Do Not Use

Version 23.x is considered poisoned and we don't recommend you upgrade to it

See the release notes of v24 for more details on what this is the case.

Previous release notes

Notice: there is a bug with https://github.com/graphql-java/graphql-java/pull/3871/files, a new bugfix release is about to be released. Use 23.1 instead, not 23.0

Thanks to everyone for contributing to this release, through pull requests, issues, and discussions!

This is a major release which contains breaking changes.

Key changes

• Enable batching on Mutations #3737

• Support for draft error handling directive @experimental_disableErrorPropagation #3772

• DataFetchers can now return reactive-streams Publisher objects from them and they will be turned into a CompleteableFuture value. Note only a single value will be retrieved from the Publisher #3731

• We changed from JetBrains nullability annotations to JSpecify annotations #3851. JSpecify is a new industry consortium effort, which has been adopted by Spring. See more in the documentation: https://jspecify.dev/docs/start-here/

• A new experimental callback is available to track the execution state of GraphQL Java: it allows for being notified when GraphQL Java is running actively code vs waiting/finished. See https://github.com/graphql-java/graphql-java/blob/master/src/test/groovy/graphql/EngineRunningTest.groovy#L174 for how to use it

• We have also released DataLoader 4.0.0 and made graphql-java dependent on it. See the release notes: https://github.com/graphql-java/java-dataloader/releases

• @defer directive is now included in the schema by default #3839

Performance improvements

• Only call overlapping validation once during validation, which will significantly reduce validation time, with more savings for larger operations. We found ~150% improvement in benchmarks. #3835

• Reducing object allocations and overhead from stream, thanks @kilink for contributing many improvements #3804 #3803 #3801 #3798 #3797 #3710

• Reducing object allocations for PropertyDataFetcher and SchemaGeneratorHelper #3755 #3754

• Improvement on DataFetchingSelectionSet.getImmediateFields(), if descendant traversal is not required this saves considerable time. Thanks @timward60 #3855

• Comparing performance improvements. We run performance benchmarks on all changes, and you can view these results inside the GitHub repo. You can then use this JMH visualisation tool to compare benchmarks from different commits, for example these before and after results from the DataFetcherSelectionSet optimisation: https://jmh.morethan.io/?sources=https://raw.githubusercontent.com/graphql-java/graphql-java/refs/heads/master/performance-results/2025-03-18T23%3A42%3A07Z-3d7dce5e49dfbe92d656629ae4fdbab979bba8be-jdk17.json,https://raw.githubusercontent.com/graphql-java/graphql-java/refs/heads/master/performance-results/2025-03-20T04%3A24%3A26Z-9a931ba6ad8e2ee49ea48c98ca86c2901f2343b1-jdk17.json

See all performance improvements on GitHub: https://github.com/graphql-java/graphql-java/issues?q=is%3Amerged%20label%3A%22performance%22%20milestone%3A%2223.0%20breaking%20changes%22%20

Breaking changes

• Strict runtime wiring redefinition checks now on by default. We now have stricter runtime wiring redefinition checks by default to catch invalid cases. For example, a field that already had a DataFetcher registered must not have a second DataFetcher registered. This can be toggled off. #3824

• Removed an unused protected method in ExecutionStrategy. #3881

• A small breaking change to AstPrinter to enable re-use of StringBuilders #3853

• Improvement in a few directive and applied directive builders to address a bug where all elements were cleared. #3825

• Breaking change for a new specification requirement, to prevent @include and @skip directives on subscription root fields #3871

See all breaking changes on GitHub: https://github.com/graphql-java/graphql-java/issues?q=is%3Amerged%20label%3A%22breaking%20change%22%20milestone%3A%2223.0%20breaking%20changes%22

Security

We have become a CVE Numbering Authority (CNA) for GraphQL Java and related projects. For more information, see our Security page https://www.graphql-java.com/security.

What's Changed

• Bump net.bytebuddy:byte-buddy from 1.15.1 to 1.15.5 by @dependabot in #3726
• Bump org.jetbrains:annotations from 24.1.0 to 26.0.1 by @dependabot in #3722
• Bump org.junit.jupiter:junit-jupiter from 5.11.0 to 5.11.3 by @dependabot in #3727
• Bump io.projectreactor:reactor-core from 3.6.9 to 3.6.11 by @dependabot in #3728
• Removed empty file ExecuteObjectInstrumentationContextAdapter by @bbakerman in #3732
• Bump net.bytebuddy:byte-buddy-agent from 1.15.1 to 1.15.7 by @dependabot in #3734
• Bump net.bytebuddy:byte-buddy from 1.15.5 to 1.15.7 by @dependabot in #3735
• Bump com.fasterxml.jackson.core:jackson-databind from 2.17.2 to 2.18.0 by @dependabot in #3733
• Bump google-github-actions/auth from 2.1.5 to 2.1.6 by @dependabot in #3718
• Bump net.bytebuddy:byte-buddy from 1.15.7 to 1.15.10 by @dependabot in #3743
• Bump com.fasterxml.jackson.core:jackson-databind from 2.18.0 to 2.18.1 by @dependabot in #3742
• Bump net.bytebuddy:byte-buddy-agent from 1.15.7 to 1.15.10 by @dependabot in #3741
• Bump google-github-actions/auth from 2.1.6 to 2.1.7 by @dependabot in #3740
• Bump org.eclipse.jetty:jetty-server from 11.0.22 to 11.0.24 by @dependabot in #3705
• Avoid unnecessary String allocations in AstPrinter by @kilink in #3710
• Added some more tests around providing default values by @bbakerman in #3709
• Remove SDLExtensionDefinition from InterfaceTypeDefinition by @gnawf in #3739
• Bump org.codehaus.groovy:groovy from 3.0.22 to 3.0.23 by @dependabot in #3745
• initial tests for regular performance testing by @andimarek in #3746
• Implement equals/hashCode for GraphqlErrorImpl by @AlexandreCarlton in #3720
• Bump io.projectreactor:reactor-core from 3.6.11 to 3.7.0 by @dependabot in #3748
• Add test result comment bot by @dondonz in #3749
• SchemaGeneratorHelper that does NOT put in an entry for defaulted values by @bbakerman in #3755
• Singleton property data fetcher by @bbakerman in #3754
• Filter out negative line and column error locations in toSpecification by @dondonz in #3753
• Enable batching on Mutations by @bbakerman in #3737
• Added support for reactive Publishers to be returned from data fetchers by @bbakerman in #3731
• Bump biz.aQute.bnd.builder from 6.4.0 to 7.1.0 by @dependabot in #3762
• Revert "Bump biz.aQute.bnd.builder from 6.4.0 to 7.1.0" by @bbakerman in #3763
• Bump com.fasterxml.jackson.core:jackson-databind from 2.18.1 to 2.18.2 by @dependabot in #3761
• Update SchemaDirectiveWiringEnvironment.java by @rafaeldcfarias in #3764
• ResultPath: Check object type before casting to int by @alex-cova in #3765
• Make deprecated reason non-null by @dondonz in #3759
• Deprecation time by @dondonz in #3768
• Security updates by @dondonz in #3767
• Adding hashcode and equals for defer & stream payloads by @dondonz in #3769
• Now there are zero javadoc errors during compile by @bbakerman in #3770
• Bump io.projectreactor:reactor-core from 3.7.0 to 3.7.1 by @dependabot in #3776
• Bump org.junit.jupiter:junit-jupiter from 5.11.3 to 5.11.4 by @dependabot in #3775
• Bump net.bytebuddy:byte-buddy from 1.15.10 to 1.15.11 by @dependabot in #3774
• Bump net.bytebuddy:byte-buddy-agent from 1.15.10 to 1.15.11 by @dependabot in #3773
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.0 by @dependabot in #3782
• Add InputInterceptor example by @dondonz in #3784
• Add query directive documentation example by @dondonz in #3783
• Update documentation examples to remove deprecated context method by @dondonz in #3778
• Update deprecated reason if changed by schema transformer by @dondonz in #3787
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.2 by @dependabot in #3788
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 by @dependabot in #3795
• Bump net.bytebuddy:byte-buddy from 1.15.11 to 1.16.1 by @dependabot in #3794
• Bump net.bytebuddy:byte-buddy-agent from 1.15.11 to 1.16.1 by @dependabot in #3793
• Bump io.projectreactor:reactor-core from 3.7.1 to 3.7.2 by @dependabot in #3792
• Update shadow plugin after ownership change by @dondonz in #3791
• Revert "Update shadow plugin after ownership change" by @dondonz in #3800
• Optimize GraphQLUnionType.isPossibleType by @kilink in #3798
• Avoid allocating in GraphQLInputObjectType.getFieldDefinitions by @kilink in #3797
• Bump org.jetbrains:annotations from 26.0.1 to 26.0.2 by @dependabot in #3802
• Return a singleton from CoercedVariables.emptyVariables and RawVariables.emptyVariables by @kilink in #3801
• Shadow plugin ID update Round 2 - fix clash with ByteBuddy's multi-release JAR by @dondonz in #3799
• Avoid allocation / stream overhead in ValuesResolverConversion by @kilink in #3803
• Avoid overhead of Stream / Iterator in RulesVisitor by @kilink in #3804
• Bump Shadow to support Java 24 usages in byte-buddy by @Goooler in #3806
• Bump google-github-actions/auth from 2.1.7 to 2.1.8 by @dependabot in #3812
• Bump net.bytebuddy:byte-buddy from 1.16.1 to 1.17.0 by @dependabot in #3809
• Bump me.champeau.jmh from 0.7.2 to 0.7.3 by @dependabot in #3808
• Bump com.google.code.gson:gson from 2.11.0 to 2.12.1 by @dependabot in #3811
• Bump net.bytebuddy:byte-buddy-agent from 1.16.1 to 1.17.0 by @dependabot in #3810
• Earlier validation that document operations exist in the schema by @dondonz in #3361
• Correct PropertyDataFetcher javadoc by @bbakerman in #3821
• Quiet flaky test (for now) by @dondonz in #3823
• Added the ability to parse our ExecutionResult from a map that came from toSpecification by @bbakerman in #3820
• Bump net.bytebuddy:byte-buddy from 1.17.0 to 1.17.1 by @dependabot in #3830
• Fixed graphql.execution.UnknownOperationExceptionso that it does not escape by @bbakerman in #3826
• Bump net.bytebuddy:byte-buddy-agent from 1.17.0 to 1.17.1 by @dependabot in #3828
• add more performance tests for overlapping fields validation by @andimarek in #3832
• call Overlapping validation only once during validation by @andimarek in #3835
• Bump io.projectreactor:reactor-core from 3.7.2 to 3.7.3 by @dependabot in #3827
• Bump org.testng:testng from 7.10.2 to 7.11.0 by @dependabot in #3829
• Bump org.junit.jupiter:junit-jupiter from 5.11.4 to 5.12.0 by @dependabot in #3834
• Bump com.graphql-java:java-dataloader from 3.3.0 to 3.4.0 by @dependabot in #3781
• simplify ENF implementation by @andimarek in #3836
• Add support for @experimental_disableErrorPropagation by @martinbonnin in #3772
• Introduce NormalizedDocument and NormalizedField by @andimarek in #3838
• Update README.md by @andimarek in #3840
• Bump net.bytebuddy:byte-buddy-agent from 1.17.1 to 1.17.2 by @dependabot in #3846
• Bump org.codehaus.groovy:groovy from 3.0.23 to 3.0.24 by @dependabot in #3845
• Bump com.fasterxml.jackson.core:jackson-databind from 2.18.2 to 2.18.3 by @dependabot in #3844
• Bump net.bytebuddy:byte-buddy from 1.17.1 to 1.17.2 by @dependabot in #3847
• allow to print NFs directly by @andimarek in #3850
• migrate from jetbrains annotations to jspecify by @andimarek in #3851
• @defer is now auto included in the schema if missing by @bbakerman in #3839
• Move DFSelectionSetBenchmark to performance suite by @timward60 in #3856
• Allowing document compiler to handles directives and values down in the field tree by @bbakerman in #3757
• Use client locale if possible in validation of incoming requests by @dondonz in #3815
• Improving applied directive & directive builders by @dondonz in #3825
• Optimize DataFetchingSelectionSet.getImmediateFields() to avoid traversing descendants by @timward60 in #3855
• Add method to AstPrinter to allow supplying Appendable by @kilink in #3853
• Change runtime wiring redefinition checks to be strict by default by @dondonz in #3824
• New spec validation: Subscriptions root field must not contain @Skip nor @include on root selection set by @dondonz in #3871
• delete legacy Execution Strategy resolve field method by @andimarek in #3881
• remove slf4j leftovers by @andimarek in #3882
• Track Engine sync code execution by @andimarek in #3876
• Added ExecutionInput cancellation by @bbakerman in #3880
• Bump net.bytebuddy:byte-buddy from 1.17.2 to 1.17.5 by @dependabot in #3875
• Bump net.bytebuddy:byte-buddy-agent from 1.17.2 to 1.17.5 by @dependabot in #3874
• Detect and prohibit new Guava classes by @dondonz in #3869
• Performance pipeline improvements by @dondonz in #3867
• Prepare for version 23 by @dondonz in #3870
• Bump org.junit.jupiter:junit-jupiter from 5.12.0 to 5.12.1 by @dependabot in #3864
• Bump org.eclipse.jetty:jetty-server from 11.0.24 to 11.0.25 by @dependabot in #3863
• Bump io.projectreactor:reactor-core from 3.7.3 to 3.7.4 by @dependabot in #3860
• remove ExecutorInstrumentation and test by @andimarek in #3883
• Remove older GCP performance testing code by @dondonz in #3866
• Improve/fix engine tracking by @andimarek in #3884
• filter out null error location in toSpecification by @RafeArnold in #3886
• Removed cancel operation support by @bbakerman in #3889
• upgrade to groovy 4 by @andimarek in #3898
• upgrade to gradle 8.13 by @andimarek in #3900
• refactor engine tracking and simplify it by @andimarek in #3893
• Add forthcoming Java Dataloader version by @dondonz in #3858

New Contributors

• @AlexandreCarlton made their first contribution in #3720
• @rafaeldcfarias made their first contribution in #3764
• @alex-cova made their first contribution in #3765
• @Goooler made their first contribution in #3806
• @timward60 made their first contribution in #3856
• @RafeArnold made their first contribution in #3886

Full Changelog: v22.3...v23.0