As stated in our Release Policy, we will backport critical bugfixes and security fixes for versions dating back 18 months. These fixes will be backported depending on severity and demand.

🚨 To report a vulnerability, DO NOT open a pull request or issue or GitHub discussion. DO NOT post publicly.

Instead, report the vulnerability privately via the Security tab on graphql-java GitHub repository. See instructions at https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability