Resolves SA-CONTRIB-2021-034.
The two commits merged since release 1.18:
* by DamienMcKenna, greggles, Grimreaper, izus: Add a permission for admin configuration form
* Issue #3041775 by mijpcw, izus: Undefined variable in alterItems method
Maintenance and security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:
Maintenance and security release of the Drupal 9 series.
Security release of GraphQL fixing a minor access bypass vulnerability on file uploads, see GraphQL - Moderately critical - Access bypass - SA-CONTRIB-2021-029.
2 additional fixes to entity reference language handling and test assertions were committed, thanks to Leksat and Kingdutch for your contribution
Full list of changes since 4.0: https://github.com/drupal-graphql/graphql/compare/8.x-4.1...8.x-4.2
Security release addressing Entity Embed - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2021-028.
Other miscellaneous bug fixes and improvements: