Release Notes / Version 11.2307
Table Of ContentsThe GraphQL schema introspection is now disabled by default . In preview mode however, introspection is still enabled.
This change is considered breaking, as formerly the introspection was enabled by default. A config setting to disable did not exist.
For security reasons, introspection now has to be enabled by the explicit config setting
caas.graphql.introspection-enabled
.
Client applications which were depending on the inspection will break in live environments, unless the flag is set to 'true'. If not, this change may be considered as non-breaking.
Note, that also stitching scenarios will most likely break as they usually depend on schema introspection.
(CMS-22496)