Spring for GraphQL 1.0.5, 1.1.6, 1.2.3 released
These maintenance releases fix the newly published "CVE-2023-34047: Exposure of data and identity to wrong session in Spring for GraphQL" - please upgrade at your earliest convenience
Update: we have just released 1.0.6 and 1.1.7 to address a missing backport. This backport is not related to the CVE fix released earlier today.
I'm pleased to announce that Spring for GraphQL 1.0.6, 1.1.6 and 1.2.3 are now available on Maven Central. With this triple maintenance release ships with many bug fixes and upgrades and are drop-in replacements for your current version in production.
The 1.0.5 release includes 7 fixes and documentation improvements. This version will be shipped with Spring Boot 2.7.16, to be released later this week…