Change8

v2.45.5

📦 hasura-authView on GitHub →
🐛 8 fixes🔧 1 symbols

Summary

This is a patch release for v2.45, primarily addressing a high-severity security vulnerability and fixing several bugs related to data connectors, event triggers, and JSON parsing robustness.

🐛 Bug Fixes

  • Fixed a high-severity security issue (GHSA-r27x-gc74-qmxh).
  • Control characters in malformed request JSON are now translated to spaces before JSON parsing to preserve behavior for clients relying on injected literal whitespace as delimiters.
  • Fixed an issue where transient connection failures to an NDC agent during startup or metadata reload could leave a source permanently inconsistent; the engine now retries agent capabilities fetch with bounded backoff.
  • Fixed a bug where event triggers could prevent prompt server shutdown; shutdown now correctly waits only for actual in-flight processing.
  • Fixed a bug where in-flight event triggers stuck during shutdown with multiple sources might not have been unlocked in the database before shutdown.
  • Mitigated two asymmetrical DoS vectors.
  • Improvements to schema memory usage.
  • Fixed MariaDB update/delete mutations failing with 'Table 'temp_table_xxx' doesn't exist' by ensuring the CREATE, mutation, and DROP lifecycle for temp tables runs pinned to a single JDBC connection.

Affected Symbols