The GraphQL schema introspection is now disabled by default . In preview mode however, introspection is still enabled.

This change is considered breaking, as formerly the introspection was enabled by default. A config setting to disable did not exist. For security reasons, introspection now has to be enabled by the explicit config setting caas.graphql.introspection-enabled .

Client applications which were depending on the inspection will break in live environments, unless the flag is set to 'true'. If not, this change may be considered as non-breaking.

Note, that also stitching scenarios will most likely break as they usually depend on schema introspection.

(CMS-22496)