Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ENH] Upgrade Swagger Dependencies #99

Open
ThoreKr opened this issue Jun 8, 2021 · 1 comment
Open

[ENH] Upgrade Swagger Dependencies #99

ThoreKr opened this issue Jun 8, 2021 · 1 comment
Labels
enhancement
Milestone
v1.2.0

Comments

@ThoreKr
Copy link
Contributor

ThoreKr commented Jun 8, 2021

The restmapper pulls in a rather dated release of io.swagger:swagger-jersey2-jaxrs (Nov 2017).

There are two potential ways to fix this:

  1. Upgrade to 1.6.2;
    The 1. release has seen a couple of updates (last in June 2020) and seems not to break too many things. This however could already provide a couple of improvements, mostly because jersey pulls in jackson and that version is authoritative fol all other projects. There have been a couple of CVEs, mostly with medium severity and related to potential denial of service attacks.

  2. Upgrade to Swagger Core 2
    This is a larger upgrade with probable impact on other services, as endpoint annotations have to be updated, but would provide the quite noteable milestone of OpenAPI 3.0 support.

Version Rereference. https://github.com/swagger-api/swagger-core#compatibility
@AlexanderNeumann AlexanderNeumann added this to the v1.2.0 milestone Jun 16, 2021
@pdolif
Copy link
Member

pdolif commented Oct 13, 2021

Upgraded to version 1.6.3 (see 6325aa5).

@pdolif pdolif mentioned this issue Dec 3, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
v1.2.0
Development

No branches or pull requests
3 participants
@ThoreKr @AlexanderNeumann @pdolif