Update dependency io.springfox:springfox-swagger-ui to v2.10.0 [SECURITY] #5
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.6.1
->2.10.0
GitHub Vulnerability Alerts
CVE-2019-17495
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
Release Notes
springfox/springfox (io.springfox:springfox-swagger-ui)
v2.10.0
Compare Source
v2.9.2
: ReleaseCompare Source
2.9.2 Release
© JUDITH VRUGT, NATIONAL GEOGRAPHIC YOUR SHOT
Thank you for the patience with this release. More importantly, thank you for your contributions in helping identify bugs and issues and improving the library with your contributions!
Pull requests and contributions
Bugs
@robinsonmark
duplicate
@gionnduplicate
@andyRokit@dilipkrish
duplicate
@FossilBladeduplicate
@gionnduplicate
@litttlefisherduplicate
@maraswronaduplicate
@andyRokitduplicate
@steveFeature
v2.9.1
Compare Source
v2.8.0
: ReleaseCompare Source
Photograph by Margaret Krzepkowski
Thank you everyone for your contributions.
While this release still doesnt support OpenAPI 1.0 spec, it does bring support for the new swagger-ui look thanks to @kasecato!! 🙇
Apologies for the delayed release schedule of 2.8.0. Much of the work in this release was to shore up the library for significant work in the near future to support in 2.9.0
swagger1
2.9.0 will be the last supported release for Java 6/Java 7. Much of 2.9.0 will focus on Improvements in the model rendering thanks to @MaksimOrlov! 🙇 (support @JsonView, better support for rendering the same models in request/response, inheritance support). Please note the deprecation warnings to prepare for breaking changes in 3.0.0.
Pull Requests
(#2178) Change regex in Paths.java to handle expressions/constraints correctly @nobe0716
(#2174) fix fmt maintenanc @silenceshell
(#2169) Swagger ui 3.x suggested improvements
feature
@kasecato(#2160) Fix conversion of byte to integer with max / min
bug
@avdv(#2153) Upgrading Swagger UI to 3.7.0 @kasecato
(#2144) Allow ApiModelProperties on methods to be discovered from superclasses @RoyJacobs
(#2106) Add support for exclusive ranges handling @filiphr
(#2103) Fix some tests under windows @apixandru
(#2101) Fix Remapping issue @apixandru
(#2081) Fix child expansion context creation
bug
@gzsombor(#2069) Optimise HandlerMethodResolver.getMemberMethods
maintenance
@simongajdosech(#2066) Added error handling around "duplicate" request handlers @mate1983
(#2048) Support explicit ordering for Tags @jroweboy
(#2040) Use Guava 20.0 throughout the project maintenance @Thunderforge
(#2014) Fix markdown @koppor
(#2013) Fixed merging headers from the already existing request with the supplied request @pvanassen
(#1988) custom the web page title as swagger.title when had set it @rainplus
(#1974) Add default property support on model properties
feature
@matrosovs(#1956) @ApiModelProperty example string does not escape char "" from JSON example @heapifyman
(#1952) Fix to recognize @Param as query parameter in EntitySearchExtractor know @viruscamp
(#1943) Wrong API resource path in Swagger 1.2 @mathieuales
(#1942) Model classes having names containing integers are not detected as array @mathieuales
(#1917) Consumes / Produces media-types on the document level aren't copied and merged anymore with the operation level consumes / produces media-types. @mzeijen
(#1914) Provide proprty pattern annotation support @simonamc
(#1897) Correct spelling and typos @naXa777
(#1878) Preserve tags order in documentation builder @rainoko
(#1868) Create EntitySaveExtractor.java @jadhavsuhas
(#1838) Fix a mixed up part in the Getting Started guide for Docket @PeterWippermann
(#1837) Minor update of Docket's JavaDoc @PeterWippermann
(#1829) JacksonEnumDeterminer to handle JsonFormat.Shape.Object @yelhouti
Features
(#2177) Paths.sanitizeRequestMappingPattern fix @nobe0716
(#2139) Should support "title" property, set via @ApiModel annotation. @ngbalk
(#2088) @ApiParam(allowableValues = "range(0, infinity)") does not work @filiphr
(#2063) Added support for Pageable resolved parameter @avillev
(#2057) Swagger-ui don't render additionalProperties
duplicate
@deblockt(#2026) Produces/Consumes do not maintain order @jgaribay21
(#2023) Is it possible to disable globalResponseMessage configuration partially.
duplicate
@dohoon(#2021) @ApiModelProperty.allowEmptyValue = true/false does not emit "allowEmptyValue" in swagger.json @bill
(#2000) Upgrade to latest version of Swagger UI (3.1.5)
duplicate
@madheshr(#1960) Upgrade to swagger-ui 3.0
duplicate
@alex(#1957) springfox doesn't work with spring boot 2.0 and spring data Kay-RC2
duplicate
@shashankitmaster(#1955) Add support for inclusive and exclusive ranges for allowable values @JohnNiang
(#1946) collectionFormat problem @vitek499
(#1936) configuration for adding dynamic api-key(access token value).
duplicate
@akashgupta08(#1919) Add support to rename ApiModel property name in Model Attributes @peterjurkovic
(#1901) Pattern Bean Validations API (JSR-303) support for Request Parameters help wanted @simonamc
(#1900) Tag custom ordering @rainoko
(#1818) JsonFormat for enum and other cases @yelhouti
(#1729) Status of support for v3.0.2 of Swagger UI
duplicate
@JLLeitschuhMaintenance
(#2161) How to set a default value to a field of a model? in progress @michele
(#2093) swagger-ui.html appears to be empty
documentation
@silentsnooc(#2090) When using AlternateTypeRuleConvention ApiModelProperty annotation does not work @snimavat
(#2031) How to get object in response body in autogenerated swagger.json file
documentation
@rajat(#2029) ApiImplicitParam with empty datatype fails when we try it out
documentation
@ljp510016132(#1995) View APIs from different Spring Cloud Instances registered in Eureka
documentation
@s(#1971) Vavr/Javaslang Jackson module support
documentation
@Sir4ur0n(#1954) Multiple swagger JSON's in swagger-ui.html
documentation
@dreambrother(#1950) Document support customized param using HandlerMethodArgumentResolver
documentation
@neil4dong(#1916) Consumes and produces media-types defined on Docket are incorrectly merged together with consumes/produces media-types that are defined on a resource level @mzeijen
(#1913) Space getting added to oAuth scope while making authorization request
documentation
@mojaiq(#1904) Nondeterministic output for Models used in multiple controllers
documentation
@kevinm416(#1899) Upgrade libraries @dilipkrish
(#1896) Wrong spelling and typos in code @naXa777
(#1882) @RepositoryRestResource -- ApiParam definition for the JPA methods always defines the @Param as "body" type parameter @aniruthmp
(#1875) Tags should be orderable @rainoko
(#1870) The lasted version supported for Swagger UI 3.x? @maliqiang
(#1865) Can't test the configuration 404 not found
documentation
@pinkyjain26(#1833) Different guava versions in dependencies @Dimok74
(#1704) Document springfox oauth2
documentation
duplicate
@kidshgBugs
(#2165) AlternateTypeRules doesn't work as expected @crmky
(#2148) 2.7.1-SNAPSHOT NullPointerException when attempting to view http://localhost:8080/v2/api-docs @beardy247
(#2138) java.util.Optional<java.time.OffsetDateTime> disappears from request params
duplicate
@bohdan(#2135) No qualifying bean error when launching spring 5.0.x application with springfox
duplicate
@gauravphoenix(#2133) Optional @kitsjory
(#2132) @ApiModelProperty has no effect on some variables (name starting with one lowercase)
not-reproducable
@bbrenne(#2118) Request type mapping doesn't work if using both RequestBody and ModelAttribute on the same parameter @andrea
(#2114) @RequestParam and @PathVariable annotated parameters should not be expanded @loxal
(#2111) Application startup failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'documentationPluginsBootstrapper' @shobhit921
(#2107) @ApiParam ignores certain properties
duplicate
@milosonator(#2097) Swagger 2 : Getting "type": "ref" when using @RequestPart
duplicate
@jrishabh198(#2096) @ApiParam is ignored on ValueObjects wrapped with @JsonCreator @dkellenb
(#2080) NullPointerException in handlerPackage
duplicate
@ejuniorasas(#2072) Springfox generates Api-Doc for non-exported Repositories @stoetti
(#2053) @PathVariable work with Parameter Converter strangely
duplicate
@cxl086(#2039) Endpoints with the same path and parameters but different headers some times cause java.lang.IllegalArgumentException: Multiple entries with same key @joaoacmota
(#2025) SpringFox-Data-Rest 2.7.0: Missing camelCase with generated Associations operationIds @stoetti
(#2015) Add support for generics
not-reproducable
wontfix
@raderio(#2012) Duplicated swagger.json document
not-reproducable
@cesartl(#2011) OperationBuilder mergeResponseMessages overwrites headers @pvanassen
(#1999) Generated JSON for endpoints with PathVariables converted to non-trivial objects is incorrect
duplicate
@joel(#1998) PathVarible composed of Custom Objects are not parsed correctly
duplicate
@frbo42(#1965) @RequestPart annotation not rendering models correctly @pratapyelugula
(#1963) Spring Data Rest Integration doesn't document repository method parameters correctly @thombergs
(#1961) Springfox - Authorization value didn't update after Authorize confirmed.. @thomasharin
(#1941) swagger-ui does not remove java string escape char "" from @ApiModelProperty example @heapifyman
(#1932) BasePathAwareController docs aren't base path aware @fquinner
(#1926) Can't be filtered by ignoredParameterTypes
not-reproducable
@heyuxian(#1924) Unable to define host in Swagger 1.2 @mathieuales
(#1906) Swagger shows wrong id field using Spring Data Rest
duplicate
@drenda(#1894) @EnableSwagger2 breaking my unit tests
not-reproducable
@rawadrifai(#1890) Can't declare Docket in multiple Configuration classes
not-reproducable
@lorenzobenvenuti(#1887) @ApiResponses tag does not override default responses
not-reproducable
@muff1nman(#1880) Wrong API resource path in Swagger 1.2 @mathieuales
(#1876) NullPointerException with Spring Data Rest integration @drenda
(#1866) 2.7.0 does not list PATCH methods from Spring Data Rest @jadhavsuhas
(#1864) @NotNull not working to mark field as required @sddakoty
(#1860) [Spring boot] @EnableAspectJAutoProxy cause endpoint scanning failed
duplicate
@jdupont22(#1841) Overloaded method does not respect the "tag" option @jackmatt2
(#1839) Primary keys are added to path parameters for Spring Data Rest Entities POST request after upgrading to 2.7.0 @jadhavsuhas
(#1830) CORS headers disappeared after upgrading to 2.7.0
not-reproducable
@gionn(#1804) Api key input missing in swagger ui after upgrading version to 2.6.1 @prajapatkiran
(#1781) Swagger JSON generated by SpringFox shows 'Consumes' for GET and DELETE operations @dcp65
(#1672) Swagger-UI giving 405 (Method not allowed) when called
not-reproducable
@GarrettMosierv2.7.0
: ReleaseCompare Source
Photo credit Mark Summers via National Geographic
Thank you for being patient with this release. This is packed with bug fixes (over 40 of them) and over 15 new features.
Many thanks to those contributing with feature requests, questions, bug reports and most importantly helping out with pull requests. With time being such a premium, its getting harder and harder to address without the contributions of the many listed below.
Significant changes in this release
PRs (Thank you 🙇)
#1806 Update PropertySourcedRequestMappingHandlerMapping.java @OzgaRobert
#1793 [#1770] Remove the requirement for property sources placeholder @dilipkrish
#1782 Model property vendor extension @philippejulien
#1776 Fix Swagger version error in documentation @ersinciftci
#1761 Vendor Extensions for API Info and Documentation @jkgentry
#1758 Use double backtick to prevent miss parsing @naxhh
#1741 1740 @JsonUnwrapped is ignored by schema generation test @StepanLeybo
#1730 Fix a typo at the common-problems documentation file @florianrusch
#1717 Adding vendorExtensions in apiKey class @cfernandezh
#1702 Make ApiResourceController methods public @psyho
#1699 Make Swagger2Controller respect basePath even if a host is not set @asdcdow
#1693 Fix for https://github.com/springfox/springfox/issues/1653 @pjskyboy
#1667 #1666 allowableValues blank for Optional parameter @madgnome
#1660 waffle.io Badge maintenance @waffle
#1617 Updated swagger-ui version to 2.2.8 @acourtiol
#1593 OAuth2 not initialized when clientSecret undefined @gonzalad
#1589 Apply ApiParam hidden attribute to parameters @defshine
#1576 Added support for composed bean validation constraints @jamesbassett
#1371 JSR-303 for Request parameters, Fix Allowable values not displayed in Apidocs, Externalizing Api Descriptions @jfiala
Features
#1759 Support for property vendor extensions @philippejulien
#1707 Removal of "swagger-ui.html" from uri path causes swagger-ui JavaScript error @LukeHackett
#1636 VendorExtension support in ApiKey @mlstocks
#1627 Error with group handling response @marchc
#1592 OAuth2 clientSecret shouldn't be required for implicit flow @gonzalad
#1590 springfox-data-rest : Pageable not supported duplicate @tooms4444
#1544 [Feature request] JDK8 JSR310 types support @cbornet
#1497 springfox-staticdocs : Update to last swagger2markup version @orevial
#1490 Infer alternate type rules using serializers and deserializers @justcoon
#1423 @RequestParam with placeholders syntax like ${x.y} @blelem
#1413 Ability to set VendorExtensions on ApiInfo? @michael-pratt
#1367 Springfox overwrites swagger path entries with the same base path but with different content types @codecounselor
#1299 Feature Request: Upgrade swagger2markup version to v1.0.0 duplicate @fayndee
#1227 Bean Validations API (JSR-303) support for Request Parameters @jfiala
#1169 Add Support For Documenting Services In Grails Projects @dilipkrish
#1008 Models with different packages are not represented uniquely in the generated swagger document @tenstriker
#824 Support vendor extensions in operations @cbornet
#1736 Spring-Data-Rest support for property references
Maintenance
#1701 Make ApiResourceController methods public @psyho
#1694 Fixed the intermittent build failures @dilipkrish
#1675 Why generic method names are being generated for Spring Data Rest? @tahir
#1653 springfox-data-rest: 2.6.1 spring-data-rest: 2.6 RepositoryRestHandlerMapping constructor broken @cbbs
#1644 Update library to support for Spring 5 @binkley
#1628 swagger-ui 2.2.10 @IanSwift
#1621 2.6.1 breaks @Value placeholder replacement @2is10
#1505 Release process fails when updating the documentation @dilipkrish
Bugs
#1797 How to write a custom ApiListingScannerPlugin? @indrabasak
#1786 StackOverflowError In 2.6.1 @tcsw1221
#1785 @ApiOperation "response" value causing docs to ignore model annotations @bfinleyui
#1780 ConcurrentModificationException on startup with -20170420.041823-43 @gionn
#1778 javax @Valid annotation makes parameter as requestbody-parameter @jmattheis
#1775 Swagger version error in documentation @ersinciftci
#1772 BasePath can't be defined without host @astafev
#1770 SNAPSHOT breaks @Value placeholder replacement @stacysimpson
#1767 Unable to implement and use ApiListingScannerPlugin @stacysimpson
#1749 Error resolving $ref pointer for input DTO @gionn
#1746 How to override API-Documentation of generated endpoints (spring-data-rest) @florianrusch
#1734 swagger ui not showing the default parameter value zero @liudonghua123
#1732 Default value of "supportedSubmitMethods" in springfox.js @thadc23
#1727 Jackson required/optional @raderio
#1726 @Size is not working @raderio
#1725 If you have both Read and Write operation in single Controller readOnly do not work. But if only Write it works. @dzmitryhil
#1724 Swagger methods in multiple groups being renamed @nitin02
#1708 @EnableSwagger2 interfering with application configuration. @rycentious
#1706 X-Forwarded-Port NumberFormatException: For input string: "443,443" looking-for-contributions @sixcorners
#1698 [BUG] custom swagger endpoint returns a 404. Default endpoint works. @ahatzz11
#1697 Problem with direct model substitution @cbornet
#1677 OAuth2 request adds
vendorExtension
scope to all auth requests @pmlido#1676 Invalid attributes that starts with x or y @isolisduran
#1670 Question: how to use @ApiParam annotation on a parameter defined in an interface? @taxone
#1666 AllowableValues blank for Optional parameter @madgnome
#1651 ResponseHeaders do not preserve lexical ordering question @ahatzz11
#1648 Operation ordering is not working @neil
#1632 Invalid response model for class with name "File" @dreambrother
#1623 Swagger annotations like @ApiParam, @ApiOperation annotation work for Spring Data Rest operations @taxone
#1615 api_docs shows content but swagger-ui (2.6.1) is empty @StefanSchubert
#1613 HTML code in API description in ignored using springfox-swagger-ui 2.6.1 @anouarchattouna
#1605 Response with a byte array does not work as expected @maukito
#1603 StackOverflowError on swagger generation @jmattheis
#1597 @ApiParam value is not respected @sta
#1594 IndexOutofBoundException when using unbounded Map models @sac10nikam
#1588 springfox-data-rest : @Param annotation not supported @tooms4444
#1580 Can't expand the operation when I set @Api tags by chinese wontfix @letorn
#1571 2.6.1 Cannot read property of custom enum list @jearton
#1569 When using ApiKey "keyname" is mapped incorrectly in progress @jmattheis
#1507 Broken basePath with AbstractPathProvider in version 2.5.0 of springfox-swagger2 @danielbcorreia
#1435 Setting a Custom basePath Requires Setting a Static Host in 2.5 looking-for-contributions @asdcdow
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.