9 matches found
This Week in Spring – December 16th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it’s been! We’ve got around nine shopping days ’til Christmas, and the New Year is almost here! Things are moving so quickly and the Spring community is no exception! Let's dive into this week's wonderful...
This Week in Spring - July 1st, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's July!! This week, I'm on PTO, and as always, I'm looking for good reading material on the plane ride over for my holiday. Thank goodness for the ever-vibrant and awesome Spring community; there's tons of stuff to dive...
A Bootiful Podcast: Netflix’s Paul Bakker and Kavitha Srinivasan on scaling Spring Boot and Spring GraphQL
Hi, Spring fans! In this installment, I'm thrilled to be joined by Netflix's Paul Bakker and Kavitha Srinivasan, who explain how they're integrating and evolving Spring for GraphQL in their own GraphQL stack and how they're managing, growing, and evolving thousands of services written in Spring B...
Information Disclosure
org.springframework.graphql:spring-graphql is vulnerable to Information Disclosure. The vulnerability is due to an issue where an application provides a DataLoaderOptions instance when registering batch loader functions through the DefaultBatchLoaderRegistry method leading to information disclosu...
com.introproventures:graphql-jpa-query-test-boot-starter (>=1.1.0 <=1.1.3), com.introproventures:graphql-jpa-query-test-multiple-datasources (>=1.1.0 <=1.1.3) +16 more potentially affected by CVE-2023-34047 via org.springframework.graphql:spring-graphql (>=1.2.0 <=1.2.2)
org.springframework.graphql:spring-graphql MAVEN version =1.2.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.11.0, =1.11.0, =1.1.0, =7.19.2, =4.6.0, =4.6.0, =4.6.0, =4.6.3, =4.6.0, =4.6.0, =4.6.5 and more Source cves: CVE-2023-34047 Source advisory:...
com.introproventures:graphql-jpa-query-test-boot-starter (=1.0.0), com.introproventures:graphql-jpa-query-test-multiple-datasources (=1.0.0) +11 more potentially affected by CVE-2023-34047 via org.springframework.graphql:spring-graphql (>=1.1.0 <=1.1.5)
org.springframework.graphql:spring-graphql MAVEN version =1.1.0, =1.0.0, =0.0.1, =7.16.0, =3.0.0, =1.1.0, =6.0.0, =1.0.0, =2.0.0-RELEASE Source cves: CVE-2023-34047 Source advisory: OSV:GHSA-FRQC-F2H8-FJVF...
Code injection
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...
Spring GraphQL Security Vulnerability
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring GraphQL versions 1.1.0 through 1.1.5 and 1.2.0 through 1.2.2, which stems from the...
A Bootiful Podcast: GraphQL Java founder Andi Marek
Hi, Spring fans! In this installment of a Bootiful Podcast, Josh Long @starbuxman talks to the GraphQL Java project founder and lead, Atlassian engineer, and Spring GraphQL cofounder Andi Marek @andimarek...