4.10.16
·
8 commits
to release-4.x.x
since this release
4.10.16 (2022-09-20)
Bug Fixes
- authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for Facebook or Spotify and where the server-side authentication adapter configuration
appIdsis set as a string (e.g.abc) instead of an array of strings (e.g.["abc"]) (GHSA-r657-33vp-gp22) (#8186) (b3e7939)