Skip to content

Tags: parse-community/parse-server

Tags

9.10.0-alpha.2

Toggle 9.10.0-alpha.2's commit message 
chore(release): 9.10.0-alpha.2 [skip ci]

# [9.10.0-alpha.2](9.10.0-alpha.1...9.10.0-alpha.2) (2026-06-25)

### Bug Fixes

* Stored XSS via malformed Content-Type bypassing file upload extension blocklist ([GHSA-r899-h629-j84r](GHSA-r899-h629-j84r)) ([#10521](#10521)) ([cce91e5](cce91e5))

8.6.84

Toggle 8.6.84's commit message 
chore(release): 8.6.84 [skip ci]

## [8.6.84](8.6.83...8.6.84) (2026-06-25)

### Bug Fixes

* Stored XSS via malformed Content-Type bypassing file upload extension blocklist ([GHSA-r899-h629-j84r](GHSA-r899-h629-j84r)) ([#10523](#10523)) ([55eab32](55eab32))

9.10.0-alpha.1

Toggle 9.10.0-alpha.1's commit message 
chore(release): 9.10.0-alpha.1 [skip ci]

# [9.10.0-alpha.1](9.9.1-alpha.13...9.10.0-alpha.1) (2026-06-19)

### Features

* Add option to disallow aggregation pipelines for the read-only master key ([#10517](#10517)) ([816078f](816078f))

9.9.1-alpha.13

Toggle 9.9.1-alpha.13's commit message 
chore(release): 9.9.1-alpha.13 [skip ci]

## [9.9.1-alpha.13](9.9.1-alpha.12...9.9.1-alpha.13) (2026-06-19)

### Bug Fixes

* LiveQuery discloses object data to a subscriber across an ACL read-access change ([GHSA-97pr-9hgg-3p8r](GHSA-97pr-9hgg-3p8r)) ([#10515](#10515)) ([e9c85df](e9c85df))

8.6.83

Toggle 8.6.83's commit message 
chore(release): 8.6.83 [skip ci]

## [8.6.83](8.6.82...8.6.83) (2026-06-19)

### Bug Fixes

* LiveQuery discloses object data to a subscriber across an ACL read-access change ([GHSA-97pr-9hgg-3p8r](GHSA-97pr-9hgg-3p8r)) ([#10516](#10516)) ([c9b24ce](c9b24ce))

9.9.1-alpha.12

Toggle 9.9.1-alpha.12's commit message 
chore(release): 9.9.1-alpha.12 [skip ci]

## [9.9.1-alpha.12](9.9.1-alpha.11...9.9.1-alpha.12) (2026-06-17)

### Bug Fixes

* Denial of service via exponential-time processing of deeply nested query operators ([GHSA-cgxm-vr2f-6fj8](GHSA-cgxm-vr2f-6fj8)) ([#10511](#10511)) ([1103c7a](1103c7a))

8.6.82

Toggle 8.6.82's commit message 
chore(release): 8.6.82 [skip ci]

## [8.6.82](8.6.81...8.6.82) (2026-06-17)

### Bug Fixes

* Denial of service via exponential-time processing of deeply nested query operators ([GHSA-cgxm-vr2f-6fj8](GHSA-cgxm-vr2f-6fj8)) ([#10512](#10512)) ([0f5d2ad](0f5d2ad))

9.9.1-alpha.11

Toggle 9.9.1-alpha.11's commit message 
chore(release): 9.9.1-alpha.11 [skip ci]

## [9.9.1-alpha.11](9.9.1-alpha.10...9.9.1-alpha.11) (2026-06-16)

### Bug Fixes

* Stored XSS via non-standard file extension bypassing file upload extension blocklist ([GHSA-v8x7-r927-cc93](GHSA-v8x7-r927-cc93)) ([#10505](#10505)) ([be12a60](be12a60))

8.6.81

Toggle 8.6.81's commit message 
chore(release): 8.6.81 [skip ci]

## [8.6.81](8.6.80...8.6.81) (2026-06-16)

### Bug Fixes

* Stored XSS via non-standard file extension bypassing file upload extension blocklist ([GHSA-v8x7-r927-cc93](GHSA-v8x7-r927-cc93)) ([#10506](#10506)) ([97c6a78](97c6a78))

9.9.1-alpha.10

Toggle 9.9.1-alpha.10's commit message 
chore(release): 9.9.1-alpha.10 [skip ci]

## [9.9.1-alpha.10](9.9.1-alpha.9...9.9.1-alpha.10) (2026-06-12)

### Bug Fixes

* Middleware route checks do not match routing-equivalent path variants (trailing slash, case) ([#10501](#10501)) ([f861210](f861210))