Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ENH] Upgrade Swagger Dependencies #99

Open
ThoreKr opened this issue Jun 8, 2021 · 1 comment
Open

[ENH] Upgrade Swagger Dependencies #99

ThoreKr opened this issue Jun 8, 2021 · 1 comment
Milestone

Comments

@ThoreKr
Copy link
Contributor

ThoreKr commented Jun 8, 2021

The restmapper pulls in a rather dated release of io.swagger:swagger-jersey2-jaxrs (Nov 2017).

There are two potential ways to fix this:

  1. Upgrade to 1.6.2;
    The 1. release has seen a couple of updates (last in June 2020) and seems not to break too many things. This however could already provide a couple of improvements, mostly because jersey pulls in jackson and that version is authoritative fol all other projects. There have been a couple of CVEs, mostly with medium severity and related to potential denial of service attacks.

  2. Upgrade to Swagger Core 2
    This is a larger upgrade with probable impact on other services, as endpoint annotations have to be updated, but would provide the quite noteable milestone of OpenAPI 3.0 support.

Version Rereference. https://github.com/swagger-api/swagger-core#compatibility

@AlexanderNeumann AlexanderNeumann added this to the v1.2.0 milestone Jun 16, 2021
@pdolif
Copy link
Member

pdolif commented Oct 13, 2021

Upgraded to version 1.6.3 (see 6325aa5).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants