Skip to content

fix: Validate push notification payload #217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 20, 2023
Merged

fix: Validate push notification payload #217

merged 3 commits into from
May 20, 2023

Conversation

mtrezza
Copy link
Member

@mtrezza mtrezza commented May 20, 2023
edited
Loading

Fixes security vulnerability GHSA-mxhg-rvwx-x993.

@parse-github-assistant
Copy link

parse-github-assistant bot commented May 20, 2023
edited
Loading

Thanks for opening this pull request!

  • ❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as Closes: #123 in the PR description, so I can recognize it.

@mtrezza mtrezza changed the title fix fix: Validate push notification payload May 20, 2023
@codecov
Copy link

codecov bot commented May 20, 2023

Codecov Report

Patch coverage: 100.00% and no project coverage change.

Comparison is base (346781d) 100.00% compared to head (de99466) 100.00%.

❗ Current head de99466 differs from pull request most recent head b73013b. Consider uploading reports for the commit b73013b to get more accurate results

Additional details and impacted files 
@@            Coverage Diff            @@
##            master      #217   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            5         5           
  Lines          271       277    +6     
=========================================
+ Hits           271       277    +6
Impacted Files Coverage Δ
src/APNS.js 100.00% <100.00%> (ø)
src/GCM.js 100.00% <100.00%> (ø)

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@mtrezza mtrezza merged commit 598cb84 into parse-community:master May 20, 2023
parseplatformorg pushed a commit that referenced this pull request May 20, 2023
@semantic-release-bot
chore(release): 4.1.3 [skip ci]
ac13329 
## [4.1.3](4.1.2...4.1.3) (2023-05-20)

### Bug Fixes

* Validate push notification payload; fixes a security vulnerability in which the adapter can crash Parse Server due to an invalid push notification payload ([#217](#217)) ([598cb84](598cb84))
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 4.1.3

@mtrezza mtrezza deleted the fix-master branch May 20, 2023 20:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
state:released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mtrezza @parseplatformorg @dblythy