From a3483d82c82488af2e0f602a3993316906a36a19 Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Wed, 18 Aug 2021 23:03:09 +0200 Subject: [PATCH] fix changelog skip 4.5.1 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e6f3887c6d..c3f341573e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ [Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.2...master) ### 4.5.2 -[Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.1...4.5.2) +[Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.0...4.5.2) ### Security Fixes - SECURITY FIX: Fixes incorrect session property `authProvider: password` of anonymous users. When signing up an anonymous user, the session field `createdWith` indicates incorrectly that the session has been created using username and password with `authProvider: password`, instead of an anonymous sign-up with `authProvider: anonymous`. This fixes the issue by setting the correct `authProvider: anonymous` for future sign-ups of anonymous users. This fix does not fix incorrect `authProvider: password` for existing sessions of anonymous users. Consider this if your app logic depends on the `authProvider` field. (Corey Baker) [GHSA-23r4-5mxp-c7g5](https://github.com/parse-community/parse-server/security/advisories/GHSA-23r4-5mxp-c7g5)