GraphQL-Ruby Security Update
Hi everyone,
A security vulnerability has been identified in GraphQL-Ruby v1.11.5+. Patch releases are available for all minor versions of GraphQL-Ruby since then:
- 1.11.11
- 1.12.25
- 1.13.24
- 2.0.32
- 2.1.14
- 2.2.17
- 2.3.21
- 2.4.13
Please update to one of those versions. For details about this vulnerability, see the report on GitHub.
Special thanks to @yvvdwf who reported this issue and to the security team at GitLab who received this report in their bounty program and reviewed my mitigation.
Best,
Robert
Don't miss what's next. Subscribe to GraphQL-Ruby Newsletter: