Skip to content

18.7
Compare
Choose a tag to compare
@dondonz dondonz released this 15 Aug 06:21
v18.7
ffd0017
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This is a special release with only one change, which updates the Guava version to v32.1.1.

This release does not change any code in graphql-java. It is only to keep security scanners happy.

graphql-java shades in selected classes of Guava. graphql-java never used the classes affected by CVE-2023-2976, but nevertheless the Guava version number appears in metadata, which is read by security scanners. While we previously released a version of graphql-java with the patched Guava version, this initial patched version had an issue with the Windows release. This caused some security scanners to still consider the initial patched version as "vulnerable". This release updates the Guava version to 32.1.1 which does not have the Windows release problem.

More details: #3263

Assets 2