Nmoutschen

**Name of the Vulnerable Software and Affected Versions** Apollo Router versions 1.28.0 through 1.29.0 **Description** The Apollo Router is subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. This can be triggered when all of the following conditions are met: 1. Running an impacted version of Apollo Router; 2. The Supergraph schema has a `subscription` type with root-fields defined; 3. The YAML configuration has subscriptions enabled; 4. An anonymous `subscription` operation is received by the Router. There is no data-privacy risk or sensitive-information exposure aspect to this vulnerability. **Recommendations** For Apollo Router versions 1.28.0 through 1.29.0, update to version 1.29.1 to resolve the issue. As a temporary workaround, consider disabling subscriptions if they are not necessary for your Graph.