Release Notes / Version 10.2107
Table Of ContentsDue to a security vulnerability in GraphQL-Java, it was necessary to upgrade the GraphQL-Java version of CM10 - 2107 LTS. If a customer uses only persisted queries, they should be unaffected by the vulnerability.
The upgrade to
com.graphql-java:graphql-java:19.2
did include several (potential) breaking changes in case a customer customized the headless server:
When implementing multiple interfaces in a schema, the new syntax requires an "&" symbol instead of a ","
The public API CoreMedia class
CacheMapWrapper, used for the dataloader cache was revoked due to breaking changes in the dataloader API. The dataloader cache is now created using the updated dataloader API only. (seeCaasConfig)All filter predicates now have to implement the
FilterPredicateinterface instead of thePredicateinterface. Otherwise they will be ignored!The class
ContextHolderwas removed. Thus, access to context variables via the ContextHolder does not work anymore. Instead access to context variables is provided via the newGraphQLContextclass and theDataFetchingEnvironment.The new interface
DataFetchingEnvironmentAwarewas introduced, which declares an adapter to require a graphql environment. Because of this, the affected adapters require now an additional environment parameter. The adapters are:SearchServiceAdapter, AbstractDynamicListAdapter, ByPathAdapter, PageGridAdapter, PageGridPlacementAdapter, PageGridRowAdapter, QueryListAdapter, LinkListAdapterandSearchServiceAdapter.
The methods
validFromQuery(String validFromFieldName)andvalidFromPastToValueQuery(String fieldName)inSearchQueryHelperwere removed, since due to the refactoring of theContextHolder, it was no longer possible to support those methods. UsevalidFromPastToValueQuery(String fieldName, ZonedDateTime value)andvalidFromValueToFutureQuery(String fieldName, ZonedDateTime value)instead
Furthermore, an overview of all changes implemented in GraphQL-Java can be found in the original release notes:
(CMS-22341)