You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This hotfix reverts the addition of type: 1 to every projection that lacked this property. Instead, this is conditionally added only when the projection is inclusive—that is, when it specifies a list of fields to be returned. For projections that exclude fields, type: 1 will no longer be automatically added. This resolves a MongoDB error.
In addition, this hotfix updates the uploadfs dependencies to patch a security vulnerability in the sharp imaging package that could allow those with permission to upload images to an Apostrophe project to cause a buffer overflow error.
Security
Update uploadfs to guarantee users get a fix for a potential security vulnerability in sharp.
This was theoretically exploitable only by users with permission to upload media to Apostrophe
Remove the webpack bundle analyzer feature, which had been nonfunctional for some time, to address a harmless npm audit warning
Note: there is one remaining npm audit warning regarding postcss. This is not a true vulnerability because only developers
with access to the entire codebase can modify styles passed to postcss by Apostrophe, but we are working with upstream
developers to determine the best steps to clear the warning
Fixes
Automatically add type to the projection only if there are no exclusions in the projection. Needed to prevent Cannot do exclusion on field in inclusion projection error.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
This hotfix reverts the addition of
type: 1
to every projection that lacked this property. Instead, this is conditionally added only when the projection is inclusive—that is, when it specifies a list of fields to be returned. For projections that exclude fields,type: 1
will no longer be automatically added. This resolves a MongoDB error.In addition, this hotfix updates the
uploadfs
dependencies to patch a security vulnerability in thesharp
imaging package that could allow those with permission to upload images to an Apostrophe project to cause a buffer overflow error.Security
uploadfs
to guarantee users get a fix for a potential security vulnerability insharp
.This was theoretically exploitable only by users with permission to upload media to Apostrophe
npm audit
warning regardingpostcss
. This is not a true vulnerability because only developerswith access to the entire codebase can modify styles passed to
postcss
by Apostrophe, but we are working with upstreamdevelopers to determine the best steps to clear the warning
Fixes
type
to the projection only if there are no exclusions in the projection. Needed to preventCannot do exclusion on field in inclusion projection
error.Beta Was this translation helpful? Give feedback.
All reactions