Skip to content

Tags: parse-community/parse-server

Tags

9.1.1

Toggle 9.1.1's commit message 
chore(release): 9.1.1 [skip ci]

## [9.1.1](9.1.0...9.1.1) (2025-12-16)

### Bug Fixes

* Server-Side Request Forgery (SSRF) in Instagram auth adapter [GHSA-3f5f-xgrj-97pf](GHSA-3f5f-xgrj-97pf) ([#9988](#9988)) ([fbcc938](fbcc938))

9.1.1-alpha.1

Toggle 9.1.1-alpha.1's commit message 
chore(release): 9.1.1-alpha.1 [skip ci]

## [9.1.1-alpha.1](9.1.0...9.1.1-alpha.1) (2025-12-16)

### Bug Fixes

* Server-Side Request Forgery (SSRF) in Instagram auth adapter [GHSA-3f5f-xgrj-97pf](GHSA-3f5f-xgrj-97pf) ([#9988](#9988)) ([fbcc938](fbcc938))

8.6.2

Toggle 8.6.2's commit message 
chore(release): 8.6.2 [skip ci]

## [8.6.2](8.6.1...8.6.2) (2025-12-16)

### Bug Fixes

* Server-Side Request Forgery (SSRF) in Instagram auth adapter [GHSA-3f5f-xgrj-97pf](GHSA-3f5f-xgrj-97pf) ([#9989](#9989)) ([155c6ad](155c6ad))

9.1.0

Toggle 9.1.0's commit message 
chore(release): 9.1.0 [skip ci]

# [9.1.0](9.0.0...9.1.0) (2025-12-14)

### Bug Fixes

* Cross-Site Scripting (XSS) via HTML pages for password reset and email verification [GHSA-jhgf-2h8h-ggxv](GHSA-jhgf-2h8h-ggxv) ([#9985](#9985)) ([3074eb7](3074eb7))

### Features

* Add option `logLevels.signupUsernameTaken` to change log level of username already exists sign-up rejection ([#9962](#9962)) ([f18f307](f18f307))
* Add support for custom HTTP status code and headers to Cloud Function response with Express-style syntax ([#9980](#9980)) ([8eeab8d](8eeab8d))
* Log more debug info when failing to set duplicate value for field with unique values ([#9919](#9919)) ([a23b192](a23b192))

9.1.0-alpha.4

Toggle 9.1.0-alpha.4's commit message 
chore(release): 9.1.0-alpha.4 [skip ci]

# [9.1.0-alpha.4](9.1.0-alpha.3...9.1.0-alpha.4) (2025-12-14)

### Features

* Log more debug info when failing to set duplicate value for field with unique values ([#9919](#9919)) ([a23b192](a23b192))

9.1.0-alpha.3

Toggle 9.1.0-alpha.3's commit message 
chore(release): 9.1.0-alpha.3 [skip ci]

# [9.1.0-alpha.3](9.1.0-alpha.2...9.1.0-alpha.3) (2025-12-14)

### Bug Fixes

* Cross-Site Scripting (XSS) via HTML pages for password reset and email verification [GHSA-jhgf-2h8h-ggxv](GHSA-jhgf-2h8h-ggxv) ([#9985](#9985)) ([3074eb7](3074eb7))

9.1.0-alpha.2

Toggle 9.1.0-alpha.2's commit message 
chore(release): 9.1.0-alpha.2 [skip ci]

# [9.1.0-alpha.2](9.1.0-alpha.1...9.1.0-alpha.2) (2025-12-14)

### Features

* Add support for custom HTTP status code and headers to Cloud Function response with Express-style syntax ([#9980](#9980)) ([8eeab8d](8eeab8d))

9.1.0-alpha.1

Toggle 9.1.0-alpha.1's commit message 
chore(release): 9.1.0-alpha.1 [skip ci]

# [9.1.0-alpha.1](9.0.0...9.1.0-alpha.1) (2025-12-14)

### Features

* Add option `logLevels.signupUsernameTaken` to change log level of username already exists sign-up rejection ([#9962](#9962)) ([f18f307](f18f307))

9.0.0

Toggle 9.0.0's commit message 
chore(release): 9.0.0 [skip ci]

# [9.0.0](8.6.0...9.0.0) (2025-12-14)

### Bug Fixes

* Upgrade to GraphQL Apollo Server 5 and restrict GraphQL introspection ([#9888](#9888)) ([87c7f07](87c7f07))

### Features

* Deprecation DEPPS10: Encode `Parse.Object` in Cloud Function and remove option `encodeParseObjectInCloudFunction` ([#9973](#9973)) ([a2d3dbe](a2d3dbe))
* Deprecation DEPPS11: Replace `PublicAPIRouter` with `PagesRouter` ([#9974](#9974)) ([8f877d4](8f877d4))
* Deprecation DEPPS113: Config option `enableInsecureAuthAdapters` defaults to `false` ([#9982](#9982)) ([22d4622](22d4622))
* Deprecation DEPPS12: Database option `allowPublicExplain` defaults to `false` ([#9975](#9975)) ([c1c7e69](c1c7e69))
* Increase required minimum MongoDB version to `7.0.16` ([#9971](#9971)) ([7bb548b](7bb548b))
* Increase required minimum Node version to `20.19.0` ([#9970](#9970)) ([633964d](633964d))
* Increase required minimum version to Postgres `16`, PostGIS `3.5` ([#9972](#9972)) ([7483add](7483add))
* Update route patterns to use path-to-regexp v8 syntax ([#9942](#9942)) ([fa8723b](fa8723b))
* Upgrade to @parse/push-adapter 8.1.0 ([#9938](#9938)) ([d5e76b0](d5e76b0))
* Upgrade to parse 8.0.0 ([#9976](#9976)) ([f9970d4](f9970d4))

### BREAKING CHANGES

* This release changes the config option `enableInsecureAuthAdapters` default to `false` (Deprecation DEPPS13). ([22d4622](22d4622))
* This release changes the MongoDB database option `allowPublicExplain` default to `false` (Deprecation DEPPS12). ([c1c7e69](c1c7e69))
* This release replaces `PublicAPIRouter` with `PagesRouter` (Deprecation DEPPS11). ([8f877d4](8f877d4))
* This release encodes `Parse.Object` in Cloud Function and removes option `encodeParseObjectInCloudFunction` (Deprecation DEPPS10). ([a2d3dbe](a2d3dbe))
* This releases increases the required minimum version to Postgres `16`, PostGIS `3.5`. ([7483add](7483add))
* Route pattern syntax across cloud routes and rate-limiting now use the new path-to-regexp v8 syntax; see the [migration guide](https://github.com/parse-community/parse-server/blob/alpha/9.0.0.md) for more details. ([fa8723b](fa8723b))
* This releases increases the required minimum MongoDB version to `7.0.16`. ([7bb548b](7bb548b))
* Upgrade to Apollo Server 5 and GraphQL express 5 integration; GraphQL introspection now requires using `masterKey` or setting `graphQLPublicIntrospection: true`. ([87c7f07](87c7f07))
* This releases increases the required minimum Node version to `20.19.0`. ([633964d](633964d))

9.0.0-alpha.11

Toggle 9.0.0-alpha.11's commit message 
chore(release): 9.0.0-alpha.11 [skip ci]

# [9.0.0-alpha.11](9.0.0-alpha.10...9.0.0-alpha.11) (2025-12-14)

### Features

* Deprecation DEPPS113: Config option `enableInsecureAuthAdapters` defaults to `false` ([#9982](#9982)) ([22d4622](22d4622))

### BREAKING CHANGES

* This release changes the config option `enableInsecureAuthAdapters` default to `false` (Deprecation DEPPS13). ([22d4622](22d4622))