Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 16.8.1 to address resource exhaustion vulnerability #3972

Closed
wants to merge 1 commit into from
Closed

Release 16.8.1 to address resource exhaustion vulnerability #3972

wants to merge 1 commit into from

Conversation

AaronMoat
Copy link
Contributor

As per #3955 (comment) & #3967 (comment) it would be great to get this addressed and released.

@github-actions
Copy link

Hi @AaronMoat, I'm @github-actions bot happy to help you with this PR 👋

Supported commands

Please post this commands in separate comments and only one per comment:

  • @github-actions run-benchmark - Run benchmark comparing base and merge commits for this PR
  • @github-actions publish-pr-on-npm - Build package from this PR and publish it on NPM

Copy link

@tadhglewis tadhglewis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we able to get this in asap? This impacts all consumers unless they have some kind of mitigation in place (which Apollo doesn't do by itself) which I found to be the case about <30% of the time when testing a bunch of different companies

Q: should this be disclosed as a vulnerability? it's already public but consumers should upgrade asap

@IvanGoncharov
Copy link
Member

@AaronMoat Thanks for the ping, released https://github.com/graphql/graphql-js/releases/tag/v16.8.1

@AaronMoat AaronMoat deleted the bump-16 branch September 19, 2023 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants