From the webpage screenshot, the following key vulnerability information can be obtained: Security Section: - The release includes security fixes that impact the authorization plugin's handling of polymorphic types and directive renames. Fix authorization plugin handling of polymorphic types: - Description: - When querying interface types/fields, the authorization plugin was previously verifying only whether all implementations shared the same access control requirements. If interface types/fields did not specify the same requirements as the implementations, it could result in unauthorized access. The plugin now verifies all polymorphic access control requirements. - Reference: - For more information, refer to the GitHub Security Advisory (GHSA-x33c-7c2v-mrj9). - Contributor: - @dariuszkuc. Fixed authorization plugin handling of directive renames: - Description: - The router auth plugin did not handle access control requirements correctly when subgraphs renamed their directives. The plugin ignored renamed directives, leading to access control constraints being bypassed. The plugin code was updated to properly handle both spec and imported directives. - Reference: - For more information, refer to the GitHub Security Advisory (GHSA-g8jh-vg5j-4h3f). - Contributor: - @sachindshinde.