close

Filter

loading table of contents...

Release Notes / Version 11.2307

Table Of Contents

Security: GraphQL Schema Introspection disabled by default

The GraphQL schema introspection is now disabled by default . In preview mode however, introspection is still enabled.

This change is considered breaking, as formerly the introspection was enabled by default. A config setting to disable did not exist. For security reasons, introspection now has to be enabled by the explicit config setting caas.graphql.introspection-enabled .

Client applications which were depending on the inspection will break in live environments, unless the flag is set to 'true'. If not, this change may be considered as non-breaking.

Note, that also stitching scenarios will most likely break as they usually depend on schema introspection.

(CMS-22496)

Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.