GraphDB 11.3.0 Release Notes

23/04/2026

Note

GraphDB 11.3.3 addresses several external vulnerabilities, including a critical vulnerability affecting the Online Certificate Status Protocol. This release also fixes several bugs, such as one which causes unwanted snapshot replication, and one where queries for compacting the indexes are not forwarded.

We recommend everyone to upgrade.

Bug fixing

	Description	Introduced	Severity
GDB-14373	Working with triples in RDF-star may result in an error	11.3.1	Major
GDB-14311	Cannot compact indexes on SHACL repositories	9.x	Major
GDB-13626	GraphDB startup fails during Java version detection when the environment variable `_JAVA_OPTIONS` is set	11.2	Medium

Bug fixing

	Description	Introduced	Severity
GDB-14404	Cluster formation and communication fails when the x509 certificate authentication is configured using the new `graphdb.connector.ssl.*` namespace	11.2	Major
GDB-14323	Trying to save a query without a name causes snapshot replication		Major

Fixed third-party vulnerabilities

Vulnerability	Severity
CVE-2026-22735	2.6 Low
CVE-2026-22737	5.9 Medium
CVE-2026-24880	7.5 High
CVE-2026-25854	6.1 Medium
CVE-2026-29129	7.5 High
CVE-2026-29145	9.1 Critical
CVE-2026-29146	7.5 High
CVE-2026-32990	5.3 Medium
CVE2026-34237	6.1 Medium
CVE-2026-34483	7.5 High
CVE-2026-34487	7.5 High
CVE-2026-34500	6.5 Medium
CVE-2026-35554	8.7 High
CVE-2026-35568	5.1 Medium

Note

See also third-party vulnerabilities for all other known high or critical third-party vulnerabilities.

In this section: