Latest GraphQL Security posts

October 9, 2023

Apollo’s Response to CVE-2023-38545

October 12, 2023 Update Yesterday, the curl project released details regarding CVE-2023-38545. We want to provide an update on Apollo’s impact from this vulnerability. As mentioned in our original post, Apollo Router, Apollo Client, Apollo Server, Apollo Kotlin, Apollo iOS, and Rover do not rely on curl and are not affected by this vulnerability. The […]

October 5, 2023

Enforcing GraphQL security best practices with GraphOS

GraphQL provides a self-service developer experience by enabling client teams to fetch all of the data they need with a single query. When implementing GraphQL at scale, it’s important to balance its flexibility with security measures that prevent bad actors from exploiting its self-serve nature. A supergraph provides a unified but modular approach to GraphQL […]

July 31, 2023

Secure your GraphQL Microservices

Federation unlocks superpowers for our queries, enabling us to split up business logic and improve performance with features like @defer. However, these same powers can be abused if placed in the wrong hands, so it’s essential to limit who has access to them. The threats Many coordination features of a federated graph rely on an important […]

Read more

July 11, 2022

Apollo earns SOC 2 Type II compliance

by Tad Whitaker

Recent posts

November 8, 2023

Apollo Client Office Hours with Alessia Bellisario

by Dylan Anthony