Hello folks,
A critical vulnerability has been discovered on Hasura GraphQL Engine v2.10.0 and later. It impacts Community, Enterprise and Cloud Editions. Hasura Cloud has already been patched and is no longer vulnerable.
We urge all users to upgrade to the following patched versions immediately.
Community Edition
Enterprise Edition*Note: Starting with v2.12.0, Community and Enterprise editions are the same
Hasura Cloud has already been patched. No action is required from customers.
More details about the vulnerability will be shared on Dec 7th 2022 to give users enough time to update their deployments. If you have any questions or comments about this advisory reach out to us on
sup...@hasura.io.
-- Hasura Security Team