Quarkus 2.11.2.Final released - CVE-2022-2466 is still ongoing
We thought we got to the bottom of CVE-2022-2466, a security issue we have with GraphQL services since 2.10 was released, but this one keeps on giving.
This issue is only of importance to you if you are exposing GraphQL services using the quarkus-smallrye-graphql
extension.
Consuming GraphQL services is fine.
If you are in this case, we recommend to stay on the latest 2.9 for the time being, which is 2.9.2.Final.
If you are not using quarkus-smallrye-graphql
, you are safe to go with the latest and greatest Quarkus that is 2.11.2.Final.
We are working hard to fully circumvent CVE-2022-2466 and will hopefully release a 2.11.3.Final soon that fully fixes the issue.
移行ガイド
If you are not already using 2.11, please refer to our migration guide.
完全な変更履歴
You can get the full changelog of 2.11.2.Final on GitHub.
参加のお誘い
私達は皆様からのフィードバックに重きを置いています。バグ報告、改善要望を是非お願いします。一緒に素晴らしいものを作り上げていきましょう!
Quarkusユーザーの場合でも、単に興味を持っているだけの場合でも、恥ずかしがらずにコミュニティに参加して下さい!:
-
GitHub でフィードバック
-
コードを作成し、 プルリクエスト を送信
-
Stack Overflow で質問