You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pinot.apache.org by ja...@apache.org on 2020/08/18 21:40:41 UTC
[incubator-pinot] branch master updated: Update swagger ui path
(#5896)
This is an automated email from the ASF dual-hosted git repository.
jackie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-pinot.git
The following commit(s) were added to refs/heads/master by this push:
new e9ad1e0 Update swagger ui path (#5896)
e9ad1e0 is described below
commit e9ad1e017bf06ac579014357462c86861a31cf7d
Author: Jialiang Li <jl...@linkedin.com>
AuthorDate: Tue Aug 18 14:40:23 2020 -0700
Update swagger ui path (#5896)
This PR updates swagger ui version and its related paths.
vulnerability: Swagger-ui before 3.18.0 is vulnerable to Reverse Tabnabbing. Setting target="_blank" on anchor tags is unsafe unless used in conjunction with the rel="noopener" attribute. Opening a link via target blank attribute can change the original page, origin policy restrictions set by the browser can be bypassed.
---
LICENSE-binary | 2 +-
.../java/org/apache/pinot/broker/broker/BrokerAdminApiApplication.java | 2 +-
.../org/apache/pinot/controller/api/ControllerAdminApiApplication.java | 2 +-
.../java/org/apache/pinot/server/starter/helix/AdminApiApplication.java | 2 +-
.../pinot/tools/service/PinotServiceManagerAdminApiApplication.java | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/LICENSE-binary b/LICENSE-binary
index 245b59c..69181c4 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -424,7 +424,7 @@ org.scala-lang:scala-library:2.11.11
org.scala-lang:scala-reflect:2.11.11
org.scala-lang:scalap:2.11.0
org.testng:testng:6.11
-org.webjars:swagger-ui:2.2.10-1
+org.webjars:swagger-ui:3.18.2
org.xerial.java:xerial-core:2.1
org.xerial.larray:larray:0.2.1
org.xerial.larray:larray-buffer:0.2.1
diff --git a/pinot-broker/src/main/java/org/apache/pinot/broker/broker/BrokerAdminApiApplication.java b/pinot-broker/src/main/java/org/apache/pinot/broker/broker/BrokerAdminApiApplication.java
index 51e7a2e..ba262fd 100644
--- a/pinot-broker/src/main/java/org/apache/pinot/broker/broker/BrokerAdminApiApplication.java
+++ b/pinot-broker/src/main/java/org/apache/pinot/broker/broker/BrokerAdminApiApplication.java
@@ -81,7 +81,7 @@ public class BrokerAdminApiApplication extends ResourceConfig {
_httpServer.getServerConfiguration().addHttpHandler(httpHandler, "/api/", "/help/");
URL swaggerDistLocation =
- BrokerAdminApiApplication.class.getClassLoader().getResource("META-INF/resources/webjars/swagger-ui/2.2.10-1/");
+ BrokerAdminApiApplication.class.getClassLoader().getResource("META-INF/resources/webjars/swagger-ui/3.18.2/");
CLStaticHttpHandler swaggerDist = new CLStaticHttpHandler(new URLClassLoader(new URL[]{swaggerDistLocation}));
_httpServer.getServerConfiguration().addHttpHandler(swaggerDist, "/swaggerui-dist/");
}
diff --git a/pinot-controller/src/main/java/org/apache/pinot/controller/api/ControllerAdminApiApplication.java b/pinot-controller/src/main/java/org/apache/pinot/controller/api/ControllerAdminApiApplication.java
index c5978ba..54342fa 100644
--- a/pinot-controller/src/main/java/org/apache/pinot/controller/api/ControllerAdminApiApplication.java
+++ b/pinot-controller/src/main/java/org/apache/pinot/controller/api/ControllerAdminApiApplication.java
@@ -156,7 +156,7 @@ public class ControllerAdminApiApplication extends ResourceConfig {
httpServer.getServerConfiguration().addHttpHandler(apiStaticHttpHandler, "/api/");
httpServer.getServerConfiguration().addHttpHandler(apiStaticHttpHandler, "/help/");
- URL swaggerDistLocation = loader.getResource("META-INF/resources/webjars/swagger-ui/2.2.10-1/");
+ URL swaggerDistLocation = loader.getResource("META-INF/resources/webjars/swagger-ui/3.18.2/");
CLStaticHttpHandler swaggerDist = new CLStaticHttpHandler(new URLClassLoader(new URL[]{swaggerDistLocation}));
httpServer.getServerConfiguration().addHttpHandler(swaggerDist, "/swaggerui-dist/");
}
diff --git a/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/AdminApiApplication.java b/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/AdminApiApplication.java
index e3e8c12..a8d01ee 100644
--- a/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/AdminApiApplication.java
+++ b/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/AdminApiApplication.java
@@ -110,7 +110,7 @@ public class AdminApiApplication extends ResourceConfig {
httpServer.getServerConfiguration().addHttpHandler(staticHttpHandler, "/help/");
URL swaggerDistLocation =
- AdminApiApplication.class.getClassLoader().getResource("META-INF/resources/webjars/swagger-ui/2.2.10-1/");
+ AdminApiApplication.class.getClassLoader().getResource("META-INF/resources/webjars/swagger-ui/3.18.2/");
CLStaticHttpHandler swaggerDist = new CLStaticHttpHandler(new URLClassLoader(new URL[]{swaggerDistLocation}));
httpServer.getServerConfiguration().addHttpHandler(swaggerDist, "/swaggerui-dist/");
}
diff --git a/pinot-tools/src/main/java/org/apache/pinot/tools/service/PinotServiceManagerAdminApiApplication.java b/pinot-tools/src/main/java/org/apache/pinot/tools/service/PinotServiceManagerAdminApiApplication.java
index 8be7308..5243164 100644
--- a/pinot-tools/src/main/java/org/apache/pinot/tools/service/PinotServiceManagerAdminApiApplication.java
+++ b/pinot-tools/src/main/java/org/apache/pinot/tools/service/PinotServiceManagerAdminApiApplication.java
@@ -77,7 +77,7 @@ public class PinotServiceManagerAdminApiApplication extends ResourceConfig {
_httpServer.getServerConfiguration().addHttpHandler(httpHandler, "/api/", "/help/");
URL swaggerDistLocation = PinotServiceManagerAdminApiApplication.class.getClassLoader()
- .getResource("META-INF/resources/webjars/swagger-ui/2.2.10-1/");
+ .getResource("META-INF/resources/webjars/swagger-ui/3.18.2/");
CLStaticHttpHandler swaggerDist = new CLStaticHttpHandler(new URLClassLoader(new URL[]{swaggerDistLocation}));
_httpServer.getServerConfiguration().addHttpHandler(swaggerDist, "/swaggerui-dist/");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org