The English version of quarkus.io is the official project site. Translated sites are community supported on a best-effort basis.

Quarkus 2.11.2.Final released - CVE-2022-2466 is still ongoing

We thought we got to the bottom of CVE-2022-2466, a security issue we have with GraphQL services since 2.10 was released, but this one keeps on giving.

This issue is only of importance to you if you are exposing GraphQL services using the quarkus-smallrye-graphql extension. Consuming GraphQL services is fine.

If you are in this case, we recommend to stay on the latest 2.9 for the time being, which is 2.9.2.Final.

If you are not using quarkus-smallrye-graphql, you are safe to go with the latest and greatest Quarkus that is 2.11.2.Final.

We are working hard to fully circumvent CVE-2022-2466 and will hopefully release a 2.11.3.Final soon that fully fixes the issue.

Migration Guide

If you are not already using 2.11, please refer to our migration guide.

Registro completo de cambios

Únete a nosotros

Valoramos mucho tus comentarios, así que por favor reporta errores, solicita mejoras…​ ¡Construyamos algo grandioso juntos!

Si eres un usuario de Quarkus o simplemente tienes curiosidad, no seas tímido y únete a nuestra acogedora comunidad: