dgraph

v25.3.4 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 23d NoSQL & Document

✓ No known CVEs patched

This release patches 1 known CVE

Topics

database distributed go knowledge-graph

ReleasePort's take

Moderate signal

editorial:auto 13d

Dgraph v25.3.4 patches CVE-2026-44840.

Why it matters: Patch to version v25.3.4 immediately if you are affected by CVE‑2026‑44840.

AI summary

Addressed CVE-2026-44840 security vulnerability.

Type	Severity	Summary	CVE
Security	Medium	Fix CVE-2026-44840 vulnerability. Fix CVE-2026-44840 vulnerability. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Improve lsbackup tool in backup module. Improve lsbackup tool in backup module. Source: llm_adapter@2026-05-21 Confidence: low	—
Dependency	Medium	Update Go runtime to a newer version. Update Go runtime to a newer version. Source: llm_adapter@2026-05-21 Confidence: low	—
Dependency	Medium	Upgrade jemalloc to version 5.3.1. Upgrade jemalloc to version 5.3.1. Source: llm_adapter@2026-05-21 Confidence: low	—
Performance	Medium	Deduplicate neighbor updates and fix error handling in Hnsw. Deduplicate neighbor updates and fix error handling in Hnsw. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix
Bugfix	Medium	Fix zero address change issue. Fix zero address change issue. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Address whitespace sensitivity in DQL conditional evaluation. Address whitespace sensitivity in DQL conditional evaluation. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Resolve test failures reported by @shiva-istari. Resolve test failures reported by @shiva-istari. Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

feat (backup): improve lsbackup tool by @shiva-istari in https://github.com/dgraph-io/dgraph/pull/9693
perf(hnsw): deduplicate neighbor updates and fix error handling by @shaunpatterson in https://github.com/dgraph-*
fix: zero address change by @shiva-istari in https://github.com/dgraph-io/dgraph/pull/9680
fix tests by @shiva-istari in https://github.com/dgraph-io/dgraph/pull/9694
fix(dql): whitespace sensitivity issues in conditional eval by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9692
fix: address CVE-2026-44840
chore: update go version by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9699
io/dgraph/pull/9664
chore: Update jemalloc to 5.3.1 by @RJKeevil in https://github.com/dgraph-io/dgraph/pull/9688

Full Changelog: https://github.com/dgraph-io/dgraph/compare/v25.3.3...v25.3.4

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track dgraph

Get notified when new releases ship.

About dgraph

high-performance graph database for real-time use cases