diff --git a/CHANGELOG.md b/CHANGELOG.md
index c31a9dfa9ab..0faba276ab2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,12 +10,14 @@ The version headers in this history reflect the versions of Apollo Server itself
## vNEXT
-- Remove internal dependency on `apollo-server-caching`, switch over to `@apollo/utils.keyvaluecache`. This PR specifically also introduces Keyv as an unbounded cache solution, but will replace with our own simple implementation in a follow-up PR targeting this minor version release. [PR #6522](https://github.com/apollographql/apollo-server/pull/6522)
-- Remove dependency on `keyv`/`@apollo/utils.keyvadapter` in favor of a simple `Map`-backed cache which implements TTL [PR #6535](https://github.com/apollographql/apollo-server/pull/6535)
-- Add `cache: "bounded"` configuration option, allowing users to opt into bounded request cache (recommended) [PR #6536](https://github.com/apollographql/apollo-server/pull/6536)
-- Remove `apollo-server-caching` and `apollo-server-cache-*` packages [PR #6541](https://github.com/apollographql/apollo-server/pull/6541)
-- Warn when APQ cache is unbounded in production (which is default) [PR #6545](https://github.com/apollographql/apollo-server/pull/6545)
-- Await `parsingDidEnd` `Promise`. Note from @trevor-scheer: I don't think this resolves the issue it intended to. See [Issue #6567](https://github.com/apollographql/apollo-server/pull/6567) for details. [PR #6559](https://github.com/apollographql/apollo-server/pull/6559)
+- Nothing yet! Stay tuned.
+
+## v3.9.0
+
+- ⚠️ **SECURITY** `apollo-server-core`: The default configuration of Apollo Server is vulnerable to denial of service attacks via memory exhaustion. If you do not currently specify the `cache` option to `new ApolloServer()`, we strongly recommend you specify `cache: 'bounded'`, which replaces the default in-memory unbounded cache with a 30MB in-memory cache, or disable automatic persisted queries with `persistedQueries: null`. Apollo Server now logs a warning in production if you do not configure the cache or disable APQs. See [the docs](https://www.apollographql.com/docs/apollo-server/performance/cache-backends#ensuring-a-bounded-cache) for more details.
+- The `apollo-server-caching` package is no longer published. The TypeScript types `KeyValueCache` and `KeyValueCacheSetOptions` and the classes `PrefixingKeyValueCache` and `InMemoryLRUCache` can be imported from `@apollo/utils.keyvaluecache` instead. The first three exports are identical; `InMemoryLRUCache` is based on `lru-cache` v7 instead of v6, and no longer supports creating unbounded caches (which was the default behavior for `apollo-server-caching`'s `InMemoryLRUCache`). [PR #6522](https://github.com/apollographql/apollo-server/pull/6522)
+- The `apollo-server-cache-redis` and `apollo-server-cache-memcached` packages are no longer published (though previous versions continue to work). We recommend that users of these packages migrate to `@apollo/utils.keyvadapter`, which lets you connect to Redis, Memcached, or any other backend supported by the [Keyv](https://www.npmjs.com/package/keyv) project. See [the new cache backend docs](https://www.apollographql.com/docs/apollo-server/performance/cache-backends) for more details. [PR #6541](https://github.com/apollographql/apollo-server/pull/6541)
+- Avoid unhandled rejection errors if the end hook from a `parsingDidStart` plugin method rejects. [Issue #6567](https://github.com/apollographql/apollo-server/pull/6567) [PR #6559](https://github.com/apollographql/apollo-server/pull/6559)
## v3.8.2
diff --git a/docs/source/api/apollo-server.mdx b/docs/source/api/apollo-server.mdx
index 4bcbe4307d0..f46062c2a9c 100644
--- a/docs/source/api/apollo-server.mdx
+++ b/docs/source/api/apollo-server.mdx
@@ -238,11 +238,11 @@ Available in Apollo Server v3.4.0 and later.
-A `KeyValueCache` which Apollo Server uses for a number of features like APQs and full response caching. This cache is also provided to DataSources and plugins.
+A `KeyValueCache` which Apollo Server uses for several features, including APQs and full response caching. This cache is also available to Apollo Server's data sources and plugins.
-By default, the cache is unbounded. We don't recommend this, since a malicious client can run your server out of memory and cause it to crash by filling it with APQs.
+By default, the cache that Apollo Server 3 uses is unbounded. We _strongly recommend_ that all users pass `cache: "bounded"` or configure their cache in a manner that isn't unbounded. This protects your server from attacks that exhaust available memory, causing a DOS.
-If you don't want to configure your own cache, you should set `cache: "bounded"`. The bounded cache is an [`InMemoryLRUCache`](https://www.npmjs.com/package/@apollo/utils.keyvaluecache) with a default size of roughly 30MiB.
+The default bounded cache is an [`InMemoryLRUCache`](https://www.npmjs.com/package/@apollo/utils.keyvaluecache) with a default size of roughly 30MiB.
To learn more about configuring Apollo Server's cache, see [Configuring cache backends](../performance/cache-backends).
@@ -450,7 +450,7 @@ The default value is `true`. Set this to `false` to use mocked resolvers only fo
##### `nodeEnv`
-`String`
+`string`
|
@@ -583,7 +583,7 @@ Returns a `Promise` that resolves to an object containing the following properti
##### `url`
-`String`
+`string`
|
@@ -796,7 +796,7 @@ async function startApolloServer() {
##### `path`
-`String`
+`string`
|
diff --git a/docs/source/performance/cache-backends.mdx b/docs/source/performance/cache-backends.mdx
index 69a283c971e..e8c05bc44f6 100644
--- a/docs/source/performance/cache-backends.mdx
+++ b/docs/source/performance/cache-backends.mdx
@@ -5,7 +5,7 @@ description: How to configure Apollo Server's cache
> ⚠️ **New in Apollo Server 3.9:** We _strongly recommend_ that all users pass `cache: "bounded"` or configure their cache in a manner that isn't unbounded (which is current default behavior). This protects your server from attacks that exhaust available memory, causing a DOS. See [Ensuring a bounded cache](#ensuring-a-bounded-cache) immediately below for more details.
-Many Apollo Server features take advantage of a cache backend (these features include [automatic persisted queries](./performance/apq), the [response cache plugin](./performance/caching#caching-with-responsecacheplugin-advanced), and [`RESTDataSource`](./data/data-sources#restdatasource-reference)). Apollo Server uses an in-memory cache by default, but you can configure it to use a different backend, such as Redis or Memcached.
+Many Apollo Server features take advantage of a cache backend (these features include [automatic persisted queries](./apq), the [response cache plugin](./caching#caching-with-responsecacheplugin-advanced), and [`RESTDataSource`](../data/data-sources#restdatasource-reference)). Apollo Server uses an in-memory cache by default, but you can configure it to use a different backend, such as Redis or Memcached.
You can specify a cache backend by passing a `cache` option to the `ApolloServer` constructor. Your specified cache backend must implement the [`KeyValueCache`](https://github.com/apollographql/apollo-utils/tree/main/packages/keyValueCache#keyvaluecache-interface) interface from the `@apollo/utils.keyvaluecache` package.
@@ -31,7 +31,7 @@ const server = new ApolloServer({
```
> The equivalent of this is provided out-of-the-box by Apollo Server 3.9+ by passing `cache: "bounded"` and doesn't require you to install the `@apollo/utils.keyvaluecache` package.
-In this example, we've increased the default size and provided a default TTL. For more information on these configuration options, see the [`lru-cache` documentation`](https://www.npmjs.com/package/lru-cache).
+In this example, we've increased the default size and provided a default TTL. For more information on these configuration options, see the [`lru-cache` documentation](https://www.npmjs.com/package/lru-cache).
```ts
import { InMemoryLRUCache } from '@apollo/utils.keyvaluecache';
@@ -52,7 +52,7 @@ Apollo no longer maintains any caching backends directly. Instead, we recommend
1. Install the required packages
```bash
-npm install keyv @keyv/redis @apollo/utils.keyvadapter
+npm install keyv @apollo/utils.keyvadapter
```
2. Configure the Apollo Server `cache`
@@ -62,7 +62,7 @@ import { KeyvAdapter } from '@apollo/utils.keyvadapter';
const server = new ApolloServer({
// ...,
- cache: new KeyvAdapter(new Keyv('redis://localhost:6379')),
+ cache: new KeyvAdapter(new Keyv()), // highlight-line
});
```
@@ -101,8 +101,9 @@ const server = new ApolloServer({
typeDefs,
resolvers,
csrfPrevention: true,
- cache: new KeyvAdapter(new Keyv("redis://user:pass@localhost:6379")),
+ cache: new KeyvAdapter(new Keyv("redis://user:pass@localhost:6379")), // highlight-line
});
+```
### Redis Sentinel
```ts
@@ -113,6 +114,7 @@ const server = new ApolloServer({
typeDefs,
resolvers,
csrfPrevention: true,
+ // highlight-start
cache: new KeyvAdapter(
new Keyv("redis://user:pass@localhost:6379", {
sentinels: [
@@ -121,6 +123,7 @@ const server = new ApolloServer({
],
})
),
+ // highlight-end
});
```
@@ -142,18 +145,22 @@ import KeyvRedis from "@keyv/redis";
import Redis from "ioredis";
import { KeyvAdapter } from "@apollo/utils.keyvadapter";
+// highlight-start
const cluster = new Redis.Cluster([
{ host: "localhost", port: 26379 },
{ host: "localhost", port: 26380 },
]);
+// highlight-end
const server = new ApolloServer({
typeDefs,
resolvers,
csrfPrevention: true,
+ // highlight-start
cache: new KeyvAdapter(new Keyv({ store: new KeyvRedis(cluster) }), {
disableBatchReads: true,
}),
+ // highlight-end
});
```
@@ -177,6 +184,7 @@ import KeyvMemcache from "@keyv/memcache";
import { KeyvAdapter } from "@apollo/utils.keyvadapter";
// servers is a comma-separated list of strings
+// highlight-start
const servers = [
"user:pass@localhost:11211",
"user:pass@localhost:11222"
@@ -186,12 +194,13 @@ const memcache = new KeyvMemcache(servers, {
retries: 10,
expires: 60,
});
+// highlight-end
const server = new ApolloServer({
typeDefs,
resolvers,
csrfPrevention: true,
- cache: new KeyvAdapter(new Keyv({ store: memcache })),
+ cache: new KeyvAdapter(new Keyv({ store: memcache })), // highlight-line
});
```
|