These maintenance releases fix the newly published “CVE-2023-34047: Exposure of data and identity to wrong session in Spring for GraphQL” – please upgrade at your earliest convenience
I’m pleased to announce that Spring for GraphQL 1.0.5, 1.1.6 and 1.2.3 are now available on Maven Central. With this triple maintenance release ships with many bug fixes and upgrades and are drop-in replacements for your current version in production.
Spring for GraphQL 1.3
The Spring Boot team is currently working on the 3.2 minor release due in November. Spring Boot 3.2 will remain on the current 1.2.x branch of Spring for GraphQL, but upgrade to GraphQL Java 21.
Spring for GraphQL 1.3 will join the next Spring Boot 3.3 release train in May, 2024. There are a few requests in our backlog right now and we expect to have more added along the way. In addition, we have began collaborating with the the DGS team on a closer integration between the two frameworks. Stay tuned for more details!
Note that OSS support for 1.2.x is extended to 2024-11-30.