v2.45.5
📦 hasura-authView on GitHub →
🐛 8 fixes🔧 1 symbols
Summary
This is a patch release for v2.45, primarily addressing a high-severity security vulnerability and fixing several bugs related to data connectors, event triggers, and JSON parsing robustness.
🐛 Bug Fixes
- Fixed a high-severity security issue (GHSA-r27x-gc74-qmxh).
- Control characters in malformed request JSON are now translated to spaces before JSON parsing to preserve behavior for clients relying on injected literal whitespace as delimiters.
- Fixed an issue where transient connection failures to an NDC agent during startup or metadata reload could leave a source permanently inconsistent; the engine now retries agent capabilities fetch with bounded backoff.
- Fixed a bug where event triggers could prevent prompt server shutdown; shutdown now correctly waits only for actual in-flight processing.
- Fixed a bug where in-flight event triggers stuck during shutdown with multiple sources might not have been unlocked in the database before shutdown.
- Mitigated two asymmetrical DoS vectors.
- Improvements to schema memory usage.
- Fixed MariaDB update/delete mutations failing with 'Table 'temp_table_xxx' doesn't exist' by ensuring the CREATE, mutation, and DROP lifecycle for temp tables runs pinned to a single JDBC connection.