Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreThese maintenance releases fix the newly published "CVE-2023-34047: Exposure of data and identity to wrong session in Spring for GraphQL" - please upgrade at your earliest convenience
Update: we have just released 1.0.6 and 1.1.7 to address a missing backport. This backport is not related to the CVE fix released earlier today.
I'm pleased to announce that Spring for GraphQL 1.0.6, 1.1.6 and 1.2.3 are now available on Maven Central. With this triple maintenance release ships with many bug fixes and upgrades and are drop-in replacements for your current version in production.
The 1.0.5 release includes 7 fixes and documentation improvements. This version will be shipped with Spring Boot 2.7.16, to be released later this week.
The 1.1.6 release includes 12 fixes and documentation improvements. This version will be shipped with Spring Boot 3.0.11, to be released later this week.
Finally, the 1.2.3 release includes 24 fixes and documentation improvements. This version will be shipped with Spring Boot 3.1.4, to be released later this week.
The Spring Boot team is currently working on the 3.2 minor release due in November. Spring Boot 3.2 will remain on the current 1.2.x branch of Spring for GraphQL, but upgrade to GraphQL Java 21.
Spring for GraphQL 1.3 will join the next Spring Boot 3.3 release train in May, 2024. There are a few requests in our backlog right now and we expect to have more added along the way. In addition, we have began collaborating with the the DGS team on a closer integration between the two frameworks. Stay tuned for more details!
Note that OSS support for 1.2.x is extended to 2024-11-30.
If you have general questions, please ask on stackoverflow.com using the spring-graphql
tag.
Project Page | GitHub | Issues | Documentation | Stack Overflow