Open sumigarg opened 5 years ago
Hi Swagger Team, please let me know if there is any work around on this. thanks Sumit
Looks like this is an abandoned project, they should state that in their README
I'll take a peek. Development on swagger-tools
is halted, with only high impact bug fixes being implemented at this time. Please see #335 for more details.
can there a release of swagger-tools with just updated third party modules? This will fix lot of security related issues.
@whitlockjc is swagger-tools being deprecated? I would like to understand if vulnerabilities will be fixed. Also, sway-connect doesn't seems to be a recent project and active mantained. What is the alternative to swagger-tools that is being maintained?
Hi Team, we are using swagger-tools and now our security team has raised a License issue with it as Swagger is using json-refs which inturn is using Slash. Slash is flagged as vulnerable with GPL license. Our current version is: Swagger-tools : 0.10.1 → json-refs : 2.1.7 →slash : 1.0.0 (Vulnerable) we can upgrade it but slash vulnerability still remains and slash not in development from 2006. Could you please let us know if we have any alternative here. It is very critical as our production release will be stuck.