This is a security bugfix release containing only one PR: #2902

GraphQL Java has a max token limit per request preventing DOS attacks. But in some circumstances it was not enough to prevent malicious requests. This release fixes this problem.

All details can be found here: #2892