Swagger Editor 3.6.36 Released!

⚠️ This release contains a security fix that addresses a CSS-based input field value exfiltration vulnerability. If you use Swagger UI to work with untrusted OpenAPI documents, you should upgrade to this version ASAP.

---

No source changes in this release.

The Swagger UI dependency was bumped to [email protected] in order to pick up a security fix included in that version.

Swagger Editor 3.6.35 Released!

This release improves the scoping of Swagger Editor's stylesheets: going forward, everything in the core CSS assets are scoped within .swagger-editor instead of #swagger-editor (via #2043).

This change will be transparent to most users, but if you're using a custom layout that does not reuse <EditorLayout> or <StandaloneLayout>, you may need to add className="swagger-editor" to the root element of your layout to pick up the new structure of the stylesheets in your layout. (As a reminder, CSS class names are not part of our public API, so this is not a breaking change.)

Swagger Editor 3.6.34 Released!

This release updates Swagger Editor's Docker image to build from the more up-to-date nginx:1.17-alpine base image, instead of alpine:3.4 (via #2041).

(These release notes are being published out-of-order due to a release script malfunction. Oops!)

Swagger Editor 3.6.33 Released!

This release includes a fix that improves the accuracy and messaging of Tag Object validation.

Changelog

• fix: validation of Tag Object uniqueness (via #2030)

Swagger Editor 3.6.32 Released!

Changelog

• housekeeping: @kyleshockey/js-yaml -> js-yaml (via #2025)
• housekeeping: npm audit resolutions (via #2018, #2024)
• housekeeping: webpack@4 + babel@7 (via #2020)

Swagger Editor 3.6.31 Released!

No source changes.

This release was made to update Swagger Editor's static distribution files with changes from Swagger UI 3.23.0.

Swagger Editor 3.6.30 Released!

This release includes several bugfixes and improvements for Swagger Editor's autosuggest engine.

Changelog

• improvement: catch AST errors in getLineNumberForPath (via #1979)
• improvement: support $ref value suggestions within OAS3 schema components (via #1999)
• fix: use platform-independent line separators for line detection (via #2001)
• housekeeping(docker): tighten application server security directives (via #1995)
• housekeeping: enhance trace reporting for AST composition errors (via #1997)
• housekeeping: preserve all lines in AST error output (via #1998)
• security: mitigate CVE-2018-20834 (via #1996)

Swagger Editor 3.6.29 Released!

Changelog

• improvement: catch AST errors in getLineNumberForPath (via #1979)
• housekeeping(docker): tighten application server security directives (via #1995)
• security: mitigate CVE-2018-20834 (non-user-facing, via #1996)

Swagger Editor 3.6.28 Released!

This release includes significant improvements to the quality of errors produced by Swagger Editor's structural validation system.

Changelog

• improvement(validation): adopt @webron's OpenAPI 3.0 schema (via #1984)
• improvement: schema validation error quality, phase 2 (via #1985)
• improvement: schema validation error quality, phase 3 (via #1987)
• fix(autosuggest): OAS3 fixed-field lookups (via #1971)
• housekeeping: make changelog generator more flexible (via #1970)
• housekeeping: store API document schemas as YAML (via #1982)

Swagger Editor 3.6.27 Released!

Changelog

• fix(autosuggest): OAS3 fixed-field lookups (via #1971)
• housekeeping: make changelog generator more flexible (via #1970)