This is an automated email from the ASF dual-hosted git repository.
jackie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-pinot.git
The following commit(s) were added to refs/heads/master by this push:
new e9ad1e0 Update swagger ui path (#5896)
e9ad1e0 is described below
commit e9ad1e017bf06ac579014357462c86861a31cf7d
Author: Jialiang Li <j...@linkedin.com>
AuthorDate: Tue Aug 18 14:40:23 2020 -0700
Update swagger ui path (#5896)
This PR updates swagger ui version and its related paths.
vulnerability: Swagger-ui before 3.18.0 is vulnerable to Reverse
Tabnabbing. Setting target="_blank" on anchor tags is unsafe unless used in
conjunction with the rel="noopener" attribute. Opening a link via target blank
attribute can change the original page, origin policy restrictions set by the
browser can be bypassed.
---
LICENSE-binary | 2 +-
.../java/org/apache/pinot/broker/broker/BrokerAdminApiApplication.java | 2 +-
.../org/apache/pinot/controller/api/ControllerAdminApiApplication.java | 2 +-
.../java/org/apache/pinot/server/starter/helix/AdminApiApplication.java | 2 +-
.../pinot/tools/service/PinotServiceManagerAdminApiApplication.java | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/LICENSE-binary b/LICENSE-binary
index 245b59c..69181c4 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -424,7 +424,7 @@ org.scala-lang:scala-library:2.11.11
org.scala-lang:scala-reflect:2.11.11
org.scala-lang:scalap:2.11.0
org.testng:testng:6.11
-org.webjars:swagger-ui:2.2.10-1
+org.webjars:swagger-ui:3.18.2
org.xerial.java:xerial-core:2.1
org.xerial.larray:larray:0.2.1
org.xerial.larray:larray-buffer:0.2.1
diff --git
a/pinot-broker/src/main/java/org/apache/pinot/broker/broker/BrokerAdminApiApplication.java
b/pinot-broker/src/main/java/org/apache/pinot/broker/broker/BrokerAdminApiApplication.java
index 51e7a2e..ba262fd 100644
---
a/pinot-broker/src/main/java/org/apache/pinot/broker/broker/BrokerAdminApiApplication.java
+++
b/pinot-broker/src/main/java/org/apache/pinot/broker/broker/BrokerAdminApiApplication.java
@@ -81,7 +81,7 @@ public class BrokerAdminApiApplication extends ResourceConfig
{
_httpServer.getServerConfiguration().addHttpHandler(httpHandler, "/api/",
"/help/");
URL swaggerDistLocation =
-
BrokerAdminApiApplication.class.getClassLoader().getResource("META-INF/resources/webjars/swagger-ui/2.2.10-1/");
+
BrokerAdminApiApplication.class.getClassLoader().getResource("META-INF/resources/webjars/swagger-ui/3.18.2/");
CLStaticHttpHandler swaggerDist = new CLStaticHttpHandler(new
URLClassLoader(new URL[]{swaggerDistLocation}));
_httpServer.getServerConfiguration().addHttpHandler(swaggerDist,
"/swaggerui-dist/");
}
diff --git
a/pinot-controller/src/main/java/org/apache/pinot/controller/api/ControllerAdminApiApplication.java
b/pinot-controller/src/main/java/org/apache/pinot/controller/api/ControllerAdminApiApplication.java
index c5978ba..54342fa 100644
---
a/pinot-controller/src/main/java/org/apache/pinot/controller/api/ControllerAdminApiApplication.java
+++
b/pinot-controller/src/main/java/org/apache/pinot/controller/api/ControllerAdminApiApplication.java
@@ -156,7 +156,7 @@ public class ControllerAdminApiApplication extends
ResourceConfig {
httpServer.getServerConfiguration().addHttpHandler(apiStaticHttpHandler,
"/api/");
httpServer.getServerConfiguration().addHttpHandler(apiStaticHttpHandler,
"/help/");
- URL swaggerDistLocation =
loader.getResource("META-INF/resources/webjars/swagger-ui/2.2.10-1/");
+ URL swaggerDistLocation =
loader.getResource("META-INF/resources/webjars/swagger-ui/3.18.2/");
CLStaticHttpHandler swaggerDist = new CLStaticHttpHandler(new
URLClassLoader(new URL[]{swaggerDistLocation}));
httpServer.getServerConfiguration().addHttpHandler(swaggerDist,
"/swaggerui-dist/");
}
diff --git
a/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/AdminApiApplication.java
b/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/AdminApiApplication.java
index e3e8c12..a8d01ee 100644
---
a/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/AdminApiApplication.java
+++
b/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/AdminApiApplication.java
@@ -110,7 +110,7 @@ public class AdminApiApplication extends ResourceConfig {
httpServer.getServerConfiguration().addHttpHandler(staticHttpHandler,
"/help/");
URL swaggerDistLocation =
-
AdminApiApplication.class.getClassLoader().getResource("META-INF/resources/webjars/swagger-ui/2.2.10-1/");
+
AdminApiApplication.class.getClassLoader().getResource("META-INF/resources/webjars/swagger-ui/3.18.2/");
CLStaticHttpHandler swaggerDist = new CLStaticHttpHandler(new
URLClassLoader(new URL[]{swaggerDistLocation}));
httpServer.getServerConfiguration().addHttpHandler(swaggerDist,
"/swaggerui-dist/");
}
diff --git
a/pinot-tools/src/main/java/org/apache/pinot/tools/service/PinotServiceManagerAdminApiApplication.java
b/pinot-tools/src/main/java/org/apache/pinot/tools/service/PinotServiceManagerAdminApiApplication.java
index 8be7308..5243164 100644
---
a/pinot-tools/src/main/java/org/apache/pinot/tools/service/PinotServiceManagerAdminApiApplication.java
+++
b/pinot-tools/src/main/java/org/apache/pinot/tools/service/PinotServiceManagerAdminApiApplication.java
@@ -77,7 +77,7 @@ public class PinotServiceManagerAdminApiApplication extends
ResourceConfig {
_httpServer.getServerConfiguration().addHttpHandler(httpHandler, "/api/",
"/help/");
URL swaggerDistLocation =
PinotServiceManagerAdminApiApplication.class.getClassLoader()
- .getResource("META-INF/resources/webjars/swagger-ui/2.2.10-1/");
+ .getResource("META-INF/resources/webjars/swagger-ui/3.18.2/");
CLStaticHttpHandler swaggerDist = new CLStaticHttpHandler(new
URLClassLoader(new URL[]{swaggerDistLocation}));
_httpServer.getServerConfiguration().addHttpHandler(swaggerDist,
"/swaggerui-dist/");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org
