sumigarg
commented
5 years ago Hi Swagger Team, please let me know if there is any work around on this. thanks Sumit
Open sumigarg opened 5 years ago
sumigarg
commented
5 years ago Hi Swagger Team, please let me know if there is any work around on this. thanks Sumit
3mard
commented
5 years ago Looks like this is an abandoned project, they should state that in their README
whitlockjc
commented
5 years ago I'll take a peek. Development on swagger-tools is halted, with only high impact bug fixes being implemented at this time. Please see #335 for more details.
firefoxNX
commented
4 years ago can there a release of swagger-tools with just updated third party modules? This will fix lot of security related issues.
dventurait
commented
2 years ago @whitlockjc is swagger-tools being deprecated? I would like to understand if vulnerabilities will be fixed. Also, sway-connect doesn't seems to be a recent project and active mantained. What is the alternative to swagger-tools that is being maintained?
Hi Team, we are using swagger-tools and now our security team has raised a License issue with it as Swagger is using json-refs which inturn is using Slash. Slash is flagged as vulnerable with GPL license. Our current version is: Swagger-tools : 0.10.1 → json-refs : 2.1.7 →slash : 1.0.0 (Vulnerable) we can upgrade it but slash vulnerability still remains and slash not in development from 2006. Could you please let us know if we have any alternative here. It is very critical as our production release will be stuck.