Closed houg closed 1 year ago
manshanb
commented
1 year ago +1 We have the same issue. graphql-java is flagged for security vulnerabilities and graphql-spqr need to upgrade graphql-java version. This is a high sev issue for us as its a security vulnerability.
thomasbigger584
commented
1 year ago Similar issue, also it isnt working with Spring 2.7.x with the following error: Caused by: java.lang.ClassNotFoundException: graphql.execution.batched.Batched
samwhile
commented
1 year ago +1
At the very least there is an open PR #423 that's upgrading to 17.3 along with some updates to address breaking changes. I've asked the author to at least bump it to 17.4 to address the recent vulnerability.
@kaqqao
mayrain319
commented
1 year ago +1, we really need to have graphql-java to be 18.3 or above since there are security issues on 16.2
amitdhama04
commented
1 year ago Do we have any update on this? are you going to release any version for this with upgrade soon?
kaqqao
commented
1 year ago Since this is getting a lot of attention, I will look into this soon. I have also been approached by external contributors regarding this, so maybe something comes out of it in the following days. If not, I'll see to it myself. There are 2 PRs currently, but both seem to be targeting graphql-java 17.x.
amitdhama04
commented
1 year ago Is there any update?
kaqqao
commented
1 year ago I've upgraded to the latest graphql-java and will soon make a release. If anyone cares to test their project against the current master before the release, I'd be grateful. General cleanup and removal of all calls to deprecated APIs will have to be handled in a future release, due to the rush to upgrade in the face of security vulnerabilities.
kaqqao
commented
1 year ago See #433
The following versions of graphql-java 18.3 have vulnerabilities.Can version of graphql-java be upgraded to 18.3 and above?