parse-server LiveQuery subscriber authorization verification for object states in leave/enter events

Parse Server LiveQuery now verifies subscriber authorization for object states in leave and enter events. For a leave caused by loss of read access, the event delivers the last authorized object state instead of the post-update body. For an enter caused by gaining read access, the previously unauthorized original object state is omitted.

Applications using Parse Server LiveQuery that combine content changes with access-control changes in the same save on LiveQuery-enabled classes.

Review your application for saves that change both object fields and ACL read access on LiveQuery-enabled classes, and separate them into distinct saves. Alternatively, limit which classes are enabled for LiveQuery.