We always try to maintain the library secure and suggest our users to upgrade to the latest stable version. We realize that sometimes this is not possible.

If you are using the graphql.MaxDepth schema option, make sure that you upgrade to version v1.3.0 or higher due to a bug causing security vulnerability in earlier versions.

If you find a security vulnerability with this library, please, DO NOT submit a pull request right away. Please, report the issue to @pavelnikolov in the Gophers Slack in a private message.