从该网页截图可以获取到以下关于漏洞的关键信息: Security Section: - The release includes security fixes that impact the authorization plugin handling of polymorphic types and directive renames. Fix authorization plugin handling of polymorphic types: - Description: - When querying interface types/fields, the authorization plugin was verifying only whether all implementations shared the same access control requirements. If interface types/fields did not specify the same requirements as the implementations, it could result in unauthorized access. The plugin now verifies all polymorphic access control requirements. - Reference: - For more information, refer to the GitHub Security Advisory (GHSA-x33c-7c2v-mrj9). - Contributor: - @dariuszkuc. Fixed authorization plugin handling of directive renames: - Description: - The router auth plugin did not handle access control requirements correctly when subgraphs renamed their directives. The plugin ignored renamed directives, leading to access control constraints being bypassed. The plugin code was updated to properly handle both spec and imported directives. - Reference: - For more information, refer to the GitHub Security Advisory (GHSA-g8jh-vg5j-4h3f). - Contributor: - @sachindshinde.