: Add context to Parse.Object.save #6626. Thanks to Manuel.
• NEW: Adding ssl config params to Postgres URI #6580. Thanks to Corey Baker.
• FIX: Travis postgres update: removing unnecessary start of mongo-runner #6594. Thanks to Corey Baker.
• FIX: ObjectId size for Pointer in Postgres #6619. Thanks to Corey Baker.
• IMPROVE: Improve a test case #6629. Thanks to Gordon Sun.
• NEW: Allow to resolve automatically Parse Type fields from Custom Schema #6562. Thanks to Antoine Cormouls.
• FIX: Remove wrong console log in test #6627. Thanks to Gordon Sun.
• IMPROVE: Graphql tools v5 #6611. Thanks to Yaacov Rydzinski.
• FIX: Catch JSON.parse and return 403 properly #6589. Thanks to Gordon Sun.
• PERFORMANCE: Allow covering relation queries with minimal index #6581. Thanks to Noah Silas.
• FIX: Fix Postgres group aggregation #6522. Thanks to Siddharth Ramesh.
• NEW: Allow set user mapped from JWT directly on request #6411. Thanks to Gordon Sun.

4.2.0

Full Changelog

• UPGRADE: Parse JS SDK to 2.12.0 #6548
• NEW: Support Group aggregation on multiple columns for Postgres #6483. Thanks to Siddharth Ramesh.
• FIX: Improve test reliability by instructing Travis to only install one version of Postgres #6490. Thanks to
  Corey Baker.
• FIX: Unknown type bug on overloaded types #6494. Thanks to Antoine Cormouls.
• FIX: Improve reliability of 'SignIn with AppleID' #6416. Thanks to Andy King.
• FIX: Improve Travis reliability by separating Postgres & Mongo scripts #6505. Thanks to
  Corey Baker.
• NEW: Apple SignIn support for multiple IDs #6523. Thanks to UnderratedDev.
• NEW: Add support for new Instagram API #6398. Thanks to Maravilho Singa.
• FIX: Updating Postgres/Postgis Call and Postgis to 3.0 #6528. Thanks to
  Corey Baker.
• FIX: enableExpressErrorHandler logic #6423. Thanks to Nikolay Andryukhin.
• FIX: Change Order Enum Strategy for GraphQL #6515. Thanks to Antoine Cormouls.
• FIX: Switch ACL to Relay Global Id for GraphQL #6495. Thanks to Antoine Cormouls.
• FIX: Handle keys for pointer fields properly for GraphQL #6499. Thanks to Antoine Cormouls.
• FIX: GraphQL file mutation #6507. Thanks to Antoine Cormouls.
• FIX: Aggregate geoNear with date query #6540. Thanks to Manuel.
• NEW: Add file triggers and file meta data #6344. Thanks to stevestencil.
• FIX: Improve local testing of postgres #6531. Thanks to
  Corey Baker.
• NEW: Case insensitive username and email indexing and query planning for Postgres #6506. Thanks to
  Corey Baker.

4.1.0

Full Changelog

SECURITY RELEASE: see advisory for details

• SECURITY FIX: Patch Regex vulnerabilities. See 3a3a5ee. Special thanks to W0lfw00d for identifying and responsibly reporting the vulnerability. Thanks to Antonio Davi Macedo Coelho de Castro for the speedy fix.

4.0.2

Full Changelog

BREAKING CHANGES:

1. Remove Support for Mongo 3.2 & 3.4. The new minimum supported version is Mongo 3.6.
2. Change username and email validation to be case insensitive. This change should be transparent in most use cases. The validation behavior should now behave 'as expected'. See #5634 for details.

Special Note on Upgrading to Parse Server 4.0.0 and above

In addition to the breaking changes noted above, #5634 introduces a two new case insensitive indexes on the User collection. Special care should be taken when upgrading to this version to ensure that:

1. The new indexes can be successfully created (see issue #6465 for details on a potential issue for your installation).

2. Care is taken ensure that there is adequate compute capacity to create the index in the background while still servicing requests.

• FIX: attempt to get travis to deploy to npmjs again. See #6475. Thanks to Arthur Cinader.

4.0.1

BREAKING CHANGES:

1. Remove Support for Mongo 3.2 & 3.4. The new minimum supported version is Mongo 3.6.
2. Change username and email validation to be case insensitive. This change should be transparent in most use cases. The validation behavior should now behave 'as expected'. See #5634 for details.

Special Note on Upgrading to Parse Server 4.0.0 and above

In addition to the breaking changes noted above, #5634 introduces a two new case insensitive indexes on the User collection. Special care should be taken when upgrading to this version to ensure that:

1. The new indexes can be successfully created (see issue #6465 for details on a potential issue for your installation).

2. Care is taken ensure that there is adequate compute capacity to create the index in the background while still servicing requests.

• FIX: correct 'new' travis config to properly deploy. See #6452. Thanks to Arthur Cinader.
• FIX: Better message on not allowed to protect default fields. See #6439.Thanks to Old Grandpa

4.0.0

BREAKING CHANGES:

1. Remove Support for Mongo 3.2 & 3.4. The new minimum supported version is Mongo 3.6.
2. Change username and email validation to be case insensitive. This change should be transparent in most use cases. The validation behavior should now behave 'as expected'. See #5634 for details.

Special Note on Upgrading to Parse Server 4.0.0 and above

In addition to the breaking changes noted above, #5634 introduces a two new case insensitive indexes on the User collection. Special care should be taken when upgrading to this version to ensure that:

1. The new indexes can be successfully created (see issue #6465 for details on a potential issue for your installation).

2. Care is taken ensure that there is adequate compute capacity to create the index in the background while still servicing requests.

Full Changelog

• NEW: add hint option to Parse.Query #6322. Thanks to Steve Stencil
• FIX: CLP objectId size validation fix #6332. Thanks to Old Grandpa
• FIX: Add volumes to Docker command #6356. Thanks to Kasra Bigdeli
• NEW: GraphQL 3rd Party LoginWith Support #6371. Thanks to Antoine Cormouls
• FIX: GraphQL Geo Queries #6363. Thanks to Antoine Cormouls
• NEW: GraphQL Nested File Upload #6372. Thanks to Antoine Cormouls
• NEW: Granular CLP pointer permissions #6352. Thanks to Old Grandpa
• FIX: Add missing colon for customPages #6393. Thanks to Jerome De Leon
• NEW: afterLogin cloud code hook #6387. Thanks to David Corona
• FIX: BREAKING CHANGE Prevent new usernames or emails that clash with existing users' email or username if it only differs by case. For example, don't allow a new user with the name 'Jane' if we already have a user 'jane'. #5634. Thanks to Arthur Cinader
• FIX: Support Travis CI V2. #6414. Thanks to Diamond Lewis
• FIX: Prevent crashing on websocket error. #6418. Thanks to Diamond Lewis
• NEW: Allow protectedFields for Authenticated users and Public. $6415. Thanks to Old Grandpa
• FIX: Correct bug in determining GraphQL pointer errors when mutating. #6413. Thanks to Antoine Cormouls
• NEW: Allow true GraphQL Schema Customization. #6360. Thanks to Antoine Cormouls
• BREAKING CHANGE: Remove Support for Mongo version < 3.6 #6445. Thanks to Arthur Cinader

3.10.0

Full Changelog

• FIX: correct and cover ordering queries in GraphQL #6316. Thanks to Antonio Davi Macedo Coelho de Castro
• NEW: GraphQL support for reset password email #6301. Thanks to Antoine Cormouls
• FIX: Add default limit to GraphQL fetch #6304. Thanks to Antoine Cormouls
• DOCS: use bash syntax highlighting #6302. Thanks to Jerome De Leon
• NEW: Add max log file option #6296. Thanks to Diamond Lewis
• NEW: support user supplied objectId #6101. Thanks to Ruhan
• FIX: Add missing encodeURIComponent on username #6278. Thanks to Christopher Brookes
• NEW: update PostgresStorageAdapter.js to use async/await #6275. Thanks to Vitaly Tomilov
• NEW: Support required fields on output type for GraphQL #6279. Thanks to Antoine Cormouls
• NEW: Support required fields for GraphQL #6271. Thanks to Antoine Cormouls
• CHANGE: use mongodb 3.3.5 #6263. Thanks to Diamond Lewis
• NEW: GraphQL: DX Relational Where Query #6255. Thanks to Antoine Cormouls
• CHANGE: test against Postgres 11 #6260. Thanks to Diamond Lewis
• CHANGE: test against Postgres 11 #6260. Thanks to Diamond Lewis
• NEW: GraphQL alias for mutations in classConfigs #6258. Thanks to Old Grandpa
• NEW: GraphQL classConfig query alias #6257. Thanks to Old Grandpa
• NEW: Allow validateFilename to return a string or Parse Error #6246. Thanks to Mike Patnode
• NEW: Relay Spec #6089. Thanks to Antonio Davi Macedo Coelho de Castro
• CHANGE: Set default ACL for GraphQL #6249. Thanks to Antoine Cormouls
• NEW: LDAP auth Adapter #6226. Thanks to Julian Dax
• FIX: improve beforeFind to include Query info #6237. Thanks to Diamond Lewis
• FIX: improve websocket error handling #6230. Thanks to Diamond Lewis
• NEW: addition of an afterLogout trigger #6217. Thanks to Diamond Lewis
• FIX: Initialize default logger #6186. Thanks to Diamond Lewis
• NEW: Add funding link #6192. Thanks to Tom Fox
• FIX: installationId on LiveQuery connect #6180. Thanks to Diamond Lewis
• NEW: Add exposing port in docker container #6165. Thanks to Priyash Patil
• NEW: Support Google Play Games Service #6147. Thanks to Diamond Lewis
• DOC: Throw error when setting authData to null #6154. Thanks to Manuel
• CHANGE: Move filename validation out of the Router and into the FilesAdaptor #6157. Thanks to Mike Patnode
• NEW: Added warning for special URL sensitive characters for appId #6159. Thanks to Saimoom Safayet Akash
• NEW: Support Apple Game Center Auth #6143. Thanks to Diamond Lewis
• CHANGE: test with Node 12 #6133. Thanks to Arthur Cinader
• FIX: prevent after find from firing when saving objects #6127. Thanks to Diamond Lewis
• FIX: GraphQL Mutations not returning updated information 6130. Thanks to Omair Vaiyani
• CHANGE: Cleanup Schema cache per request #6216. Thanks to Diamond Lewis
• DOC: Improve installation instructions #6120. Thanks to Andres Galante
• DOC: add code formatting to contributing guidelines #6119. Thanks to Andres Galante
• NEW: Add GraphQL ACL Type + Input #5957. Thanks to Antoine Cormouls
• CHANGE: replace public key #6099. Thanks to Arthur Cinader
• NEW: Support microsoft authentication in GraphQL #6051. Thanks to Alann Maulana
• NEW: Install parse-server 3.9.0 instead of 2.2 #6069. Thanks to Julian Dax
• NEW: Use #!/bin/bash instead of #!/bin/sh #6062. Thanks to Julian Dax
• DOC: Update GraphQL readme section #6030. Thanks to Antonio Davi Macedo Coelho de Castro

3.9.0

• NEW: Add allowHeaders to Options #6044. Thanks to Omair Vaiyani
• CHANGE: Introduce ReadOptionsInput to GraphQL API #6030. Thanks to Antonio Davi Macedo Coelho de Castro
• NEW: Stream video with GridFSBucketAdapter (implements byte-range requests) #6028. Thanks to Diamond Lewis
• FIX: Aggregate not matching null values #6043. Thanks to Antonio Davi Macedo Coelho de Castro
• CHANGE: Improve callCloudCode mutation to receive a CloudCodeFunction enum instead of a String in the GraphQL API #6029. Thanks to Antonio Davi Macedo Coelho de Castro
• TEST: Add more tests to transactions #6022. Thanks to Antonio Davi Macedo Coelho de Castro
• CHANGE: Pointer constraint input type as ID in the GraphQL API #6020. Thanks to Douglas Muraoka
• CHANGE: Remove underline from operators of the GraphQL API #6024. Thanks to Antonio Davi Macedo Coelho de Castro
• FIX: Make method async as expected in usage #6025. Thanks to Omair Vaiyani
• DOC: Added breaking change note to 3.8 release #6023. Thanks to Manuel
• NEW: Added support for line auth #6007. Thanks to Saimoom Safayet Akash
• FIX: Fix aggregate group id #5994. Thanks to Antonio Davi Macedo Coelho de Castro
• CHANGE: Schema operations instead of generic operations in the GraphQL API #5993. Thanks to Antonio Davi Macedo Coelho de Castro
• DOC: Fix changelog formatting#6009. Thanks to Tom Fox
• CHANGE: Rename objectId to id in the GraphQL API #5985. Thanks to Douglas Muraoka
• FIX: Fix beforeLogin trigger when user has a file #6001. Thanks to Antonio Davi Macedo Coelho de Castro
• DOC: Update GraphQL Docs with the latest changes #5980. Thanks to Antonio Davi Macedo Coelho de Castro