You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pinot.apache.org by GitBox <gi...@apache.org> on 2020/08/28 20:50:55 UTC

[GitHub] [incubator-pinot] jackjlli opened a new pull request #5941: Bump up swagger-ui version and update related code

jackjlli opened a new pull request #5941:
URL: https://github.com/apache/incubator-pinot/pull/5941


   ## Description
   This PR bumps up swagger-ui version and updates related code.
   
   vulnerability: Swagger-ui before 3.18.0 is vulnerable to Reverse Tabnabbing. Setting target="_blank" on anchor tags is unsafe unless used in conjunction with the rel="noopener" attribute. Opening a link via target blank attribute can change the original page, origin policy restrictions set by the browser can be bypassed.
   
   The previous PR (https://github.com/apache/incubator-pinot/pull/5896) didn't make the related required code change in html files, and some frond-end files have already changed their locations in the newer swagger-ui version.
   
   The below is the screenshot after making the code change:
   ![Screen Shot 2020-08-28 at 1 43 21 PM](https://user-images.githubusercontent.com/35080149/91613767-071b7580-e935-11ea-9628-c206138af9be.png)
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] jackjlli commented on pull request #5941: Bump up swagger-ui version and update related code

Posted by GitBox <gi...@apache.org>.

jackjlli commented on pull request #5941:
URL: https://github.com/apache/incubator-pinot/pull/5941#issuecomment-683150005


   @kishoreg yeah it's because the locations for those front-end related files like css, js files have changed in the newer swagger-ui version.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] kishoreg commented on pull request #5941: Bump up swagger-ui version and update related code

Posted by GitBox <gi...@apache.org>.

kishoreg commented on pull request #5941:
URL: https://github.com/apache/incubator-pinot/pull/5941#issuecomment-683144893


   > what was the bug in the previous PR?
   
   Never mind looked at the diff and figured it out. Thanks for fixing it.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] mr-agrwal commented on pull request #5941: Bump up swagger-ui version and update related code

Posted by GitBox <gi...@apache.org>.

mr-agrwal commented on pull request #5941:
URL: https://github.com/apache/incubator-pinot/pull/5941#issuecomment-683909630


   LGTM


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] jackjlli merged pull request #5941: Bump up swagger-ui version and update related code

Posted by GitBox <gi...@apache.org>.

jackjlli merged pull request #5941:
URL: https://github.com/apache/incubator-pinot/pull/5941


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] kishoreg commented on pull request #5941: Bump up swagger-ui version and update related code

Posted by GitBox <gi...@apache.org>.

kishoreg commented on pull request #5941:
URL: https://github.com/apache/incubator-pinot/pull/5941#issuecomment-683144586


   what was the bug in the previous PR?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org