These maintenance releases fix the newly published “CVE-2023-34047: Exposure of data and identity to wrong session in Spring for GraphQL” – please upgrade at your earliest convenience
I’m pleased to announce that Spring for GraphQL 1.0.5, 1.1.6 and 1.2.3 are now available on Maven Central. With this triple maintenance release ships with many bug fixes and upgrades and are drop-in replacements for your current version in production.
The 1.0.5 release includes 7 fixes and documentation improvements. This version will be shipped with Spring Boot 2.7.16, to be released later this week.
The 1.1.6 release includes 12 fixes and documentation improvements. This version will be shipped with Spring Boot 3.0.11, to be released later this week.
Finally, the 1.2.3 release includes 24 fixes and documentation improvements. This version will be shipped with Spring Boot 3.1.4, to be released later this week.
Spring for GraphQL 1.3
The Spring Boot team is currently working on the 3.2 minor release due in November. Spring Boot 3.2 will remain on the current 1.2.x branch of Spring for GraphQL, but upgrade to GraphQL Java 21.
Spring for GraphQL 1.3 will join the next Spring Boot 3.3 release train in May, 2024. There are a few requests in our backlog right now and we expect to have more added along the way. In addition, we have began collaborating with the the DGS team on a closer integration between the two frameworks. Stay tuned for more details!
Note that OSS support for 1.2.x is extended to 2024-11-30.
How can you help?
If you have general questions, please ask on stackoverflow.com using the spring-graphql tag.
Project Page | GitHub | Issues | Documentation | Stack Overflow
暂无评论内容