5.2.7
·
898 commits
to release
since this release
5.2.7 (2022-09-20)
Bug Fixes
- authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for Facebook or Spotify and where the server-side authentication adapter configuration
appIdsis set as a string (e.g.abc) instead of an array of strings (e.g.["abc"]) (GHSA-r657-33vp-gp22) (#8185) (ecf0814)