Releases: parse-community/parse-server
Releases · parse-community/parse-server
Release list
9.10.0-alpha.7
9.10.0-alpha.6
9.10.0-alpha.6 (2026-07-10)
Bug Fixes
- GraphQL error messages disclose pointer and relation target class names when public introspection is disabled (GHSA-r2g6-4f6j-f6rf) (#10568) (cb9b542)
9.10.0-alpha.5
9.10.0-alpha.5 (2026-07-10)
Bug Fixes
- GraphQL error messages disclose required input field names when public introspection is disabled (GHSA-2fgh-8j2g-w354) (#10566) (d96c945), closes GHSA-2f#8j2g-w354 /github.com/parse-community/parse-server/security/advisories/GHSA-2f#8j2g-w354
8.6.87
8.6.87 (2026-07-10)
Bug Fixes
- GraphQL error messages disclose pointer and relation target class names when public introspection is disabled (GHSA-r2g6-4f6j-f6rf) (#10569) (bc863d7)
8.6.86
8.6.86 (2026-07-10)
Bug Fixes
- GraphQL error messages disclose required input field names when public introspection is disabled (GHSA-2fgh-8j2g-w354) (#10567) (6985a38), closes GHSA-2f#8j2g-w354 /github.com/parse-community/parse-server/security/advisories/GHSA-2f#8j2g-w354
8.6.85
8.6.85 (2026-07-08)
Bug Fixes
- GraphQL variable-coercion suggestions disclose schema to unauthenticated callers (GHSA-9g8f-h8f3-hjcm) (#10564) (2728fcb)
9.10.0-alpha.4
9.10.0-alpha.4 (2026-07-07)
Bug Fixes
- GraphQL variable-coercion suggestions disclose schema to unauthenticated callers (GHSA-9g8f-h8f3-hjcm) (#10563) (2625489)
9.10.0-alpha.3
9.10.0-alpha.2
9.10.0-alpha.2 (2026-06-25)
Bug Fixes
- Stored XSS via malformed Content-Type bypassing file upload extension blocklist (GHSA-r899-h629-j84r) (#10521) (cce91e5)
8.6.84
8.6.84 (2026-06-25)
Bug Fixes
- Stored XSS via malformed Content-Type bypassing file upload extension blocklist (GHSA-r899-h629-j84r) (#10523) (55eab32)