We always try to maintain the library secure and suggest our users to upgrade to the latest stable version. We realize that sometimes this is not possible.
Version | Supported |
---|---|
1.x | ✅ |
< 1.0 | ❌ |
If you are using the graphql.MaxDepth
schema option, make sure that you upgrade to version v1.3.0 or higher due to a bug causing security vulnerability in earlier versions.
If you find a security vulnerability with this library, please, DO NOT submit a pull request right away. Please, report the issue to @pavelnikolov and/or @tony in the Gophers Slack in a private message.