Swagger UI 3.24.3 Released!

Changelog

• housekeeping: npm audit fix (#5718)

Swagger UI 3.24.2 Released!

This release reverts Swagger UI's upgrade to redux@^4 (via #5569), which was causing test failures in downstream projects.

Swagger UI 3.24.1 Released!

⚠️ This release includes security updates. You should upgrade to this version if you use Swagger UI to render untrusted documents.

Specifically, this version updates Swagger UI's dompurify dependency to ^2.0.7, which mitigates our exposure to dompurify's mXSS vulnerability that was disclosed earlier this week.

Changelog

• fix: code highlight styles are now only applied pre.microlight (#5673)
• housekeeping: npm audit resolutions (#5681)
• housekeeping(deps): redux v4 (#5569)
• housekeeping(deps): redux-immutable v4 (#5639)
• housekeeping(dev-deps): babel monorepo (#5682)
• housekeeping(dev-deps): [email protected] (#5683)

Swagger UI 3.24.0 Released!

Changelog

• feature: add PKCE support for OAuth2 Authorization Code flows (#5361)
• fix: parameterMacro functionality for OAS3 (#5617)
• fix(validateParam): validate JSON values + support Parameter.content (#5657)
• fix: overweight dependencies in PKCE implementation (#5658)

Swagger UI 3.23.11 Released!

⚠️ This release contains a security fix that addresses a CSS-based input field value exfiltration vulnerability. If you use Swagger UI to display untrusted OpenAPI documents, you should upgrade to this version ASAP.

Changelog

• fix: mitigate "sequential @import chaining" vulnerability (via #5616)

Swagger UI 3.23.10 Released!

This release fixes two bugs: one visual issue within static documentation, and another within runtime validation for Array-typed parameters.

Changelog

• fix: <Select disabled> for type: string + enum schemas (#5601)
• fix: accept string-represented values in required array runtime validation (#5609)

Swagger UI 3.23.9 Released!

This release changes the default value for the validatorUrl configuration option from https://online.swagger.io/validator to https://validator.swagger.io/validator.

Swagger UI 3.23.8 Released!

This release fixes an issue with Swagger 2.0 required body parameter runtime validation (#5583) that was introduced in v3.23.7.

Swagger UI 3.23.7 Released!

This release includes new support for display and Try-It-Out functionality of OAS 3.0 Parameter.content values.

Changelog

• feature: support for Parameter.content (#5571)
• housekeeping(dev-deps): [email protected]
• 43db164 2019-08-27 | docs: clarify that preauthorizeApiKey works for OAS3 Bearer auth too (#5566)

Swagger UI 3.23.6 Released!

This release fixes a React warning originating in Swagger UI and a CSS class name collision with Bootstrap 4.0.

It also includes several in-range updates to minimum dependency versions.

Changelog

• fix: React warning related to "true" used as boolean (via #5497)
• fix: remove .col class that causes collision with Bootstrap (via #5541)