Releases: parse-community/parse-server
Releases · parse-community/parse-server
9.6.0-alpha.14
9.6.0-alpha.14 (2026-03-12)
Bug Fixes
- GraphQL WebSocket endpoint bypasses security middleware (GHSA-p2x3-8689-cwpg) (#10189) (3ffba75)
8.6.40
9.6.0-alpha.13
9.6.0-alpha.13 (2026-03-11)
Bug Fixes
- OAuth2 adapter app ID validation sends wrong token to introspection endpoint (GHSA-69xg-f649-w5g2) (#10187) (7f9f854)
9.6.0-alpha.12
9.6.0-alpha.12 (2026-03-11)
Bug Fixes
- Account takeover via operator injection in authentication data identifier (GHSA-5fw2-8jcv-xh87) (#10185) (0d0a554)
9.6.0-alpha.11
9.6.0-alpha.11 (2026-03-11)
Bug Fixes
- OAuth2 adapter shares mutable state across providers via singleton instance (GHSA-2cjm-2gwv-m892) (#10183) (6009bc1)
9.6.0-alpha.10
9.6.0-alpha.10 (2026-03-11)
Bug Fixes
- SQL injection via query field name when using PostgreSQL (GHSA-c442-97qw-j6c6) (#10181) (be281b1)
8.6.39
8.6.39 (2026-03-11)
Bug Fixes
- OAuth2 adapter app ID validation sends wrong token to introspection endpoint (GHSA-69xg-f649-w5g2) (#10188) (fd6f6a6)
8.6.38
8.6.38 (2026-03-11)
Bug Fixes
- Account takeover via operator injection in authentication data identifier (GHSA-5fw2-8jcv-xh87) (#10186) (93425df)
8.6.37
8.6.37 (2026-03-11)
Bug Fixes
- OAuth2 adapter shares mutable state across providers via singleton instance (GHSA-2cjm-2gwv-m892) (#10184) (6afa431)
8.6.36
8.6.36 (2026-03-11)
Bug Fixes
- SQL injection via query field name when using PostgreSQL (GHSA-c442-97qw-j6c6) (#10182) (0b0398b)