This repository has been archived by the owner on Aug 4, 2023. It is now read-only.
Swagger-tools raising security risks #606
Comments
|
Hi Swagger Team, |
|
Looks like this is an abandoned project, they should state that in their README |
|
I'll take a peek. Development on |
|
can there a release of swagger-tools with just updated third party modules? This will fix lot of security related issues. |
|
@whitlockjc is swagger-tools being deprecated? I would like to understand if vulnerabilities will be fixed. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi Team,
we are using swagger-tools and now our security team has raised a License issue with it as Swagger is using json-refs which inturn is using Slash.
Slash is flagged as vulnerable with GPL license.
Our current version is:
Swagger-tools : 0.10.1
→ json-refs : 2.1.7
→slash : 1.0.0 (Vulnerable)
we can upgrade it but slash vulnerability still remains and slash not in development from 2006.
Could you please let us know if we have any alternative here. It is very critical as our production release will be stuck.
The text was updated successfully, but these errors were encountered: