swagger-ui DOM XSS #1076

blockisec · 2022-06-28T05:43:58Z

The swagger-ui which is used by docsy is outdated and prune to a DOM XSS vulnerability.

LisaFC · 2022-06-30T18:15:55Z

@theletterf do you want to take a look at this, I know you added this shortcode?

theletterf · 2022-08-16T13:53:26Z

Hi there! Sorry, I was on paternity leave.

I guess you'd have to update the swagger-ui dependency, or add it as a dependency even.

chalin · 2023-05-04T15:35:47Z

@theletterf - is this something you are name able to help with? Thanks!

theletterf · 2023-05-05T05:58:06Z

I think so. Let me have a look. Could you assign this one to me?

emckean self-assigned this Aug 16, 2022

chalin mentioned this issue May 4, 2023

BSv5.2 upgrade followup #1510

Open

14 tasks

chalin added dependencies Pull requests that update a dependency file e0-minutes Effort < 60 min e1-hours p1-high labels May 4, 2023

chalin assigned theletterf and unassigned emckean May 15, 2023

theletterf mentioned this issue May 24, 2023

Docsy doesn't support rendering Swagger UI using OpenAPI 3.1.X #1520

Closed

theletterf mentioned this issue Jul 5, 2023

Replace static Swagger-ui distribution with unpkg version #1604

Merged

LisaFC closed this as completed in #1604 Jul 12, 2023

Provide feedback