v2.3.0-rc.0

2.3.0-rc.0

v1.61.7

🔍 Debuggability

Log whether safe-listing enforcement was skipped (Issue #7509)

When logging unknown operations encountered during safe-listing, include information about whether enforcement was skipped. This will help distinguish between truly problematic external operations (where enforcement_skipped is false) and internal operations that are intentionally allowed to bypass safelisting (where enforcement_skipped is true).

By @DaleSeo in #7509

v1.61.7-rc.2

1.61.7-rc.2

v1.61.7-rc.1

1.61.7-rc.1

v1.61.7-rc.0

1.61.7-rc.0

v2.3.0-preview.0

2.3.0-preview.0

v2.3.0-alpha.0

2.3.0-alpha.0

v2.2.1

🐛 Fixes

Redis connection leak on schema changes (PR #7319)

The router performs a 'hot reload' whenever it detects a schema update. During this reload, it effectively instantiates a new internal router, warms it up (optional), redirects all traffic to this new router, and drops the old internal router.

This change fixes a bug in that "drop" process where the Redis connections are never told to terminate, even though the Redis client pool is dropped. This leads to an ever-increasing number of inactive Redis connections as each new schema comes in and goes out of service, which eats up memory.

The solution adds a new up-down counter metric, apollo.router.cache.redis.connections, to track the number of open Redis connections. This metric includes a kind label to discriminate between different Redis connection pools, which mirrors the kind label on other cache metrics (ie apollo.router.cache.hit.time).

By @carodewig in #7319

Propagate client name and version modifications through telemetry (PR #7369)

The router accepts modifications to the client name and version (apollo::telemetry::client_name and apollo::telemetry::client_version), but those modifications are not currently propagated through the telemetry layers to update spans and traces.

This PR moves where the client name and version are bound to the span, so that the modifications from plugins on the router service are propagated.

By @carodewig in #7369

Progressive overrides are not disabled when connectors are used (PR #7351)

Prior to this fix, introducing a connector disabled the progressive override plugin.

By @lennyburdette in #7351

Avoid unnecessary cloning in the deduplication plugin (PR #7347)

The deduplication plugin always cloned responses, even if there were not multiple simultaneous requests that would benefit from the cloned response.

We now check to see if deduplication will provide a benefit before we clone the subgraph response.

There was also an undiagnosed race condition which meant that a notification could be missed. This would have resulted in additional work being performed as the missed notification would have led to another subgraph request.

By @garypen in #7347

Spans should only include path in http.route (PR #7390)

Per the OpenTelemetry spec, the http.route should only include "the matched route, that is, the path template used in the format used by the respective server framework."

The router currently sends the full URI in http.route, which can be high cardinality (ie /graphql?operation=one_of_many_values). After this change, the router will only include the path (/graphql).

By @carodewig in #7390

Decrease log level for JWT authentication failure (PR #7396)

A recent change inadvertently increased the log level of JWT authentication failures from info to error. This reverts that change returning it to the previous behavior.

By @carodewig in #7396

Avoid fractional decimals when generating apollo.router.operations.batching.size metrics for GraphQL request batch sizes (PR #7306)

Corrects the calculation of the apollo.router.operations.batching.size metric to reflect accurate batch sizes rather than occasionally returning fractional numbers.

By @bnjjj in #7306

📃 Configuration

Log warnings for deprecated coprocessor context configuration usage (PR #7349)

context: true is an alias for context: deprecated but should not be used. The router now logs a runtime warning on startup if you do use it.

Instead of:

coprocessor:
  supergraph:
    request:
      context: true # ❌

Explicitly use deprecated or all:

coprocessor:
  supergraph:
    request:
      context: deprecated # ✅

See the 2.x upgrade guide for more detailed upgrade steps.

By @goto-bus-stop in #7349

🛠 Maintenance

Linux: Compatibility with glibc 2.28 or newer (PR #7355)

The default build images provided in our CI environment have a relatively modern version of glibc (2.35). This means that on some distributions, notably those based around RedHat, it wasn't possible to use our binaries since the version of glibc was older than 2.35.

We now maintain a build image which is based on a distribution with glibc 2.28. This is old enough that recent releases of either of the main Linux distribution families (Debian and RedHat) can make use of our binary releases.

By @garypen in #7355

Reject @skip/@include on subscription root fields in validation (PR #7338)

This implements a GraphQL spec RFC, rejecting subscriptions in validation that can be invalid during execution.

By @goto-bus-stop in #7338

📚 Documentation

Query planning best practices (PR #7263)

Added a new page under Routing docs about Query Planning Best Practices.

By @smyrick in #7263

v2.2.1-rc.1

2.2.1-rc.1

v2.2.1-rc.0

2.2.1-rc.0