Visit NES for GraphQL Java Home Page
GraphQL Java Release Notes
Comprehensive release notes and changelog for GraphQL Java, including security patches, bug fixes, and feature updates across all supported versions.
1 Patched Vulnerability
VEX Statements
GraphQL Java
18.5.1 (NES) - December 15, 2025
Notes
- This release originates from the open‑source GraphQL Java project forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds.
- This release includes NES Google Guava code that was shaded into the GraphQL Java library.
Bug Fixes
This release patches the following:
- CVE-2024-40094: allows a remote attacker to exploit incomplete handling of ExecutableNormalizedFields (ENFs) during introspection query processing, enabling crafted queries to cause resource exhaustion and denial of service.
- All CVEs listed in the Google Guava (NES) 31.0.2 release notes.
Full Version:
18.5.0-graphql-java-18.5.1