ghost opened a new issue, #14348: URL: https://github.com/apache/grails-core/issues/14348
gorm-graphql 2.0.1 pulls in graphql-java 14.1 which has multiple CVEs against it. Even on the 3.0.x branch, it still only pulls in graphql-java 17.3 which still has the 2023 CVE against it. Unfortunately here are breaking changes between graphql-java 14.x and the versions needed to fix these vulnerabilities, so forcing the version difference doesn't seem to be an option. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
