Releases: spring-projects/spring-graphql
Releases · spring-projects/spring-graphql
v2.0.4
⚠️ Security fixes
This release fixes 3 "High" CVEs:
- CVE-2026-41699: Unsafe Deserialization in Spring GraphQL
- CVE-2026-41700: Cross-Site WebSocket Hijacking in Spring for GraphQL
- CVE-2026-41856: Spring GraphQL Annotation Detection Vulnerability
⭐ New Features
- Provide more flexibility in JsonKeysetCursorStrategy collections types #1445
🐞 Bug Fixes
- Argument annotations are ignored on handler methods in generic interfaces #1469
- configureBinder method is unusable #1468
- Allow custom Origins when upgrading to WebSocket transport #1452
- Observations not closed when DataLoader returns null values #1448
- WebSocket keepalive PING not emitted for all idle concurrent sessions #1447
- Missing
@Nullableon type parameter of GraphQlTester.Request#variables(Map<String, Object>) #1435 - JSON syntax error in graphiql XSRF header support #1434
- Memory leak in WebFlux WebSocket support when client disconnects #1293
🔨 Dependency Upgrades
v1.4.6
⚠️ Security fixes
This release fixes 3 "High" CVEs:
- CVE-2026-41699: Unsafe Deserialization in Spring GraphQL
- CVE-2026-41700: Cross-Site WebSocket Hijacking in Spring for GraphQL
- CVE-2026-41856: Spring GraphQL Annotation Detection Vulnerability
⭐ New Features
- Provide more flexibility in JsonKeysetCursorStrategy collections types #1446
- Add singleElement() to GraphQlTester.EntityList #1381
🐞 Bug Fixes
- WebSocket keepalive PING not emitted for all idle concurrent sessions #1474
- Memory leak in WebFlux WebSocket support when client disconnects #1473
- Observations not closed when DataLoader returns null values #1472
- Argument annotations are ignored on handler methods in generic interfaces #1470
- Allow custom Origins when upgrading to WebSocket transport #1465
🔨 Dependency Upgrades
v2.0.3
⭐ New Features
- Switch to empty SSE comments for keep-alive messages #1431
- Add singleElement() to GraphQlTester.EntityList #1380
🐞 Bug Fixes
- GraphQlTester Kotlin extensions do not allow null types in entity* specs #1424
📔 Documentation
- Small typo fixed in modules/ROOT/pages/index.adoc #1417
🔨 Dependency Upgrades
- Upgrade to DGS codegen 8.4.3 #1442
- Upgrade to GraphQL Federation JVM 6.0.0 #1441
- Upgrade to Jackson 3.1.2 #1436
- Upgrade to Micrometer 1.16.5 and Tracing 1.6.5 #1438
- Upgrade to Reactor 2025.0.5 #1437
- Upgrade to Spring Data 2025.1.5 #1439
- Upgrade to Spring Framework 7.0.7 #1430
- Upgrade to Spring Security 7.0.5 #1440
❤️ Contributors
Thank you to all the contributors who worked on this release:
Contributors
sic2 and zkozina
Assets 2
v1.4.5
🐞 Bug Fixes
- Application fails to start with "No target ValidatorFactory set" when validation API is present without provider #1412
🔨 Dependency Upgrades
v2.0.2
⭐ New Features
@EntityMappingshould support object types that implement multiple interfaces #1414- Add enum and number values support to JsonKeysetCursorStrategy #1346
🐞 Bug Fixes
- Application fails to start with "No target ValidatorFactory set" when validation API is present without provider #1407
📔 Documentation
- Improve documentation for Keyset Cursor override #1413
🔨 Dependency Upgrades
- Upgrade to Micrometer 1.16.2 and Tracing 1.6.2 #1408
- Upgrade to Reactor 2025.0.2 #1409
- Upgrade to Spring Data 2025.1.2 #1411
- Upgrade to Spring Framework 7.0.3 #1410
❤️ Contributors
Thank you to all the contributors who worked on this release:
Contributors
stupid58fly
Assets 2
v2.0.1
v1.4.4
v1.3.7
🔨 Dependency Upgrades
- Upgrade to json-path 2.10.0 because of CVE-2024-57699 in json-smart #1388
v2.0.0
Spring for GraphQL 2.0
See the complete release notes for Spring for GraphQL 2.0.
🔨 Dependency Upgrades
- Upgrade to GraphiQL 5.2.1 #1363
- Upgrade to GraphQL Java 25.0 #1357
- Upgrade to Jackson 2.20.1 #1373
- Upgrade to Jackson 3.0.2 #1374
- Upgrade to Kotlin 2.2.21 #1375
- Upgrade to Micrometer 1.16.0 and Tracing 1.6.0 #1360
- Upgrade to Reactor 2025.0.0 #1359
- Upgrade to Spring Data 2025.1.0 #1362
- Upgrade to Spring Framework 7.0.0 #1358
- Upgrade to Spring Security 7.0.0 #1361
❤️ Contributors
Thank you to all the contributors who worked on this release:
Contributors
JBodkin-Amphora