--- name: Apollo Federation slug: apollo-federation type: github source_url: https://github.com/apollographql/federation changelog_url: https://github.com/apollographql/federation/blob/HEAD/CHANGELOG.md organization: Apollo GraphQL organization_slug: apollo-graphql total_releases: 100 latest_version: @apollo/subgraph@2.13.3 latest_date: 2026-03-19 last_updated: 2026-04-19 tracking_since: 2025-11-04 canonical: https://releases.sh/apollo-graphql/apollo-federation organization_url: https://releases.sh/apollo-graphql --- ### Patch Changes - Updated dependencies \[[`b5c17ffa73e2de49bd63182a84a7d5837c0ab2d5`](https://github.com/apollographql/federation/commit/b5c17ffa73e2de49bd63182a84a7d5837c0ab2d5)]: - @apollo/federation-internals@2.13.3 ### Patch Changes - Mark connect/v0.4 as a preview version so composition does not inject it into the supergraph `@link` unless a subgraph explicitly uses it. Previously, upgrading to Federation v2.13 would unconditionally stamp `connect/v0.4` into the supergraph, causing Router to require the `connectors.preview_connect_v0_4` flag even when no subgraph used v0.4 features. (RH-1321) ([#3413](https://github.com/apollographql/federation/pull/3413)) - Updated dependencies \[[`b5c17ffa73e2de49bd63182a84a7d5837c0ab2d5`](https://github.com/apollographql/federation/commit/b5c17ffa73e2de49bd63182a84a7d5837c0ab2d5)]: - @apollo/federation-internals@2.13.3 - @apollo/query-graphs@2.13.3 ### Patch Changes - Updated dependencies \[[`b5c17ffa73e2de49bd63182a84a7d5837c0ab2d5`](https://github.com/apollographql/federation/commit/b5c17ffa73e2de49bd63182a84a7d5837c0ab2d5)]: - @apollo/composition@2.13.3 - @apollo/federation-internals@2.13.3 - @apollo/query-planner@2.13.3 ### Patch Changes - Updated dependencies \[[`b5c17ffa73e2de49bd63182a84a7d5837c0ab2d5`](https://github.com/apollographql/federation/commit/b5c17ffa73e2de49bd63182a84a7d5837c0ab2d5)]: - @apollo/federation-internals@2.13.3 ### Patch Changes - Updated dependencies \[[`b5c17ffa73e2de49bd63182a84a7d5837c0ab2d5`](https://github.com/apollographql/federation/commit/b5c17ffa73e2de49bd63182a84a7d5837c0ab2d5)]: - @apollo/federation-internals@2.13.3 - @apollo/query-graphs@2.13.3 ### Patch Changes - Mark connect/v0.4 as a preview version so composition does not inject it into the supergraph `@link` unless a subgraph explicitly uses it. Previously, upgrading to Federation v2.13 would unconditionally stamp `connect/v0.4` into the supergraph, causing Router to require the `connectors.preview_connect_v0_4` flag even when no subgraph used v0.4 features. (RH-1321) ([#3413](https://github.com/apollographql/federation/pull/3413)) ### Patch Changes - Fixed several code paths that access response objects to prevent JavaScript prototype pollution and unintended access to the prototype chain. ([#3400](https://github.com/apollographql/federation/pull/3400)) See the associated GitHub Advisories [GHSA-pfjj-6f4p-rvmh](https://github.com/apollographql/federation/security/advisories/GHSA-pfjj-6f4p-rvmh) for more information. - Updated dependencies \[[`b51586d4a5c891f8832e78f8415d798282567831`](https://github.com/apollographql/federation/commit/b51586d4a5c891f8832e78f8415d798282567831)]: - @apollo/query-planner@2.9.6 - @apollo/federation-internals@2.9.6 - @apollo/composition@2.9.6 ### Patch Changes - Fixed several code paths that access response objects to prevent JavaScript prototype pollution and unintended access to the prototype chain. ([#3400](https://github.com/apollographql/federation/pull/3400)) See the associated GitHub Advisories [GHSA-pfjj-6f4p-rvmh](https://github.com/apollographql/federation/security/advisories/GHSA-pfjj-6f4p-rvmh) for more information. ### Patch Changes - Updated dependencies \[[`b51586d4a5c891f8832e78f8415d798282567831`](https://github.com/apollographql/federation/commit/b51586d4a5c891f8832e78f8415d798282567831)]: - @apollo/federation-internals@2.9.6 ### Patch Changes - Updated dependencies \[[`b51586d4a5c891f8832e78f8415d798282567831`](https://github.com/apollographql/federation/commit/b51586d4a5c891f8832e78f8415d798282567831)]: - @apollo/federation-internals@2.9.6 - @apollo/query-graphs@2.9.6 ### Patch Changes - Updated dependencies \[[`b51586d4a5c891f8832e78f8415d798282567831`](https://github.com/apollographql/federation/commit/b51586d4a5c891f8832e78f8415d798282567831)]: - @apollo/federation-internals@2.9.6 ### Patch Changes - Fixed several code paths that access response objects to prevent JavaScript prototype pollution and unintended access to the prototype chain. ([#3399](https://github.com/apollographql/federation/pull/3399)) See the associated GitHub Advisories [GHSA-pfjj-6f4p-rvmh](https://github.com/apollographql/federation/security/advisories/GHSA-pfjj-6f4p-rvmh) for more information. ### Patch Changes - Fixed several code paths that access response objects to prevent JavaScript prototype pollution and unintended access to the prototype chain. ([#3400](https://github.com/apollographql/federation/pull/3400)) See the associated GitHub Advisories [GHSA-pfjj-6f4p-rvmh](https://github.com/apollographql/federation/security/advisories/GHSA-pfjj-6f4p-rvmh) for more information. - Updated dependencies \[[`b51586d4a5c891f8832e78f8415d798282567831`](https://github.com/apollographql/federation/commit/b51586d4a5c891f8832e78f8415d798282567831)]: - @apollo/federation-internals@2.9.6 - @apollo/query-graphs@2.9.6 ### Patch Changes - Updated dependencies \[[`1ce248dcb2c297cab185dde08347710f8ceda3e3`](https://github.com/apollographql/federation/commit/1ce248dcb2c297cab185dde08347710f8ceda3e3)]: - @apollo/federation-internals@2.10.5 - @apollo/query-graphs@2.10.5 ### Patch Changes - Fixed several code paths that access response objects to prevent JavaScript prototype pollution and unintended access to the prototype chain. ([#3399](https://github.com/apollographql/federation/pull/3399)) See the associated GitHub Advisories [GHSA-pfjj-6f4p-rvmh](https://github.com/apollographql/federation/security/advisories/GHSA-pfjj-6f4p-rvmh) for more information. - Updated dependencies \[[`1ce248dcb2c297cab185dde08347710f8ceda3e3`](https://github.com/apollographql/federation/commit/1ce248dcb2c297cab185dde08347710f8ceda3e3)]: - @apollo/federation-internals@2.10.5 - @apollo/query-graphs@2.10.5 ### Patch Changes - Updated dependencies \[[`1ce248dcb2c297cab185dde08347710f8ceda3e3`](https://github.com/apollographql/federation/commit/1ce248dcb2c297cab185dde08347710f8ceda3e3)]: - @apollo/federation-internals@2.10.5 ### Patch Changes - Updated dependencies \[[`1ce248dcb2c297cab185dde08347710f8ceda3e3`](https://github.com/apollographql/federation/commit/1ce248dcb2c297cab185dde08347710f8ceda3e3)]: - @apollo/federation-internals@2.10.5 ### Patch Changes - Fixed several code paths that access response objects to prevent JavaScript prototype pollution and unintended access to the prototype chain. ([#3399](https://github.com/apollographql/federation/pull/3399)) See the associated GitHub Advisories [GHSA-pfjj-6f4p-rvmh](https://github.com/apollographql/federation/security/advisories/GHSA-pfjj-6f4p-rvmh) for more information. - Updated dependencies \[[`1ce248dcb2c297cab185dde08347710f8ceda3e3`](https://github.com/apollographql/federation/commit/1ce248dcb2c297cab185dde08347710f8ceda3e3)]: - @apollo/query-planner@2.10.5 - @apollo/federation-internals@2.10.5 - @apollo/composition@2.10.5 ### Patch Changes - Updated dependencies \[[`73ae202f72a31b9f63e779c535d7ecb059ff908a`](https://github.com/apollographql/federation/commit/73ae202f72a31b9f63e779c535d7ecb059ff908a)]: - @apollo/federation-internals@2.11.6 ### Patch Changes - Fixed several code paths that access response objects to prevent JavaScript prototype pollution and unintended access to the prototype chain. ([#3398](https://github.com/apollographql/federation/pull/3398)) See the associated GitHub Advisories [GHSA-pfjj-6f4p-rvmh](https://github.com/apollographql/federation/security/advisories/GHSA-pfjj-6f4p-rvmh) for more information.