CHANGELOG.md

Parse Server Changelog

Jump directly to a version:

4.x
4.5.0 (latest release)
4.4.0
4.3.0
4.2.0
4.1.0
4.0.2
4.0.1
4.0.0

Previous Versions

3.x	2.x
3.10.0	2.8.4
3.9.0	2.8.3
3.8.0	2.8.2
3.7.2	2.8.1
3.7.1	2.8.0
3.7.0	2.7.4
3.6.0	2.7.3
3.5.0	2.7.2
3.4.4	2.7.1
3.4.3	2.7.0
3.4.2	2.6.5
3.4.1	2.6.4
3.4.0	2.6.3
3.3.0	2.6.2
3.2.3	2.6.1
3.2.2	2.6.0
3.2.1	2.5.3
3.2.0	2.5.2
3.1.3	2.5.1
3.1.2	2.5.0
3.1.1	2.4.2
3.1.0	2.4.1
3.0.0	2.4.0
	2.3.8
	2.3.7
	2.3.6
	2.3.5
	2.3.3
	2.3.2
	2.3.1
	2.3.0
	2.2.25
	2.2.24
	2.2.23
	2.2.22
	2.2.21
	2.2.20
	2.2.19
	2.2.18
	2.2.17
	2.2.16
	2.2.15
	2.2.14
	2.2.13
	2.2.12
	2.2.11
	2.2.10
	2.2.9
	2.2.8
	2.2.7
	2.2.6
	2.2.5
	2.2.4
	2.2.3
	2.2.2
	2.2.1
	2.2.0
	2.1.6
	2.1.5
	2.1.4
	2.1.3
	2.1.2
	2.1.1
	2.1.0
	2.0.8

---

Unreleased (Master Branch)

Full Changelog

Breaking Changes

• Improved schema caching through database real-time hooks. Reduces DB queries, decreases Parse Query execution time and fixes a potential schema memory leak. If multiple Parse Server instances connect to the same DB (for example behind a load balancer), set the Parse Server Option databaseOptions.enableSchemaHooks: true to enable this feature and keep the schema in sync across all instances. Failing to do so will cause a schema change to not propagate to other instances and re-syncing will only happen when these instances restart. The options enableSingleSchemaCache and schemaCacheTTL have been removed. To use this feature with MongoDB, a replica set cluster with change stream support is required. (Diamond Lewis, SebC) #7214
• Added file upload restriction. File upload is now only allowed for authenticated users by default for improved security. To allow file upload also for Anonymous Users or Public, set the fileUpload parameter in the Parse Server Options (dblythy, Manuel Trezza) #7071
• Removed parse-server-simple-mailgun-adapter dependency; to continue using the adapter it has to be explicitly installed (Manuel Trezza) #7321
• Remove support for MongoDB 3.6 which has reached its End-of-Life date and PostgreSQL 10 (Manuel Trezza) #7315
• Remove support for Node 10 which has reached its End-of-Life date (Manuel Trezza) #7314
• Remove S3 Files Adapter from Parse Server, instead install separately as @parse/s3-files-adapter (Manuel Trezza) #?

Notable Changes

• Added Parse Server Security Check to report weak security settings (Manuel Trezza, dblythy) #7247
• EXPERIMENTAL: Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification (Manuel Trezza) #6891
• EXPERIMENTAL: Added custom routes to easily customize flows for password reset, email verification or build entirely new flows (Manuel Trezza) #7231
• Added Deprecation Policy to govern the introduction of braking changes in a phased pattern that is more predictable for developers (Manuel Trezza) #7199

Other Changes

• Fix error when a not yet inserted job is updated (Antonio Davi Macedo Coelho de Castro) #7196
• request.context for afterFind triggers (dblythy) #7078
• Winston Logger interpolating stdout to console (dplewis) #7114
• Move graphql-tag from devDependencies to dependencies (Antonio Davi Macedo Coelho de Castro) #7183
• Added convenience method Parse.Cloud.sendEmail(...) to send email via email adapter in Cloud Code (dblythy) #7089
• LiveQuery support for $and, $nor, $containedBy, $geoWithin, $geoIntersects queries (dplewis) #7113
• Supporting patterns in LiveQuery server's config parameter classNames (Nes-si) #7131
• Added requireAnyUserRoles and requireAllUserRoles for Parse Cloud validator (dblythy) #7097
• Support Facebook Limited Login (miguel-s) #7219
• Removed Stage name check on aggregate pipelines (BRETT71) #7237
• Retry transactions on MongoDB when it fails due to transient error (Antonio Davi Macedo Coelho de Castro) #7187
• Bump tests to use Mongo 4.4.4 (Antonio Davi Macedo Coelho de Castro) #7184
• Added new account lockout policy option accountLockout.unlockOnPasswordReset to automatically unlock account on password reset (Manuel Trezza) #7146
• Test Parse Server continuously against all recent MongoDB versions that have not reached their end-of-life support date, added MongoDB compatibility table to Parse Server docs (Manuel Trezza) #7161
• Test Parse Server continuously against all recent Node.js versions that have not reached their end-of-life support date, added Node.js compatibility table to Parse Server docs (Manuel Trezza) 7161
• Throw error on invalid Cloud Function validation configuration (dblythy) #7154
• Allow Cloud Validator options to be async (dblythy) #7155
• Optimize queries on classes with pointer permissions (Pedro Diaz) #7061
• Test Parse Server continuously against all relevant Postgres versions (minor versions), added Postgres compatibility table to Parse Server docs (Corey Baker) #7176
• Randomize test suite (Diamond Lewis) #7265
• LDAP: Properly unbind client on group search error (Diamond Lewis) #7265
• Improve data consistency in Push and Job Status update (Diamond Lewis) #7267
• Excluding keys that have trailing edges.node when performing GraphQL resolver (Chris Bland) #7273
• Added centralized feature deprecation with standardized warning logs (Manuel Trezza) #7303
• Use Node.js 15.13.0 in CI (Olle Jonsson) #7312
• Fix file upload issue for S3 compatible storage (Linode, DigitalOcean) by avoiding empty tags property when creating a file (Ali Oguzhan Yildiz) #7300
• Add building Docker image as CI check (Manuel Trezza) #7332
• Add NPM package-lock version check to CI (Manuel Trezza) #7333
• Fix incorrect LiveQuery events triggered for multiple subscriptions on the same class with different events #7341

---

4.5.0

Full Changelog

Breaking Changes

• FIX: Consistent casing for afterLiveQueryEvent. The afterLiveQueryEvent was introduced in 4.4.0 with inconsistent casing for the event names, which was fixed in 4.5.0. #7023. Thanks to dblythy.

Other Changes

• FIX: Properly handle serverURL and publicServerUrl in Batch requests. #7049. Thanks to Zach Goldberg.
• IMPROVE: Prevent invalid column names (className and length). #7053. Thanks to Diamond Lewis.
• IMPROVE: GraphQL: Remove viewer from logout mutation. #7029. Thanks to Antoine Cormouls.
• IMPROVE: GraphQL: Optimize on Relation. #7044. Thanks to Antoine Cormouls.
• NEW: Include sessionToken in onLiveQueryEvent. #7043. Thanks to dblythy.
• FIX: Definitions for accountLockout and passwordPolicy. #7040. Thanks to dblythy.
• FIX: Fix typo in server definitions for emailVerifyTokenReuseIfValid. #7037. Thanks to dblythy.
• SECURITY FIX: LDAP auth stores password in plain text. See GHSA-4w46-w44m-3jq3 for more details about the vulnerability and da905a3 for the fix. Thanks to Fabian Strachanski.
• NEW: Reuse tokens if they haven't expired. #7017. Thanks to dblythy.
• NEW: Add LDAPS-support to LDAP-Authcontroller. #7014. Thanks to Fabian Strachanski.
• FIX: (beforeSave/afterSave): Return value instead of Parse.Op for nested fields. #7005. Thanks to Diamond Lewis.
• FIX: (beforeSave): Skip Sanitizing Database results. #7003. Thanks to Diamond Lewis.
• FIX: Fix includeAll for querying a Pointer and Pointer array. #7002. Thanks to Corey Baker.
• FIX: Add encryptionKey to src/options/index.js. #6999. Thanks to dblythy.
• IMPROVE: Update PostgresStorageAdapter.js. #6989. Thanks to Vitaly Tomilov.

4.4.0

Full Changelog

• IMPROVE: Update PostgresStorageAdapter.js. #6981. Thanks to Vitaly Tomilov
• NEW: skipWithMasterKey on Built-In Validator. #6972. Thanks to dblythy.
• NEW: Add fileKey rotation to GridFSBucketAdapter. #6768. Thanks to Corey Baker.
• IMPROVE: Remove unused parameter in Cloud Function. #6969. Thanks to Diamond Lewis.
• IMPROVE: Validation Handler Update. #6968. Thanks to dblythy.
• FIX: (directAccess): Properly handle response status. #6966. Thanks to Diamond Lewis.
• FIX: Remove hostnameMaxLen for Mongo URL. #6693. Thanks to markhoward02.
• IMPROVE: Show a message if cloud functions are duplicated. #6963. Thanks to dblythy.
• FIX: Pass request.query to afterFind. #6960. Thanks to dblythy.
• SECURITY FIX: Patch session vulnerability over Live Query. See GHSA-2xm2-xj2q-qgpj for more details about the vulnerability and 78b59fb for the fix. Thanks to Antonio Davi Macedo Coelho de Castro.
• IMPROVE: LiveQueryEvent Error Logging Improvements. #6951. Thanks to dblythy.
• IMPROVE: Include stack in Cloud Code. #6958. Thanks to dblythy.
• FIX: (jobs): Add Error Message to JobStatus Failure. #6954. Thanks to Diamond Lewis.
• NEW: Create Cloud function afterLiveQueryEvent. #6859. Thanks to dblythy.
• FIX: Update vkontakte API to the latest version. #6944. Thanks to Antonio Davi Macedo Coelho de Castro.
• FIX: Use an empty object as default value of options for Google Sign in. #6844. Thanks to Kevin Kuang.
• FIX: Postgres: prepend className to unique indexes. #6741. Thanks to Corey Baker.
• FIX: GraphQL: Transform input types also on user mutations. #6934. Thanks to Antoine Cormouls.
• FIX: Set objectId into query for Email Validation. #6930. Thanks to Danaru.
• FIX: GraphQL: Optimize queries, fixes some null returns (on object), fix stitched GraphQLUpload. #6709. Thanks to Antoine Cormouls.
• FIX: Do not throw error if user provide a pointer like index onMongo. #6923. Thanks to Antoine Cormouls.
• FIX: Hotfix instagram api. #6922. Thanks to Tim.
• FIX: (directAccess/cloud-code): Pass installationId with LogIn. #6903. Thanks to Diamond Lewis.
• FIX: Fix bcrypt binary incompatibility. #6891. Thanks to Manuel Trezza.
• NEW: Keycloak auth adapter. #6376. Thanks to Rhuan.
• IMPROVE: Changed incorrect key name in apple auth adapter tests. #6861. Thanks to Manuel Trezza.
• FIX: Fix mutating beforeSubscribe Query. #6868. Thanks to dblythy.
• FIX: Fix beforeLogin for users logging in with AuthData. #6872. Thanks to Kevin Kuang.
• FIX: Remove Facebook AccountKit auth. #6870. Thanks to Diamond Lewis.
• FIX: Updated TOKEN_ISSUER to 'accounts.google.com'. #6836. Thanks to Arjun Vedak.
• IMPROVE: Optimized deletion of class field from schema by using an index if available to do an index scan instead of a collection scan. #6815. Thanks to Manuel Trezza.
• IMPROVE: Enable MongoDB transaction test for MongoDB >= 4.0.4 #6827. Thanks to Manuel.

4.3.0

Full Changelog

• PERFORMANCE: Optimizing pointer CLP query decoration done by DatabaseController#addPointerPermissions #6747. Thanks to mess-lelouch.
• SECURITY: Fix security breach on GraphQL viewer 78239ac, security advisory. Thanks to Antoine Cormouls.
• FIX: Save context not present if direct access enabled #6764. Thanks to Omair Vaiyani.
• NEW: Before Connect + Before Subscribe #6793. Thanks to dblythy.
• FIX: Add version to playground to fix CDN #6804. Thanks to Antoine Cormouls.
• NEW (EXPERIMENTAL): Idempotency enforcement for client requests. This deduplicates requests where the client intends to send one request to Parse Server but due to network issues the server receives the request multiple times. Caution, this is an experimental feature that may not be appropriate for production. #6748. Thanks to Manuel Trezza.
• FIX: Add production Google Auth Adapter instead of using the development url #6734. Thanks to SebC..
• IMPROVE: Run Prettier JS Again Without requiring () on arrow functions #6796. Thanks to Diamond Lewis.
• IMPROVE: Run Prettier JS #6795. Thanks to Diamond Lewis.
• IMPROVE: Replace bcrypt with @node-rs/bcrypt #6794. Thanks to LongYinan.
• IMPROVE: Make clear description of anonymous user #6655. Thanks to Jerome De Leon.
• IMPROVE: Simplify GraphQL merge system to avoid js ref bugs #6791. Thanks to Antoine Cormouls.
• NEW: Pass context in beforeDelete, afterDelete, beforeFind and Parse.Cloud.run #6666. Thanks to yog27ray.
• NEW: Allow passing custom gql schema function to ParseServer#start options #6762. Thanks to Luca.
• NEW: Allow custom cors origin header #6772. Thanks to Kevin Yao.
• FIX: Fix context for cascade-saving and saving existing object #6735. Thanks to Manuel.
• NEW: Add file bucket encryption using fileKey #6765. Thanks to Corey Baker.
• FIX: Removed gaze from dev dependencies and removed not working dev script #6745. Thanks to Vincent Semrau.
• IMPROVE: Upgrade graphql-tools to v6 #6701. Thanks to Yaacov Rydzinski.
• NEW: Support Metadata in GridFSAdapter #6660. Thanks to Diamond Lewis.
• NEW: Allow to unset file from graphql #6651. Thanks to Antoine Cormouls.
• NEW: Handle shutdown for RedisCacheAdapter #6658. Thanks to promisenxu.
• FIX: Fix explain on user class #6650. Thanks to Manuel.
• FIX: Fix read preference for aggregate #6585. Thanks to Manuel.
• NEW: Add context to Parse.Object.save #6626. Thanks to Manuel.
• NEW: Adding ssl config params to Postgres URI #6580. Thanks to Corey Baker.
• FIX: Travis postgres update: removing unnecessary start of mongo-runner #6594. Thanks to Corey Baker.
• FIX: ObjectId size for Pointer in Postgres #6619. Thanks to Corey Baker.
• IMPROVE: Improve a test case #6629. Thanks to Gordon Sun.
• NEW: Allow to resolve automatically Parse Type fields from Custom Schema #6562. Thanks to Antoine Cormouls.
• FIX: Remove wrong console log in test #6627. Thanks to Gordon Sun.
• IMPROVE: Graphql tools v5 #6611. Thanks to Yaacov Rydzinski.
• FIX: Catch JSON.parse and return 403 properly #6589. Thanks to Gordon Sun.
• PERFORMANCE: Allow covering relation queries with minimal index #6581. Thanks to Noah Silas.
• FIX: Fix Postgres group aggregation #6522. Thanks to Siddharth Ramesh.
• NEW: Allow set user mapped from JWT directly on request #6411. Thanks to Gordon Sun.

4.2.0

Full Changelog

BREAKING CHANGES:

• CHANGE: The Sign-In with Apple authentication adapter parameter client_id has been changed to clientId. If using the Apple authentication adapter, this change requires to update the Parse Server configuration accordingly. See #6523 for details.

---

• UPGRADE: Parse JS SDK to 2.12.0 #6548
• NEW: Support Group aggregation on multiple columns for Postgres #6483. Thanks to Siddharth Ramesh.
• FIX: Improve test reliability by instructing Travis to only install one version of Postgres #6490. Thanks to Corey Baker.
• FIX: Unknown type bug on overloaded types #6494. Thanks to Antoine Cormouls.
• FIX: Improve reliability of 'SignIn with AppleID' #6416. Thanks to Andy King.
• FIX: Improve Travis reliability by separating Postgres & Mongo scripts #6505. Thanks to Corey Baker.
• NEW: Apple SignIn support for multiple IDs #6523. Thanks to UnderratedDev.
• NEW: Add support for new Instagram API #6398. Thanks to Maravilho Singa.
• FIX: Updating Postgres/Postgis Call and Postgis to 3.0 #6528. Thanks to Corey Baker.
• FIX: enableExpressErrorHandler logic #6423. Thanks to Nikolay Andryukhin.
• FIX: Change Order Enum Strategy for GraphQL #6515. Thanks to Antoine Cormouls.
• FIX: Switch ACL to Relay Global Id for GraphQL #6495. Thanks to Antoine Cormouls.
• FIX: Handle keys for pointer fields properly for GraphQL #6499. Thanks to Antoine Cormouls.
• FIX: GraphQL file mutation #6507. Thanks to Antoine Cormouls.
• FIX: Aggregate geoNear with date query #6540. Thanks to Manuel.
• NEW: Add file triggers and file meta data #6344. Thanks to stevestencil.
• FIX: Improve local testing of postgres #6531. Thanks to Corey Baker.
• NEW: Case insensitive username and email indexing and query planning for Postgres #6506. Thanks to Corey Baker.

4.1.0

Full Changelog

SECURITY RELEASE: see advisory for details

• SECURITY FIX: Patch Regex vulnerabilities. See 3a3a5ee. Special thanks to W0lfw00d for identifying and responsibly reporting the vulnerability. Thanks to Antonio Davi Macedo Coelho de Castro for the speedy fix.

4.0.2

Full Changelog

BREAKING CHANGES:

1. Remove Support for Mongo 3.2 & 3.4. The new minimum supported version is Mongo 3.6.
2. Change username and email validation to be case insensitive. This change should be transparent in most use cases. The validation behavior should now behave 'as expected'. See #5634 for details.

Special Note on Upgrading to Parse Server 4.0.0 and above

In addition to the breaking changes noted above, #5634 introduces a two new case insensitive indexes on the User collection. Special care should be taken when upgrading to this version to ensure that:

1. The new indexes can be successfully created (see issue #6465 for details on a potential issue for your installation).

2. Care is taken ensure that there is adequate compute capacity to create the index in the background while still servicing requests.

• FIX: attempt to get travis to deploy to npmjs again. See #6475. Thanks to Arthur Cinader.

4.0.1

Full Changelog

• FIX: correct 'new' travis config to properly deploy. See #6452. Thanks to Arthur Cinader.
• FIX: Better message on not allowed to protect default fields. See #6439.Thanks to Old Grandpa

4.0.0

Full Changelog

Special Note on Upgrading to Parse Server 4.0.0 and above

In addition to the breaking changes noted below, #5634 introduces a two new case insensitive indexes on the User collection. Special care should be taken when upgrading to this version to ensure that:

1. The new indexes can be successfully created (see issue #6465 for details on a potential issue for your installation).

2. Care is taken ensure that there is adequate compute capacity to create the index in the background while still servicing requests.

• NEW: add hint option to Parse.Query #6322. Thanks to Steve Stencil
• FIX: CLP objectId size validation fix #6332. Thanks to Old Grandpa
• FIX: Add volumes to Docker command #6356. Thanks to Kasra Bigdeli
• NEW: GraphQL 3rd Party LoginWith Support #6371. Thanks to Antoine Cormouls
• FIX: GraphQL Geo Queries #6363. Thanks to Antoine Cormouls
• NEW: GraphQL Nested File Upload #6372. Thanks to Antoine Cormouls
• NEW: Granular CLP pointer permissions #6352. Thanks to Old Grandpa
• FIX: Add missing colon for customPages #6393. Thanks to Jerome De Leon
• NEW: afterLogin cloud code hook #6387. Thanks to David Corona
• FIX: BREAKING CHANGE Prevent new usernames or emails that clash with existing users' email or username if it only differs by case. For example, don't allow a new user with the name 'Jane' if we already have a user 'jane'. #5634. Thanks to Arthur Cinader
• FIX: Support Travis CI V2. #6414. Thanks to Diamond Lewis
• FIX: Prevent crashing on websocket error. #6418. Thanks to Diamond Lewis
• NEW: Allow protectedFields for Authenticated users and Public. $6415. Thanks to Old Grandpa
• FIX: Correct bug in determining GraphQL pointer errors when mutating. #6413. Thanks to Antoine Cormouls
• NEW: Allow true GraphQL Schema Customization. #6360. Thanks to Antoine Cormouls
• BREAKING CHANGE: Remove Support for Mongo version < 3.6 #6445. Thanks to Arthur Cinader

3.10.0

Full Changelog

• FIX: correct and cover ordering queries in GraphQL #6316. Thanks to Antonio Davi Macedo Coelho de Castro
• NEW: GraphQL support for reset password email #6301. Thanks to Antoine Cormouls
• FIX: Add default limit to GraphQL fetch #6304. Thanks to Antoine Cormouls
• DOCS: use bash syntax highlighting #6302. Thanks to Jerome De Leon
• NEW: Add max log file option #6296. Thanks to Diamond Lewis
• NEW: support user supplied objectId #6101. Thanks to Ruhan
• FIX: Add missing encodeURIComponent on username #6278. Thanks to Christopher Brookes
• NEW: update PostgresStorageAdapter.js to use async/await #6275. Thanks to Vitaly Tomilov
• NEW: Support required fields on output type for GraphQL #6279. Thanks to Antoine Cormouls
• NEW: Support required fields for GraphQL #6271. Thanks to Antoine Cormouls
• CHANGE: use mongodb 3.3.5 #6263. Thanks to Diamond Lewis
• NEW: GraphQL: DX Relational Where Query #6255. Thanks to Antoine Cormouls
• CHANGE: test against Postgres 11 #6260. Thanks to Diamond Lewis
• CHANGE: test against Postgres 11 #6260. Thanks to Diamond Lewis
• NEW: GraphQL alias for mutations in classConfigs #6258. Thanks to Old Grandpa
• NEW: GraphQL classConfig query alias #6257. Thanks to Old Grandpa
• NEW: Allow validateFilename to return a string or Parse Error #6246. Thanks to Mike Patnode
• NEW: Relay Spec #6089. Thanks to Antonio Davi Macedo Coelho de Castro
• CHANGE: Set default ACL for GraphQL #6249. Thanks to Antoine Cormouls
• NEW: LDAP auth Adapter #6226. Thanks to Julian Dax
• FIX: improve beforeFind to include Query info #6237. Thanks to Diamond Lewis
• FIX: improve websocket error handling #6230. Thanks to Diamond Lewis
• NEW: addition of an afterLogout trigger #6217. Thanks to Diamond Lewis
• FIX: Initialize default logger #6186. Thanks to Diamond Lewis
• NEW: Add funding link #6192. Thanks to Tom Fox
• FIX: installationId on LiveQuery connect #6180. Thanks to Diamond Lewis
• NEW: Add exposing port in docker container #6165. Thanks to Priyash Patil
• NEW: Support Google Play Games Service #6147. Thanks to Diamond Lewis
• DOC: Throw error when setting authData to null #6154. Thanks to Manuel
• CHANGE: Move filename validation out of the Router and into the FilesAdaptor #6157. Thanks to Mike Patnode
• NEW: Added warning for special URL sensitive characters for appId #6159. Thanks to Saimoom Safayet Akash
• NEW: Support Apple Game Center Auth #6143. Thanks to Diamond Lewis
• CHANGE: test with Node 12 #6133. Thanks to Arthur Cinader
• FIX: prevent after find from firing when saving objects #6127. Thanks to Diamond Lewis
• FIX: GraphQL Mutations not returning updated information 6130. Thanks to Omair Vaiyani
• CHANGE: Cleanup Schema cache per request #6216. Thanks to Diamond Lewis
• DOC: Improve installation instructions #6120. Thanks to Andres Galante
• DOC: add code formatting to contributing guidelines #6119. Thanks to Andres Galante
• NEW: Add GraphQL ACL Type + Input #5957. Thanks to Antoine Cormouls
• CHANGE: replace public key #6099. Thanks to Arthur Cinader
• NEW: Support microsoft authentication in GraphQL #6051. Thanks to Alann Maulana
• NEW: Install parse-server 3.9.0 instead of 2.2 #6069. Thanks to Julian Dax
• NEW: Use #!/bin/bash instead of #!/bin/sh #6062. Thanks to Julian Dax
• DOC: Update GraphQL readme section #6030. Thanks to Antonio Davi Macedo Coelho de Castro

3.9.0

Full Changelog

• NEW: Add allowHeaders to Options #6044. Thanks to Omair Vaiyani
• CHANGE: Introduce ReadOptionsInput to GraphQL API #6030. Thanks to Antonio Davi Macedo Coelho de Castro
• NEW: Stream video with GridFSBucketAdapter (implements byte-range requests) #6028. Thanks to Diamond Lewis
• FIX: Aggregate not matching null values #6043. Thanks to Antonio Davi Macedo Coelho de Castro
• CHANGE: Improve callCloudCode mutation to receive a CloudCodeFunction enum instead of a String in the GraphQL API #6029. Thanks to Antonio Davi Macedo Coelho de Castro
• TEST: Add more tests to transactions #6022. Thanks to Antonio Davi Macedo Coelho de Castro
• CHANGE: Pointer constraint input type as ID in the GraphQL API #6020. Thanks to Douglas Muraoka
• CHANGE: Remove underline from operators of the GraphQL API #6024. Thanks to Antonio Davi Macedo Coelho de Castro
• FIX: Make method async as expected in usage #6025. Thanks to Omair Vaiyani
• DOC: Added breaking change note to 3.8 release #6023. Thanks to Manuel
• NEW: Added support for line auth #6007. Thanks to Saimoom Safayet Akash
• FIX: Fix aggregate group id #5994. Thanks to Antonio Davi Macedo Coelho de Castro
• CHANGE: Schema operations instead of generic operations in the GraphQL API #5993. Thanks to Antonio Davi Macedo Coelho de Castro
• DOC: Fix changelog formatting#6009. Thanks to Tom Fox
• CHANGE: Rename objectId to id in the GraphQL API #5985. Thanks to Douglas Muraoka
• FIX: Fix beforeLogin trigger when user has a file #6001. Thanks to Antonio Davi Macedo Coelho de Castro
• DOC: Update GraphQL Docs with the latest changes #5980. Thanks to Antonio Davi Macedo Coelho de Castro

3.8.0

Full Changelog

• NEW: Protected fields pointer-permissions support #5951. Thanks to Dobbias Nan
• NEW: GraphQL DX: Relation/Pointer #5946. Thanks to Antoine Cormouls
• NEW: Master Key Only Config Properties #5953. Thanks to Manuel
• FIX: Better validation when creating a Relation fields #5922. Thanks to Lucas Alencar
• NEW: enable GraphQL file upload #5944. Thanks to Antonio Davi Macedo Coelho de Castro
• NEW: Handle shutdown on grid adapters #5943. Thanks to Antonio Davi Macedo Coelho de Castro
• NEW: Fix GraphQL max upload size #5940. Thanks to Antonio Davi Macedo Coelho de Castro
• FIX: Remove Buffer() deprecation notice #5942. Thanks to Antonio Davi Macedo Coelho de Castro
• FIX: Remove MongoDB unified topology deprecation notice from the grid adapter #5941. Thanks to Antonio Davi Macedo Coelho de Castro
• NEW: add callback for serverCloseComplete #5937. Thanks to Diamond Lewis
• DOCS: Add Cloud Code guide to README #5936. Thanks to Diamond Lewis
• NEW: Remove nested operations from GraphQL API #5931. Thanks to Antonio Davi Macedo Coelho de Castro
• NEW: Improve Live Query Monitoring #5927. Thanks to Diamond Lewis
• FIX: GraphQL: Fix undefined Array #5296. Thanks to Antoine Cormouls
• NEW: Added array support for pointer-permissions #5921. Thanks to Dobbias Nan
• GraphQL: Renaming Types/Inputs #5921. Thanks to Antoine Cormouls
• FIX: Lint no-prototype-builtins #5920. Thanks to Diamond Lewis
• GraphQL: Inline Fragment on Array Fields #5908. Thanks to Antoine Cormouls
• DOCS: Add instructions to launch a compatible Docker Postgres . Thanks to Antoine Cormouls
• Fix: Undefined dot notation in matchKeyInQuery #5917. Thanks to Diamond Lewis
• Fix: Logger print JSON and Numbers #5916. Thanks to Diamond Lewis
• GraphQL: Return specific Type on specific Mutation #5893. Thanks to Antoine Cormouls
• FIX: Apple sign-in authAdapter #5891. Thanks to SebC.
• DOCS: Add GraphQL beta notice #5886. Thanks to Antonio Davi Macedo Coelho de Castro
• GraphQL: Remove "password" output field from _User class #5889. Thanks to Douglas Muraoka
• GraphQL: Object constraints #5715. Thanks to Douglas Muraoka
• DOCS: README top section overhaul + add sponsors #5876. Thanks to Tom Fox
• FIX: Return a Promise from classUpdate method #5877. Thanks to Lucas Alencar
• FIX: Use UTC Month in aggregate tests #5879. Thanks to Antonio Davi Macedo Coelho de Castro
• FIX: Transaction was aborting before all promises have either resolved or rejected #5878. Thanks to Antonio Davi Macedo Coelho de Castro
• NEW: Use transactions for batch operation #5849. Thanks to Antonio Davi Macedo Coelho de Castro

Breaking Changes

• If you are running Parse Server on top of a MongoDB deployment which does not fit the Retryable Writes Requirements, you will have to add retryWrites=false to your connection string in order to upgrade to Parse Server 3.8.

3.7.2

Full Changelog

• FIX: Live Query was failing on release 3.7.1

3.7.1

Full Changelog

• FIX: Missing APN module
• FIX: Set falsy values as default to schema fields #5868, thanks to Lucas Alencar
• NEW: Implement WebSocketServer Adapter #5866, thanks to Diamond Lewis

3.7.0

Full Changelog

• FIX: Prevent linkWith sessionToken from generating new session #5801, thanks to Diamond Lewis
• GraphQL: Improve session token error messages #5753, thanks to Douglas Muraoka
• NEW: GraphQL { functions { call } } generic mutation #5818, thanks to Antonio Davi Macedo Coelho de Castro
• NEW: GraphQL Custom Schema #5821, thanks to Antonio Davi Macedo Coelho de Castro
• NEW: GraphQL custom schema on CLI #5828, thanks to Antonio Davi Macedo Coelho de Castro
• NEW: GraphQL @mock directive #5836, thanks to Antonio Davi Macedo Coelho de Castro
• FIX: GraphQL _or operator not working #5840, thanks to Antonio Davi Macedo Coelho de Castro
• NEW: Add "count" to CLP initial value #5841, thanks to Douglas Muraoka
• NEW: Add ability to alter the response from the after save trigger #5814, thanks to BrunoMaurice
• FIX: Cache apple public key for the case it fails to fetch again #5848, thanks to Antonio Davi Macedo Coelho de Castro
• NEW: GraphQL Configuration Options #5782, thanks to Omair Vaiyani
• NEW: Required fields and default values #5835, thanks to Antonio Davi Macedo Coelho de Castro
• FIX: Postgres safely escape strings in nested objects #5855, thanks to Diamond Lewis
• NEW: Support PhantAuth authentication #5850, thanks to Ivan SZKIBA
• FIX: Remove uws package #5860, thanks to Zeal Murapa

3.6.0

Full Changelog

• SECURITY FIX: Address Security Advisory of a potential Enumeration Attack 73b0f9a, big thanks to Fabian Strachanski for identifying the problem, creating a fix and following the vulnerability disclosure guidelines
• NEW: Added rest option: excludeKeys #5737, thanks to Raschid J.F. Rafeally
• FIX: LiveQuery create event with fields #5790, thanks to Diamond Lewis
• FIX: Generate sessionToken with linkWith #5799, thanks to Diamond Lewis

3.5.0

Full Changelog

• NEW: GraphQL Support #5674, thanks to Antonio Davi Macedo Coelho de Castro

GraphQL Guide

• NEW: Sign in with Apple #5694, thanks to Diamond Lewis
• NEW: AppSecret to Facebook Auth #5695, thanks to Diamond Lewis
• NEW: Postgres: Regex support foreign characters #5598, thanks to Jeff Gu Kang
• FIX: Winston Logger string interpolation #5729, thanks to Diamond Lewis

3.4.4

Full Changelog

Fix: Commit changes

3.4.3

Full Changelog

Fix: Use changes in master to travis configuration to enable pushing to npm and gh_pages. See diff for details.

3.4.2

Full Changelog

Fix: In my haste to get a Security Fix out, I added 8709daf to master instead of to 3.4.1. This commit fixes that. Arthur Cinader

3.4.1

Full Changelog

Security Fix: see Advisory: GHSA-2479-qvv7-47q for details 8709daf. Big thanks to: Benjamin Simonsson for identifying the issue and promptly bringing it to the Parse Community's attention and also big thanks to the indefatigable Diamond Lewis for crafting a failing test and then a solution within an hour of the report.

3.4.0

Full Changelog

• NEW: Aggregate supports group by date fields #5538 thanks to Antonio Davi Macedo Coelho de Castro
• NEW: API for Read Preferences #3963 thanks to Antonio Davi Macedo Coelho de Castro
• NEW: Add Redis options for LiveQuery #5584 thanks to Diamond Lewis
• NEW: Add Direct Access option for Server Config #5550 thanks to Diamond Lewis
• FIX: updating mixed array in Postgres #5552 thanks to Diamond Lewis
• FIX: notEqualTo GeoPoint Query in Postgres #5549, thanks to Diamond Lewis
• FIX: put the timestamp back in logs that was lost after Winston upgrade #5571, thanks to Steven Rowe and Arthur Cinader
• FIX: Validates permission before calling beforeSave #5546, thanks to Antonio Davi Macedo Coelho de Castro
• FIX: Remove userSensitiveFields default value. #5588, thanks to William George
• FIX: Decode Date JSON value in LiveQuery. #5540, thanks to ananfang

3.3.0

Full Changelog

• NEW: beforeLogin trigger with support for auth providers (#5445), thanks to Omair Vaiyani
• NEW: RFC 7662 compliant OAuth2 auth adapter (#4910), thanks to Müller Zsolt
• FIX: cannot change password when maxPasswordHistory is 1 (#5191), thanks to Tulsi Sapkota
• FIX (Postgres): count being very slow on large Parse Classes' collections (#5330), thanks to CoderickLamar
• FIX: using per-key basis queue (#5420), thanks to Georges Jamous
• FIX: issue on count with Geo constraints and mongo (#5286), thanks to Julien Quéré

3.2.3

Full Changelog

• Correct previous release with patch that is fully merged

3.2.2

Full Changelog

• Security fix to properly process userSensitiveFields when parse-server is started with ../lib/cli/parse-server #5463

3.2.1

Full Changelog

• Increment package.json version to match the deployment tag

3.2.0

Full Changelog

• NEW: Support accessing sensitive fields with an explicit ACL. Not documented yet, see tests for examples
• Upgrade Parse SDK JS to 2.3.1 #5457
• Hides token contents in logStartupOptions if they arrive as a buffer #6a9380
• Support custom message for password requirements #5399
• Support for Ajax password reset #5332
• Postgres: Refuse to build unsafe JSON lists for contains #5337
• Properly handle return values in beforeSave #5228
• Fixes issue when querying user roles #5276
• Fixes issue affecting update with CLP #5269

3.1.3

Full Changelog

• Postgres: Fixes support for global configuration
• Postgres: Fixes support for numeric arrays
• Postgres: Fixes issue affecting queries on empty arrays
• LiveQuery: Adds support for transmitting the original object
• Queries: Use estimated count if query is empty
• Docker: Reduces the size of the docker image to 154Mb

3.1.2

Full Changelog

• Removes dev script, use TDD instead of server.
• Removes nodemon and problematic dependencies.
• Addressed event-stream security debacle.

3.1.1

Full Changelog

Improvements:

• Fixes issue that would prevent users with large number of roles to resolve all of them Antoine Cormouls (#5131, #5132)
• Fixes distinct query on special fields (#5144)

3.1.0

Full Changelog

Breaking Changes:

• Return success on sendPasswordResetEmail even if email not found. (#7fe4030)

Security Fix:

• Expire password reset tokens on email change (#5104)

Improvements:

• Live Query CLPs (#4387)
• Reduces number of calls to injectDefaultSchema (#5107)
• Remove runtime dependency on request (#5076)

Bug fixes:

• Fixes issue with vkontatke authentication (#4977)
• Use the correct function when validating google auth tokens (#5018)
• fix unexpected 'delete' trigger issue on LiveQuery (#5031)
• Improves performance for roles and ACL's in live query server (#5126)

3.0.0

Full Changelog

parse-server 3.0.0 comes with brand new handlers for cloud code. It now fully supports promises and async / await. For more informations, visit the v3.0.0 migration guide.

Breaking changes:

• Cloud Code handlers have a new interface based on promises.
• response.success / response.error are removed in Cloud Code
• Cloud Code runs with Parse-SDK 2.0
• The aggregate now require aggregates to be passed in the form: {"pipeline": [...]} (REST Only)

Improvements:

• Adds Pipeline Operator to Aggregate Router.
• Adds documentations for parse-server's adapters, constructors and more.
• Adds ability to pass a context object between beforeSave and afterSave affecting the same object.

Bug Fixes:

• Fixes issue that would crash the server when mongo objects had undefined values #4966
• Fixes issue that prevented ACL's from being used with select (see #571)

Dependency updates:

• @parse/simple-mailgun-adapter@1.1.0
• mongodb@3.1.3
• request@2.88.0

Development Dependencies Updates:

• @parse/minami@1.0.0
• deep-diff@1.0.2
• flow-bin@0.79.0
• jsdoc@3.5.5
• jsdoc-babel@0.4.0

2.8.4

Full Changelog

Improvements:

• Adds ability to forward errors to express handler (#4697)
• Adds ability to increment the push badge with an arbitrary value (#4889)
• Adds ability to preserve the file names when uploading (#4915)
• _User now follow regular ACL policy. Letting administrator lock user out. (#4860) and (#4898)
• Ensure dates are properly handled in aggregates (#4743)
• Aggregates: Improved support for stages sharing the same name
• Add includeAll option
• Added verify password to users router and tests. (#4747)
• Ensure read preference is never overriden, so DB config prevails (#4833)
• add support for geoWithin.centerSphere queries via withJSON (#4825)
• Allow sorting an object field (#4806)
• Postgres: Don't merge JSON fields after save() to keep same behaviour as MongoDB (#4808) (#4815)

Dependency updates

• commander@2.16.0
• mongodb@3.1.1
• pg-promise@8.4.5
• ws@6.0.0
• bcrypt@3.0.0
• uws@10.148.1

Development Dependencies Updates:

• cross-env@5.2.0
• eslint@5.0.0
• flow-bin@0.76.0
• mongodb-runner@4.0.0
• nodemon@1.18.1
• nyc@12.0.2
• request-promise@4.2.2
• supports-color@5.4.0

2.8.3

Full Changelog

Improvements:

• Adds support for JS SDK 2.0 job status header
• Removes npm-git scripts as npm supports using git repositories that build, thanks to Florent Vilmart

2.8.2

Full Changelog

Bug Fixes:

• Ensure legacy users without ACL's are not locked out, thanks to Florent Vilmart

Improvements:

• Use common HTTP agent to increase webhooks performance, thanks to Tyler Brock
• Adds withinPolygon support for Polygon objects, thanks to Mads Bjerre

Dependency Updates:

• ws@5.2.0
• commander@2.15.1
• nodemon@1.17.5

Development Dependencies Updates:

• flow-bin@0.73.0
• cross-env@5.1.6
• gaze@1.1.3
• deepcopy@1.0.0
• deep-diff@1.0.1

2.8.1

Full Changelog

Ensure all the files are properly exported to the final package.

2.8.0

Full Changelog

New Features

• Adding Mongodb element to add arrayMatches the #4762 (#4766), thanks to Jérémy Piednoel
• Adds ability to Lockout users (#4749), thanks to Florent Vilmart

Bug fixes:

• Fixes issue when using afterFind with relations (#4752), thanks to Florent Vilmart
• New query condition support to match all strings that starts with some other given strings (#3864), thanks to Eduard Bosch Bertran
• Allow creation of indices on default fields (#4738), thanks to Claire Neveu
• Purging empty class (#4676), thanks to Diamond Lewis
• Postgres: Fixes issues comparing to zero or false (#4667), thanks to Diamond Lewis
• Fix Aggregate Match Pointer (#4643), thanks to Diamond Lewis

Improvements:

• Allow Parse.Error when returning from Cloud Code (#4695), thanks to Saulo Tauil
• Fix typo: "requrest" -> "request" (#4761), thanks to Joseph Frazier
• Send version for Vkontakte API (#4725), thanks to oleg
• Ensure we respond with invalid password even if email is unverified (#4708), thanks to dblythy
• Add _password_history to default sensitive data (#4699), thanks to Jong Eun Lee
• Check for node version in postinstall script (#4657), thanks to Diamond Lewis
• Remove FB Graph API version from URL to use the oldest non deprecated version, thanks to SebC

Dependency Updates:

• @parse/push-adapter@2.0.3
• @parse/simple-mailgun-adapter@1.0.2
• uws@10.148.0
• body-parser@1.18.3
• mime@2.3.1
• request@2.85.0
• mongodb@3.0.7
• bcrypt@2.0.1
• ws@5.1.1

Development Dependencies Updates:

• cross-env@5.1.5
• flow-bin@0.71.0
• deep-diff@1.0.0
• nodemon@1.17.3

2.7.4

Full Changelog

Bug Fixes:

• Fixes an issue affecting polygon queries, thanks to Diamond Lewis

Dependency Updates:

• pg-promise@8.2.1

Development Dependencies Updates:

• nodemon@1.17.1

2.7.3

Full Changelog

Improvements:

• Improve documentation for LiveQuery options, thanks to Arthur Cinader
• Improve documentation for using cloud code with docker, thanks to Stephen Tuso
• Adds support for Facebook's AccountKit, thanks to 6thfdwp
• Disable afterFind routines when running aggregates, thanks to Diamond Lewis
• Improve support for distinct aggregations of nulls, thanks to Diamond Lewis
• Regenreate the email verification token when requesting a new email, thanks to Benjamin Wilson Friedman

Bug Fixes:

• Fix issue affecting readOnly masterKey and purge command, thanks to AreyouHappy
• Fixes Issue unsetting in beforeSave doesn't allow object creation, thanks to Diamond Lewis
• Fixes issue crashing server on invalid live query payload, thanks to fridays
• Fixes issue affecting postgres storage adapter "undefined property '__op'", thanks to Tyson Andre

Dependency Updates:

• winston@2.4.1
• pg-promise@8.2.0
• commander@2.15.0
• lru-cache@4.1.2
• parse@1.11.1
• ws@5.0.0
• mongodb@3.0.4
• lodash@4.17.5

Development Dependencies Updates:

• cross-env@5.1.4
• flow-bin@0.67.1
• jasmine@3.1.0
• parse@1.11.1
• babel-eslint@8.2.2
• nodemon@1.15.0

2.7.2

Full Changelog

Improvements:

• Improved match aggregate
• Do not mark the empty push as failed
• Support pointer in aggregate query
• Introduces flow types for storage
• Postgres: Refactoring of Postgres Storage Adapter
• Postgres: Support for multiple projection in aggregate
• Postgres: performance optimizations
• Adds infos about vulnerability disclosures
• Adds ability to login with email when provided as username

Bug Fixes

• Scrub Passwords with URL Encoded Characters
• Fixes issue affecting using sorting in beforeFind

Dependency Updates:

• commander@2.13.0
• semver@5.5.0
• pg-promise@7.4.0
• ws@4.0.0
• mime@2.2.0
• parse@1.11.0

Development Dependencies Updates:

• nodemon@1.14.11
• flow-bin@0.64.0
• jasmine@2.9.0
• cross-env@5.1.3

2.7.1

Full Changelog

⚠️ Fixes a security issue affecting Class Level Permissions

• Adds support for dot notation when using matchesKeyInQuery, thanks to Henrik and Arthur Cinader

2.7.0

Full Changelog

⚠️ This version contains an issue affecting Class Level Permissions on mongoDB. Please upgrade to 2.7.1.

Starting parse-server 2.7.0, the minimun nodejs version is 6.11.4, please update your engines before updating parse-server

New Features:

• Aggregation endpoints, thanks to Diamond Lewis
• Adds indexation options onto Schema endpoints, thanks to Diamond Lewis

Bug fixes:

• Fixes sessionTokens being overridden in 'find' (#4332), thanks to Benjamin Wilson Friedman
• Proper handleShutdown() feature to close database connections (#4361), thanks to CHANG, TZU-YEN
• Fixes issue affecting state of _PushStatus objects, thanks to Benjamin Wilson Friedman
• Fixes issue affecting calling password reset password pages with wrong appid, thanks to Bryan de Leon
• Fixes issue affecting duplicates _Sessions on successive logins, thanks to Florent Vilmart

Improvements:

• Updates contributing guides, and improves windows support, thanks to Addison Elliott
• Uses new official scoped packaged, thanks to Florent Vilmart
• Improves health checks responses, thanks to Benjamin Wilson Friedman
• Add password confirmation to choose_password, thanks to Worathiti Manosroi
• Improve performance of relation queries, thanks to Florent Vilmart

Dependency Updates:

• commander@2.12.1
• ws@3.3.2
• uws@9.14.0
• pg-promise@7.3.2
• parse@1.10.2
• pg-promise@7.3.1

Development Dependencies Updates:

• cross-env@5.1.1

2.6.5

Full Changelog

New Features:

• Adds support for read-only masterKey, thanks to Florent Vilmart
• Adds support for relative time queries (mongodb only), thanks to Marvel Mathew

Improvements:

• Handle possible afterSave exception, thanks to Benjamin Wilson Friedman
• Add support for expiration interval in Push, thanks to Marvel Mathew

Bug Fixes:

• The REST API key was improperly inferred from environment when using the CLI, thanks to Florent Vilmart

2.6.4

Full Changelog

Improvements:

• Improves management of configurations and default values, thanks to Florent Vilmart
• Adds ability to start ParseServer with ParseServer.start(options), thanks to Florent Vilmart
• Adds request original IP to cloud code hooks, thanks to Gustav Ahlberg
• Corrects some outdated links, thanks to Benjamin Wilson Friedman
• Adds serverURL validation on startup, thanks to Benjamin Wilson Friedman
• Adds ability to login with POST requests alongside GET, thanks to Benjamin Wilson Friedman
• Adds ability to login with email, instead of username, thanks to Florent Vilmart

Bug Fixes:

• Fixes issue affecting beforeSaves and increments, thanks to Benjamin Wilson Friedman

Dependency Updates:

• parse-server-push-adapter@2.0.2
• semver@5.4.1
• pg-promise@7.0.3
• mongodb@2.2.33
• parse@1.10.1
• express@4.16.0
• mime@1.4.1
• parse-server-simple-mailgun-adapter@1.0.1

Development Dependencies Updates:

• babel-preset-env@1.6.1
• cross-env@5.1.0
• mongodb-runner@3.6.1
• eslint-plugin-flowtype@2.39.1
• eslint@4.9.0

2.6.3

Full Changelog

Improvements:

• Queries on Pointer fields with $in and $nin now supports list of objectId's, thanks to Florent Vilmart
• LiveQueries on $in and $nin for pointer fields work as expected thanks to Florent Vilmart
• Also remove device token when APNS error is BadDeviceToken, thanks to Mauricio Tollin
• LRU cache is not available on the ParseServer object, thanks to Tyler Brock
• Error messages are more expressive, thanks to Tyler Brock
• Postgres: Properly handle undefined field values, thanks to Diamond Lewis
• Updating with two GeoPoints fails correctly, thanks to Anthony Mosca

New Features:

• Adds ability to set a maxLimit on server configuration for queries, thanks to Chris Norris

Bug fixes:

• Fixes issue affecting reporting _PushStatus with misconfigured serverURL, thanks to Florent Vilmart
• Fixes issue affecting deletion of class that doesn't exist, thanks to Diamond Lewis

Dependency Updates:

• winston@2.4.0
• pg-promise@6.10.2
• winston-daily-rotate-file@1.6.0
• request@2.83.0
• body-parser@1.18.2

Development Dependencies Updates:

• request-promise@4.2.2
• eslint@4.7.1

2.6.2

Full Changelog

Improvements:

• PushWorker/PushQueue channels are properly prefixed with the Parse applicationId, thanks to Marvel Mathew
• You can use Parse.Cloud.afterSave hooks on _PushStatus
• You can use Parse.Cloud.onLiveQueryEvent to track the number of clients and subscriptions
• Adds support for more fields from the Audience class.

New Features:

• Push: Adds ability to track sentPerUTC offset if your push scheduler supports it.
• Push: Adds support for cleaning up invalid deviceTokens from _Installation (PARSE_SERVER_CLEANUP_INVALID_INSTALLATIONS=1).

Dependency Updates:

• ws@3.2.0
• pg-promise@6.5.3
• winston-daily-rotate-file@1.5.0
• body-parser@1.18.1

Development Dependencies Updates:

• nodemon@1.12.1
• mongodb-runner@3.6.0
• babel-eslint@8.0.0

2.6.1

Full Changelog

Improvements:

• Improves overall performance of the server, more particularly with large query results.
• Improves performance of InMemoryCacheAdapter by removing serialization.
• Improves logging performance by skipping necessary log calls.
• Refactors object routers to simplify logic.
• Adds automatic indexing on $text indexes, thanks to Diamon Lewis

New Features:

• Push: Adds ability to send localized pushes according to the _Installation localeIdentifier
• Push: proper support for scheduling push in user's locale time, thanks to Marvel Mathew
• LiveQuery: Adds ability to use LiveQuery with a masterKey, thanks to Jeremy May

Bug Fixes:

• Fixes an issue that would duplicate Session objects per userId-installationId pair.
• Fixes an issue affecting pointer permissions introduced in this release.
• Fixes an issue that would prevent displaying audiences correctly in dashboard.
• Fixes an issue affecting preventLoginWithUnverifiedEmail upon signups.

Dependency Updates:

• pg-promise@6.3.2
• body-parser@1.18.0
• nodemon@1.11.1

Development Dependencies Updates:

• babel-cli@6.26.0

2.6.0

Full Changelog

Breaking Changes:

• parse-server-s3-adapter@1.2.0: A new deprecation notice is introduced with parse-server-s3-adapter's version 1.2.0. An upcoming release will remove passing key and password arguments. AWS credentials should be set using AWS best practices. See the Deprecation Notice for AWS credentials section of the adapter's README.

New Features

• Polygon is fully supported as a type, thanks to Diamond Lewis
• Query supports PolygonContains, thanks to Diamond Lewis

Improvements

• Postgres: Adds support nested contains and containedIn, thanks to Diamond Lewis
• Postgres: Adds support for null in containsAll queries, thanks to Diamond Lewis
• Cloud Code: Request headers are passed to the cloud functions, thanks to miguel-s
• Push: All push queries now filter only where deviceToken exists

Bug Fixes:

• Fixes issue affecting updates of _User objects when authData was passed.
• Push: Pushing to an empty audience should now properly report a failed _PushStatus
• Linking Users: Fixes issue affecting linking users with sessionToken only

Dependency Updates:

• ws@3.1.0
• mime@1.4.0
• semver@5.4.0
• uws@8.14.1
• bcrypt@1.0.3
• mongodb@2.2.31
• redis@2.8.0
• pg-promise@6.3.1
• commander@2.11.0

Development Dependencies Updates:

• jasmine@2.8.0
• babel-register@6.26.0
• babel-core@6.26.0
• cross-env@5.0.2

2.5.3

Full Changelog

New Features:

• badge property on android installations will now be set as on iOS (#3970), thanks to Florent Vilmart

Bug Fixes:

• Fixes incorrect number parser for cache options

2.5.2

Full Changelog

Improvements:

• Restores ability to run on node >= 4.6
• Adds ability to configure cache from CLI
• Removes runtime check for node >= 4.6

2.5.1

Full Changelog

New Features:

• Adds ability to set default objectId size (#3950), thanks to Steven Shipton

Improvements:

• Uses LRU cache instead of InMemoryCache by default (#3979), thanks to Florent Vilmart
• iOS pushes are now using HTTP/2.0 instead of binary API (#3983), thanks to Florent Vilmart

Dependency Updates:

• parse@1.10.0
• pg-promise@6.3.0
• parse-server-s3-adapter@1.1.0
• parse-server-push-adapter@2.0.0

2.5.0

Full Changelog

New Features:

• Adds ability to run full text search (#3904), thanks to Diamond Lewis
• Adds ability to run $withinPolygon queries (#3889), thanks to Diamond Lewis
• Adds ability to pass read preference per query with mongodb (#3865), thanks to davimacedo
• beforeFind trigger now includes isGet for get queries (#3862), thanks to davimacedo
• Adds endpoints for dashboard's audience API (#3861), thanks to davimacedo
• Restores the job scheduling endpoints (#3927), thanks to Florent Vilmart

Improvements:

• Removes unnecessary warning when using maxTimeMs with mongodb, thanks to Tyler Brock
• Improves access control on system classes (#3916), thanks to Worathiti Manosroi
• Adds bytes support in postgres (#3894), thanks to Diamond Lewis

Bug Fixes:

• Fixes issue with vkontakte adapter that would hang the request, thanks to Denis Trofimov
• Fixes issue affecting null relational data (#3924), thanks to davimacedo
• Fixes issue affecting session token deletion (#3937), thanks to Florent Vilmart
• Fixes issue affecting the serverInfo endpoint (#3933), thanks to Florent Vilmart
• Fixes issue affecting beforeSave with dot-noted sub-documents (#3912), thanks to IlyaDiallo
• Fixes issue affecting emails being sent when using a 3rd party auth (#3882), thanks to davimacedo

Dependency Updates:

• commander@2.10.0
• pg-promise@5.9.7
• lru-cache@4.1.0
• mongodb@2.2.28

Development dependencies

• babel-core@6.25.0
• cross-env@5.0.1
• nyc@11.0.2

2.4.2

Full Changelog

New Features:

• ParseQuery: Support for withinPolygon #3866, thanks to Diamond Lewis

Improvements:

• Postgres: Use transactions when deleting a class, #3869, thanks to Vitaly Tomilov
• Postgres: Proper support for GeoPoint equality query, #3874, thanks to Diamond Lewis
• beforeSave and liveQuery will be correctly triggered on email verification #3851, thanks to Florent Vilmart

Bug fixes:

• Skip authData validation if it hasn't changed, on PUT requests #3872, thanks to Florent Vilmart

Dependency Updates:

• mongodb@2.2.27
• pg-promise@5.7.2

2.4.1

Full Changelog

Bug fixes:

• Fixes issue affecting relation updates (#3835, #3836), thanks to Florent Vilmart
• Fixes issue affecting sending push notifications, thanks to Felipe Andrade
• Session are always cleared when updating the passwords (#3289, #3821, thanks to Florent Vilmart

Dependency Updates:

• body-parser@1.17.2
• pg-promise@5.7.1
• ws@3.0.0

2.4.0

Full Changelog

Starting 2.4.0, parse-server is tested against node 6.10 and 7.10, mongodb 3.2 and 3.4. If you experience issues with older versions, please open a issue.

New Features:

• Adds count Class Level Permission (#3814), thanks to Florent Vilmart
• Proper graceful shutdown support (#3786), thanks to Florent Vilmart
• Let parse-server store as scheduled Push Notifications with push_time (#3717, #3722), thanks to Felipe Andrade

Improvements

• Parse-Server images are built through docker hub, thanks to Florent Vilmart
• Skip authData validation if it hasn't changed, thanks to Florent Vilmart
• [postgres] Improve performance when adding many new fields to the Schema (#3740), thanks to Paulo Vítor S Reis
• Test maintenance, wordsmithing and nits (#3744), thanks to Arthur Cinader

Bug Fixes:

• [postgres] Fixes issue affecting deleting multiple fields of a Schema (#3734, #3735), thanks to Paulo Vítor S Reis
• Fix issue affecting _PushStatus state (#3808), thanks to Florent Vilmart
• requiresAuthentication Class Level Permission behaves correctly, thanks to Florent Vilmart
• Email Verification related fields are not exposed (#3681, #3393, #3432), thanks to Anthony Mosca
• HTTP query parameters are properly obfuscated in logs (#3793, #3789), thanks to @youngerong
• Improve handling of $near operators in $or queries (#3767, #3798), thanks to Jack Wearden
• Fix issue affecting arrays of pointers (#3169), thanks to Florent Vilmart
• Fix issue affecting overloaded query constraints (#3723, #3678), thanks to Florent Vilmart
• Properly catch unhandled rejections in _Installation updates (#3795), thanks to kahoona77

Dependency Updates:

• uws@0.14.5
• mime@1.3.6
• mongodb@2.2.26
• pg-promise@5.7.0
• semver@5.3.0

Development dependencies

• babel-cli@6.24.1
• babel-core@6.24.1
• babel-preset-es2015@6.24.1
• babel-preset-stage-0@6.24.1
• babel-register@6.24.1
• cross-env@5.0.0
• deep-diff@0.3.8
• gaze@1.1.2
• jasmine@2.6.0
• jasmine-spec-reporter@4.1.0
• mongodb-runner@3.5.0
• nyc@10.3.2
• request-promise@4.2.1

2.3.8

Full Changelog

New Features

• Support for PG-Promise options, thanks to ren dong

Improvements

• Improves support for graceful shutdown, thanks to Florent Vilmart
• Improves configuration validation for Twitter Authentication, thanks to Benjamin Wilson Friedman

Bug Fixes

• Fixes issue affecting GeoPoint __type with Postgres, thanks to zhoul-HS
• Prevent user creation if username or password is empty, thanks to Wissam Abirached

Dependency Updates:

• cross-env@4.0.0
• ws@2.2.3
• babel-core@6.24.0
• uws@0.14.0
• babel-preset-es2015@6.24.0
• babel-plugin-syntax-flow@6.18.0
• babel-cli@6.24.0
• babel-register@6.24.0
• winston-daily-rotate-file@1.4.6
• mongodb@2.2.25
• redis@2.7.0
• pg-promise@5.6.4
• parse-server-push-adapter@1.3.0

2.3.7

Full Changelog

New Features

• New endpoint to resend verification email, thanks to Xy Ziemba

Improvements

• Add TTL option for Redis Cache Adapter, thanks to Ryan Foster
• Update Postgres Storage Adapter, thanks to Vitaly Tomilov

Bug Fixes

• Add index on Role.name, fixes (#3579), thanks to Natan Rolnik
• Fix default value of userSensitiveFields, fixes (#3593), thanks to Arthur Cinader

Dependency Updates:

• body-parser@1.17.1
• express@4.15.2
• request@2.81.0
• winston-daily-rotate-file@1.4.5
• ws@2.2.0

2.3.6

Full Changelog

Improvements

• Adds support for injecting a middleware for instumentation in the CLI, thanks to Florent Vilmart
• Alleviate mongodb bug with $or queries SERVER-13732, thanks to Jack Wearden

Bug Fixes

• Fix issue affecting password policy and empty passwords, thanks to Bhaskar Reddy Yasa
• Fix issue when logging url in non string objects, thanks to Paulo Vítor S Reis

Dependencies updates:

• ws@2.1.0
• uws@0.13.0
• pg-promise@5.6.2

2.3.5

Full Changelog

Bug Fixes

• Allow empty client key (#3497), thanks to Arthur Cinader
• Fix LiveQuery unsafe user (#3525), thanks to David Starke
• Use flushdb instead of flushall in RedisCacheAdapter (#3523), thanks to Jeremy Louie
• Fix saving GeoPoints and Files in _GlobalConfig (Make sure we don't treat dot notation keys as topLevel atoms) (#3531), thanks to Florent Vilmart

2.3.3

Full Changelog

Breaking Changes

• Minimum Node engine bumped to 4.6 (#3480), thanks to Florent Vilmart

Bug Fixes

• Add logging on failure to create file (#3424), thanks to Arthur Cinader
• Log Parse Errors so they are intelligible (#3431), thanks to Arthur Cinader
• MongoDB $or Queries avoid SERVER-13732 bug (#3476), thanks to Jack Wearden
• Mongo object to Parse object date serialization - avoid re-serialization of iso of type Date (#3389), thanks to nodechefMatt

Improvements

• Ground preparations for push scalability (#3080), thanks to Florent Vilmart
• Use uWS as optional dependency for ws server (#3231), thanks to Florent Vilmart

2.3.2

Full Changelog

New features

• Add parseFrameURL for masking user-facing pages (#3267), thanks to Lenart Rudel

Bug fixes

• Fix Parse-Server to work with winston-daily-rotate-1.4.2 (#3335), thanks to Arthur Cinader

Improvements

• Add support for regex string for password policy validatorPattern setting (#3331), thanks to Bhaskar Reddy Yasa
• LiveQuery should match subobjects with dot notation (#3322), thanks to David Starke
• Reduce time to process high number of installations for push (#3264), thanks to jeacott1
• Fix trivial typo in error message (#3238), thanks to Arthur Cinader

2.3.1

Full Changelog

A major issue was introduced when refactoring the authentication modules. This release addresses only that issue.

2.3.0

Full Changelog

Breaking changes

• Parse.Cloud.useMasterKey() is a no-op, please refer to (Cloud Code migration guide)[https://github.com/ParsePlatform/parse-server/wiki/Compatibility-with-Hosted-Parse#cloud-code]
• Authentication helpers are now proper adapters, deprecates oauth option in favor of auth.
• DEPRECATES: facebookAppIds, use auth: { facebook: { appIds: ["AAAAAAAAA" ] } }
• email field is not returned anymore for Parse.User queries. (Provided only on the user itself if provided).

New Features

• Adds ability to restrict access through Class Level Permissions to only authenticated users see docs
• Adds ability to strip sensitive data from _User responses, strips emails by default, thanks to Arthur Cinader
• Adds password history support for password policies, thanks to Bhaskar Reddy Yasa

Improvements

• Bump parse-server-s3-adapter to 1.0.6, thanks to Arthur Cinader
• Using PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS let you create user sessions when passing {installationId: "xxx-xxx"} on signup in cloud code, thanks to Florent Vilmart
• Add CLI option to pass host parameter when creating parse-server from CLI, thanks to Kulshekhar Kabra

Bug fixes

• Ensure batch routes are only using posix paths, thanks to Steven Shipton
• Ensure falsy options from CLI are properly taken into account, thanks to Steven Shipton
• Fixes issues affecting calls to matchesKeyInQuery with pointers.
• Ensure that select keys can be changed in triggers (beforeFind...), thanks to Arthur Cinader

Housekeeping

• Enables and enforces linting with eslint, thanks to Arthur Cinader

2.2.25

Postgres support requires v9.5

New Features

• Dockerizing Parse Server, thanks to Kirill Kravinsky
• Login with qq, wechat, weibo, thanks to haifeizhang
• Password policy, validation and expiration, thanks to Bhaskar Reddy Yasa
• Health check on /health, thanks to Kirill Kravinsky
• Reuse SchemaCache across requests option, thanks to Steven Shipton

Improvements

• Better support for CLI options, thanks to Steven Shipton
• Specity a database timeout with maxTimeMS, thanks to Tyler Brock
• Adds the username to reset password success pages, thanks to Halim Qarroum
• Better support for Redis cache adapter, thanks to Tyler Brock
• Better coverage of Postgres, thanks to Kulshekhar Kabra

Bug Fixes

• Fixes issue when sending push to multiple installations, thanks to Florent Vilmart
• Fixes issues with twitter authentication, thanks to jonas-db
• Ignore createdAt fields update, thanks to Yuki Takeichi
• Improve support for array equality with LiveQuery, thanks to David Poetzsch-Heffter
• Improve support for batch endpoint when serverURL and publicServerURL have different paths, thanks to Florent Vilmart
• Support saving relation objects, thanks to Yuki Takeichi

2.2.24

New Features

• LiveQuery: Bring your own adapter (#2902), thanks to Florent Vilmart
• LiveQuery: Adds "update" operator to update a query subscription (#2935), thanks to Florent Vilmart

Improvements

• Better Postgres support, thanks to Kulshekhar Kabra
• Logs the function name when failing (#2963), thanks to Michael Helvey
• CLI: forces closing the connections with SIGINT/SIGTERM (#2964), thanks to Kulshekhar Kabra
• Reduce the number of calls to the _SCHEMA table (#2912), thanks to Steven Shipton
• LiveQuery: Support for Role ACL's, thanks to Aaron Blondeau

Bug Fixes

• Better support for checking application and client keys, thanks to Steven Shipton
• Google OAuth, better support for android and web logins, thanks to Florent Vilmart

2.2.23

• Run liveQuery server from CLI with a different port, thanks to Florent Vilmart
• Support for Postgres databaseURI, thanks to Kulshekhar Kabra
• Support for Postgres options, thanks to Kulshekhar Kabra
• Improved support for google login (id_token and access_token), thanks to Florent Vilmart
• Improvements with VKontakte login, thanks to Eugene Antropov
• Improved support for select and include, thanks to Florent Vilmart

Bug fixes

• Fix error when updating installation with useMasterKey (#2888), thanks to Jeremy Louie
• Fix bug affecting usage of multiple notEqualTo, thanks to Jeremy Louie
• Improved support for null values in arrays, thanks to Florent Vilmart

2.2.22

• Minimum nodejs engine is now 4.5

New Features

• New: CLI for parse-live-query-server, thanks to Florent Vilmart
• New: Start parse-live-query-server for parse-server CLI, thanks to Florent Vilmart

Bug fixes

• Fix: Include with pointers are not conflicting with get CLP anymore, thanks to Florent Vilmart
• Fix: Removes dependency on babel-polyfill, thanks to Florent Vilmart
• Fix: Support nested select calls, thanks to Florent Vilmart
• Fix: Use native column selection instead of runtime, thanks to Florent Vilmart
• Fix: installationId header is properly used when updating _Installation objects, thanks to Florent Vilmart
• Fix: don't crash parse-server on improperly formatted live-query messages, thanks to Florent Vilmart
• Fix: Passwords are properly stripped out of logs, thanks to Arthur Cinader
• Fix: Lookup for email in username if email is not set, thanks to Florent Vilmart

2.2.21

• Fix: Reverts removal of babel-polyfill

2.2.20

• New: Adds CloudCode handler for beforeFind, thanks to Florent Vilmart
• New: RedisCacheAdapter for syncing schema, role and user caches across servers, thanks to Florent Vilmart
• New: Latest master build available at ParsePlatform/parse-server#latest, thanks to Florent Vilmart
• Fix: Better support for upgradeToRevocableSession with missing session token, thanks to Florent Vilmart
• Fix: Removes babel-polyfill runtime dependency, thanks to Florent Vilmart
• Fix: Cluster option now support a boolean value for automatically choosing the right number of processes, thanks to Florent Vilmart
• Fix: Filenames now appear correctly, thanks to Lama Chandrasena
• Fix: _acl is properly updated, thanks to Steven Shipton

Other fixes by Mathias Rangel Wulff

2.2.19

• New: support for upgrading to revocable sessions, thanks to Florent Vilmart
• New: NullCacheAdapter for disabling caching, thanks to Yuki Takeichi
• New: Account lockout policy #2601, thanks to Diwakar Cherukumilli
• New: Jobs endpoint for defining and run jobs (no scheduling), thanks to Florent Vilmart
• New: Add --cluster option to the CLI, thanks to Florent Vilmart
• New: Support for login with vk.com, thanks to Nurdaulet Bolatov
• New: experimental support for postgres databases, thanks to Florent Vilmart
• Fix: parse-server doesn't call next() after successful responses, thanks to Florent Vilmart
• Fix: Nested objects are properly includeed with Pointer Permissions on, thanks to Florent Vilmart
• Fix: null values in include calls are properly handled, thanks to Florent Vilmart
• Fix: Schema validations now runs after beforeSave hooks, thanks to Florent Vilmart
• Fix: usersname and passwords are properly type checked, thanks to Bam Wang
• Fix: logging in info log would log also in error log, thanks to Florent Vilmart
• Fix: removes extaneous logging from ParseLiveQueryServer, thanks to Flavio Torres
• Fix: support for Range requests for files, thanks to Brage G. Staven

2.2.18

• Fix: Improve support for objects in push alert, thanks to Antoine Lenoir
• Fix; Prevent pointed from getting clobbered when they are changed in a beforeSave, thanks to sud
• Fix: Improve support for "Bytes" type, thanks to CongHoang
• Fix: Better logging compatability with Parse.com, thanks to Arthur Cinader
• New: Add Janrain Capture and Janrain Engage auth provider, thanks to Andrew Lane
• Improved: Include content length header in files response, thanks to Steven Van Bael
• Improved: Support byte range header for files, thanks to Brage G. Staven
• Improved: Validations for LinkedIn access_tokens, thanks to Felix Dumit
• Improved: Experimental postgres support, thanks to Florent Vilmart
• Perf: Use native bcrypt implementation if available, thanks to Florent Vilmart

2.2.17

Full Changelog

• Cloud code logs #2370 (flovilmart)
• Make sure _PushStatus operations are run in order #2367 (flovilmart)
• Typo fix for error message when can't ensure uniqueness of user email addresses #2360 (AndrewLane)
• LiveQuery constrains matching fix #2357 (simonas-notcat)
• Fix typo in logging for commander parseConfigFile #2352 (AndrewLane)
• Fix minor typos in test names #2351 (acinader)
• Makes sure we don't strip authData or session token from users using masterKey #2348 (flovilmart)
• Run coverage with istanbul #2340 (flovilmart)
• Run next() after successfully sending data to the client #2338 (blacha)
• Cache all the mongodb/version folder #2336 (flovilmart)
• updates usage of setting: emailVerifyTokenValidityDuration #2331 (cherukumilli)
• Update Mongodb client to 2.2.4 #2329 (flovilmart)
• Allow usage of analytics adapter #2327 (deashay)
• Fix flaky tests #2324 (flovilmart)
• don't serve null authData values #2320 (yuzeh)
• Fix null relation problem #2319 (flovilmart)
• Clear the connectionPromise upon close or error #2314 (flovilmart)
• Report validation errors with correct error code #2299 (flovilmart)
• Parses correctly Parse.Files and Dates when sent to Cloud Code Functions #2297 (flovilmart)
• Adding proper generic Not Implemented. #2292 (vitaly-t)
• Adds schema caching capabilities (5s by default) #2286 (flovilmart)
• add digits oauth provider #2284 (ranhsd)
• Improve installations query #2281 (flovilmart)
• Adding request headers to cloud functions fixes #1461 #2274 (blacha)
• Creates a new sessionToken when updating password #2266 (flovilmart)
• Add Gitter chat link to the README. #2264 (nlutsenko)
• Restores ability to include non pointer keys #2263 (flovilmart)
• Allow next middleware handle error in handleParseErrors #2260 (mejcz)
• Exposes the ClientSDK infos if available #2259 (flovilmart)
• Adds support for multiple twitter auths options #2256 (flovilmart)
• validate_purchase fix for SANDBOX requests #2253 (valeryvaskabovich)

2.2.16

• New: Expose InMemoryCacheAdapter publicly, thanks to Steven Shipton
• New: Add ability to prevent login with unverified email, thanks to Diwakar Cherukumilli
• Improved: Better error message for incorrect type, thanks to Andrew Lane
• Improved: Better error message for permission denied, thanks to Blayne Chard
• Improved: Update authData on login, thanks to Florent Vilmart
• Improved: Ability to not check for old files on Parse.com, thanks to OzgeAkin
• Fix: Issues with email adapter validation, thanks to Tyler Brock
• Fix: Issues with nested $or queries, thanks to Florent Vilmart

2.2.15

• Fix: Type in description for Parse.Error.INVALID_QUERY, thanks to Andrew Lane
• Improvement: Stop requiring verifyUserEmails for password reset functionality, thanks to Tyler Brock
• Improvement: Kill without validation, thanks to Drew Gross
• Fix: Deleting a file does not delete from fs.files, thanks to David Keita
• Fix: Postgres stoage adapter fix, thanks to Vitaly Tomilov
• Fix: Results invalid session when providing an invalid session token, thanks to Florent Vilmart
• Fix: issue creating an anonymous user, thanks to Hussam Moqhim
• Fix: make http response serializable, thanks to Florent Vilmart
• New: Add postmark email adapter alternative Glenn Reyes

2.2.14

• Hotfix: Fix Parse.Cloud.HTTPResponse serialization

2.2.13

• Hotfix: Pin version of deepcopy

2.2.12

• New: Custom error codes in cloud code response.error, thanks to Jeremy Pease
• Fix: Crash in beforeSave when response is not an object, thanks to Tyler Brock
• Fix: Allow "get" on installations
• Fix: Fix overly restrictive Class Level Permissions, thanks to Florent Vilmart
• Fix: Fix nested date parsing in Cloud Code, thanks to Marco Cheung
• Fix: Support very old file formats from Parse.com

2.2.11

• Security: Censor user password in logs, thanks to Marco Cheung
• New: Add PARSE_SERVER_LOGS_FOLDER env var for setting log folder, thanks to KartikeyaRokde
• New: Webhook key support, thanks to Tyler Brock
• Perf: Add cache adapter and default caching of certain objects, thanks to Blayne Chard
• Improvement: Better error messages for schema type mismatches, thanks to Jeremy Pease
• Improvement: Better error messages for reset password emails
• Improvement: Webhook key support in CLI, thanks to Tyler Brock
• Fix: Remove read only fields when using beforeSave, thanks to Tyler Brock
• Fix: Use content type provided by JS SDK, thanks to Blayne Chard and Florent Vilmart
• Fix: Tell the dashboard the stored push data is available, thanks to Jeremy Pease
• Fix: Add support for HTTP Basic Auth, thanks to Hussam Moqhim
• Fix: Support for MongoDB version 3.2.6, (note: do not use MongoDB 3.2 with migrated apps that still have traffic on Parse.com), thanks to Tyler Brock
• Fix: Prevent pm2 from crashing when push notifications fail, thanks to benishak
• Fix: Add full list of default _Installation fields, thanks to Jeremy Pease
• Fix: Strip objectId out of hooks responses, thanks to Tyler Brock
• Fix: Fix external webhook response format, thanks to Tyler Brock
• Fix: Fix beforeSave when object is passed to success, thanks to Madhav Bhagat
• Fix: Remove use of deprecated APIs, thanks to Emad Ehsan
• Fix: Crash when multiple Parse Servers on the same machine try to write to the same logs folder, thanks to Steven Shipton
• Fix: Various issues with key names in Parse.Objects
• Fix: Treat Bytes type properly
• Fix: Caching bugs that caused writes by masterKey or other session token to not show up to users reading with a different session token
• Fix: Pin mongo driver version, preventing a regression in version 2.1.19
• Fix: Various issues with pointer fields not being treated properly
• Fix: Issues with pointed getting un-fetched due to changes in beforeSave
• Fix: Fixed crash when deleting classes that have CLPs

2.2.10

• Fix: Write legacy ACLs to Mongo so that clients that still go through Parse.com can read them, thanks to Tyler Brock and carmenlau
• Fix: Querying installations with limit = 0 and count = 1 now works, thanks to ssk7833
• Fix: Return correct error when violating unique index, thanks to Marco Cheung
• Fix: Allow unsetting user's email, thanks to Marco Cheung
• New: Support for Node 6.1

2.2.9

• Fix: Fix a regression that caused Parse Server to crash when a null parameter is passed to a Cloud function

2.2.8

• New: Support for Pointer Permissions
• New: Expose logger in Cloud Code
• New: Option to revoke sessions on password reset
• New: Option to expire inactive sessions
• Perf: Improvements in ACL checking query
• Fix: Issues when sending pushes to list of devices that contains invalid values
• Fix: Issues caused by using babel-polyfill outside of Parse Server, but in the same express app
• Fix: Remove creation of extra session tokens
• Fix: Return authData when querying with master key
• Fix: Bugs when deleting webhooks
• Fix: Ignore _RevocableSession header, which might be sent by the JS SDK
• Fix: Issues with querying via URL params
• Fix: Properly encode "Date" parameters to cloud code functions

2.2.7

• Adds support for --verbose and verbose option when running ParseServer #1414 (flovilmart)
• Adds limit = 0 as a valid parameter for queries #1493 (seijiakiyama)
• Makes sure we preserve Installations when updating a token (#1475) #1486 (flovilmart)
• Hotfix for tests #1503 (flovilmart)
• Enable logs #1502 (drew-gross)
• Do some triple equals for great justice #1499 (TylerBrock)
• Apply credential stripping to all untransforms for _User #1498 (TylerBrock)
• Checking if object has defined key for Pointer constraints in liveQuery #1487 (simonas-notcat)
• Remove collection prefix and default mongo URI #1479 (drew-gross)
• Store collection prefix in mongo adapter, and clean up adapter interface #1472 (drew-gross)
• Move field deletion logic into mongo adapter #1471 (drew-gross)
• Adds support for Long and Double mongodb types (fixes #1316) #1470 (flovilmart)
• Schema.js database agnostic #1468 (flovilmart)
• Remove console.log #1465 (drew-gross)
• Push status nits #1462 (flovilmart)
• Fixes #1444 #1451 (flovilmart)
• Removing sessionToken and authData from _User objects included in a query #1450 (simonas-notcat)
• Move mongo field type logic into mongoadapter #1432 (drew-gross)
• Prevents _User lock out when setting ACL on signup or afterwards #1429 (flovilmart)
• Update .travis.yml #1428 (flovilmart)
• Adds relation fields to objects #1424 (flovilmart)
• Update .travis.yml #1423 (flovilmart)
• Sets the defaultSchemas keys in the SchemaCollection #1421 (flovilmart)
• Fixes #1417 #1420 (drew-gross)
• Untransform should treat Array's as nested objects #1416 (blacha)
• Adds X-Parse-Push-Status-Id header #1412 (flovilmart)
• Schema format cleanup #1407 (drew-gross)
• Updates the publicServerURL option #1397 (flovilmart)
• Fix exception with non-expiring session tokens. #1386 (0x18B2EE)
• Move mongo schema format related logic into mongo adapter #1385 (drew-gross)
• WIP: Huge performance improvement on roles queries #1383 (flovilmart)
• Removes GCS Adapter from provided adapters #1339 (flovilmart)
• DBController refactoring #1228 (flovilmart)
• Spotify authentication #1226 (1nput0utput)
• Expose DatabaseAdapter to simplify application tests #1121 (steven-supersolid)

2.2.6

• Important Fix: Disables find on installation from clients #1374 (flovilmart)
• Adds missing options to the CLI #1368 (flovilmart)
• Removes only master on travis #1367 (flovilmart)
• Auth._loadRoles should not query the same role twice. #1366 (blacha)

2.2.5

• Improves config loading and tests #1363 (flovilmart)
• Adds travis configuration to deploy NPM on new version tags #1361 (gfosco)
• Inject the default schemas properties when loading it #1357 (flovilmart)
• Adds console transport when testing with VERBOSE=1 #1351 (flovilmart)
• Make notEqual work on relations #1350 (flovilmart)
• Accept only bool for $exists in LiveQuery #1315 (drew-gross)
• Adds more options when using CLI/config #1305 (flovilmart)
• Update error message #1297 (drew-gross)
• Properly let masterKey add fields #1291 (flovilmart)
• Point to #1271 as how to write a good issue report #1290 (drew-gross)
• Adds ability to override mount with publicServerURL for production uses #1287 (flovilmart)
• Single object queries to use include and keys #1280 (jeremyjackson89)
• Improves report for Push error in logs and _PushStatus #1269 (flovilmart)
• Removes all stdout/err logs while testing #1268 (flovilmart)
• Matching queries with doesNotExist constraint #1250 (andrecardoso)
• Added session length option for session tokens to server configuration #997 (Kenishi)
• Regression test for #1259 #1286 (drew-gross)
• Regression test for #871 #1283 (drew-gross)
• Add a test to repro #701 #1281 (drew-gross)
• Fix for #1334: using relative cloud code files broken #1353 (airdrummingfool)
• Fix Issue/1288 #1346 (flovilmart)
• Fixes #1271 #1295 (drew-gross)
• Fixes issue #1302 #1314 (flovilmart)
• Fixes bug related to include in queries #1312 (flovilmart)

2.2.4

• Hotfix: fixed imports issue for S3Adapter, GCSAdapter, FileSystemAdapter #1263 (drew-gross
• Fix: Clean null authData values on _User update #1199 (yuzeh)

2.2.3

• Fixed bug with invalid email verification link on email update. #1253 (kzielonka)
• Badge update supports increment as well as Increment #1248 (flovilmart)
• Config/Push Tested with the dashboard. #1235 (drew-gross)
• Better logging with winston #1234 (flovilmart)
• Make GlobalConfig work like parse.com #1210 (framp)
• Improve flattening of results from pushAdapter #1204 (flovilmart)
• Push adapters are provided by external packages #1195 (flovilmart)
• Fix flaky test #1188 (drew-gross)
• Fixes problem affecting finding array pointers #1185 (flovilmart)
• Moves Files adapters to external packages #1172 (flovilmart)
• Mark push as enabled in serverInfo endpoint #1164 (drew-gross)
• Document email adapter #1144 (drew-gross)
• Reset password fix #1133 (carmenlau)

2.2.2

• Important Fix: Mounts createLiveQueryServer, fix babel induced problem #1153 (flovilmart)
• Move ParseServer to it's own file #1166 (flovilmart)
• Update README.md * remove deploy buttons * replace with community links #1139 (drew-gross)
• Adds bootstrap.sh #1138 (flovilmart)
• Fix: Do not override username #1142 (flovilmart)
• Fix: Add pushId back to GCM payload #1168 (wangmengyan95)

2.2.1

• New: Add FileSystemAdapter file adapter #1098 (dtsolis)
• New: Enabled CLP editing #1128 (drew-gross)
• Improvement: Reduces the number of connections to mongo created #1111 (flovilmart)
• Improvement: Make ParseServer a class #980 (flovilmart)
• Fix: Adds support for plain object in $add, $addUnique, $remove #1114 (flovilmart)
• Fix: Generates default CLP, freezes objects #1132 (flovilmart)
• Fix: Properly sets installationId on creating session with 3rd party auth #1110 (flovilmart)

2.2.0

• New Feature: Real-time functionality with Live Queries! #1092 (wangmengyan95)
• Improvement: Push Status API #1004 (flovilmart)
• Improvement: Allow client operations on Roles #1068 (flovilmart)
• Improvement: Add URI encoding to mongo auth parameters #986 (bgw)
• Improvement: Adds support for apps key in config file, but only support single app for now #979 (flovilmart)
• Documentation: Getting Started and Configuring Parse Server #988 (hramos)
• Fix: Various edge cases with REST API #1066 (flovilmart)
• Fix: Makes sure the location in results has the proper objectId #1065 (flovilmart)
• Fix: Third-party auth is properly removed when unlinked #1081 (flovilmart)
• Fix: Clear the session-user cache when changing _User objects #1072 (gfosco)
• Fix: Bug related to subqueries on unfetched objects #1046 (flovilmart)
• Fix: Properly urlencode parameters for email validation and password reset #1001 (flovilmart)
• Fix: Better sanitization/decoding of object data for afterSave triggers #992 (flovilmart)
• Fix: Changes default encoding for httpRequest #892 (flovilmart)

2.1.6

• Improvement: Full query support for badge Increment (#931) #983 (flovilmart)
• Improvement: Shutdown standalone parse server gracefully #958 (raulr)
• Improvement: Add database options to ParseServer constructor and pass to MongoStorageAdapter #956 (steven-supersolid)
• Improvement: AuthData logic refactor #952 (flovilmart)
• Improvement: Changed FileLoggerAdapterSpec to fail gracefully on Windows #946 (aneeshd16)
• Improvement: Add new schema collection type and replace all usages of direct mongo collection for schema operations. #943 (nlutsenko)
• Improvement: Adds CLP API to Schema router #898 (flovilmart)
• Fix: Cleans up authData null keys on login for android crash #978 (flovilmart)
• Fix: Do master query for before/afterSaveHook #959 (wangmengyan95)
• Fix: re-add shebang #944 (flovilmart)
• Fix: Added test command for Windows support #886 (aneeshd16)

2.1.5

• New: FileAdapter for Google Cloud Storage #708 (mcdonamp)
• Improvement: Minimize extra schema queries in some scenarios. #919 (Marco129)
• Improvement: Move DatabaseController and Schema fully to adaptive mongo collection. #909 (nlutsenko)
• Improvement: Cleanup PushController/PushRouter, remove raw mongo collection access. #903 (nlutsenko)
• Improvement: Increment badge the right way #902 (flovilmart)
• Improvement: Migrate ParseGlobalConfig to new database storage API. #901 (nlutsenko)
• Improvement: Improve delete flow for non-existent _Join collection #881 (Marco129)
• Improvement: Adding a role scenario test for issue 827 #878 (gfosco)
• Improvement: Test empty authData block on login for #413 #863 (gfosco)
• Improvement: Modified the npm dev script to support Windows #846 (aneeshd16)
• Improvement: Move HooksController to use MongoCollection instead of direct Mongo access. #844 (nlutsenko)
• Improvement: Adds public_html and views for packaging #839 (flovilmart)
• Improvement: Better support for windows builds #831 (flovilmart)
• Improvement: Convert Schema.js to ES6 class. #826 (nlutsenko)
• Improvement: Remove duplicated instructions #816 (hramos)
• Improvement: Completely migrate SchemasRouter to new MongoCollection API. #794 (nlutsenko)
• Fix: Do not require where clause in $dontSelect condition on queries. #925 (nlutsenko)
• Fix: Make sure that ACLs propagate to before/after save hooks. #924 (nlutsenko)
• Fix: Support params option in Parse.Cloud.httpRequest. #912 (carmenlau)
• Fix: Fix flaky Parse.GeoPoint test. #908 (nlutsenko)
• Fix: Handle legacy _client_permissions key in _SCHEMA. #900 (drew-gross)
• Fix: Fixes bug when querying equalTo on objectId and relation #887 (flovilmart)
• Fix: Allow crossdomain on filesRouter #876 (flovilmart)
• Fix: Remove limit when counting results. #867 (gfosco)
• Fix: beforeSave changes should propagate to the response #865 (gfosco)
• Fix: Delete relation field when _Join collection not exist #864 (Marco129)
• Fix: Related query on non-existing column #861 (gfosco)
• Fix: Update markdown in .github/ISSUE_TEMPLATE.md #859 (igorshubovych)
• Fix: Issue with creating wrong _Session for Facebook login #857 (tobernguyen)
• Fix: Leak warnings in tests, use mongodb-runner from node_modules #843 (drew-gross)
• Fix: Reversed roles lookup #841 (flovilmart)
• Fix: Improves loading of Push Adapter, fix loading of S3Adapter #833 (flovilmart)
• Fix: Add field to system schema #828 (Marco129)

2.1.4

• New: serverInfo endpoint that returns server version and info about the server's features
• Improvement: Add support for badges on iOS
• Improvement: Improve failure handling in cloud code http requests
• Improvement: Add support for queries on pointers and relations
• Improvement: Add support for multiple $in clauses in a query
• Improvement: Add allowClientClassCreation config option
• Improvement: Allow atomically setting subdocument keys
• Improvement: Allow arbitrarily deeply nested roles
• Improvement: Set proper content-type in S3 File Adapter
• Improvement: S3 adapter auto-creates buckets
• Improvement: Better error messages for many errors
• Performance: Improved algorithm for validating client keys
• Experimental: Parse Hooks and Hooks API
• Experimental: Email verification and password reset emails
• Experimental: Improve compatability of logs feature with Parse.com
• Fix: Fix for attempting to delete missing classes via schemas API
• Fix: Allow creation of system classes via schemas API
• Fix: Allow missing where cause in $select
• Fix: Improve handling of invalid object ids
• Fix: Replace query overwriting existing query
• Fix: Propagate installationId in cloud code triggers
• Fix: Session expiresAt is now a Date instead of a string
• Fix: Fix count queries
• Fix: Disallow _Role objects without names or without ACL
• Fix: Better handling of invalid types submitted
• Fix: beforeSave will not be triggered for attempts to save with invalid authData
• Fix: Fix duplicate device token issues on Android
• Fix: Allow empty authData on signup
• Fix: Allow Master Key Headers (CORS)
• Fix: Fix bugs if JavaScript key was not provided in server configuration
• Fix: Parse Files on objects can now be stored without URLs
• Fix: allow both objectId or installationId when modifying installation
• Fix: Command line works better when not given options

2.1.3

• Feature: Add initial support for in-app purchases
• Feature: Better error messages when attempting to run the server on a port that is already in use or without a server URL
• Feature: Allow customization of max file size
• Performance: Faster saves if not using beforeSave triggers
• Fix: Send session token in response to current user endpoint
• Fix: Remove triggers for _Session collection
• Fix: Improve compatability of cloud code beforeSave hook for newly created object
• Fix: ACL creation for master key only objects
• Fix: Allow uploading files without Content-Type
• Fix: Add features to http request to match Parse.com
• Fix: Bugs in development script when running from locations other than project root
• Fix: Can pass query constraints in URL
• Fix: Objects with legacy "_tombstone" key now don't cause issues.
• Fix: Allow nested keys in objects to begin with underscores
• Fix: Allow correct headers for CORS

2.1.2

• Change: The S3 file adapter constructor requires a bucket name
• Fix: Parse Query should throw if improperly encoded
• Fix: Issue where roles were not used in some requests
• Fix: serverURL will no longer default to api.parse.com/1

2.1.1

• Experimental: Schemas API support for DELETE operations
• Fix: Session token issue fetching Users
• Fix: Facebook auth validation
• Fix: Invalid error when deleting missing session

2.1.0

• Feature: Support for additional OAuth providers
• Feature: Ability to implement custom OAuth providers
• Feature: Support for deleting Parse Files
• Feature: Allow querying roles
• Feature: Support for logs, extensible via Log Adapter
• Feature: New Push Adapter for sending push notifications through OneSignal
• Feature: Tighter default security for Users
• Feature: Pass parameters to cloud code in query string
• Feature: Disable anonymous users via configuration.
• Experimental: Schemas API support for PUT operations
• Fix: Prevent installation ID from being added to User
• Fix: Becoming a user works properly with sessions
• Fix: Including multiple object when some object are unavailable will get all the objects that are available
• Fix: Invalid URL for Parse Files
• Fix: Making a query without a limit now returns 100 results
• Fix: Expose installation id in cloud code
• Fix: Correct username for Anonymous users
• Fix: Session token issue after fetching user
• Fix: Issues during install process
• Fix: Issue with Unity SDK sending _noBody

2.0.8

• Add: support for Android and iOS push notifications
• Experimental: cloud code validation hooks (can mark as non-experimental after we have docs)
• Experimental: support for schemas API (GET and POST only)
• Experimental: support for Parse Config (GET and POST only)
• Fix: Querying objects with equality constraint on array column
• Fix: User logout will remove session token
• Fix: Various files related bugs
• Fix: Force minimum node version 4.3 due to security issues in earlier version
• Performance Improvement: Improved caching