Swagger UI 3.21.0 Released!

This release marks the introduction of a new flavor of Swagger UI: swagger-ui-react.

This new module exports a component for use in React applications, and allows you to use any React version you'd like, without fear of colliding with Swagger UI's internal React version.

We recommend that anyone using Swagger UI within a React application migrate to this module, instead of continuing to mount Swagger UI onto a React-created DOM node by ID.

This release also includes some fixes that improve Swagger UI's handling of rare edge cases in the resolver engine.

Note: this release was also erroneously pushed out as v3.20.10 - both versions' contents are identical.

Changelog

• feature: swagger-ui-react module (via #5207)
• improvement(docker): gzip static files (via #5199)
• improvement: gracefully render malformed and empty requestBodies (via #5208)
• improvement: subtree resolver batch handling (via #5193)

Swagger UI 3.20.9 Released!

This release contains a security fix that addresses a cross-site scripting vulnerability. If you use Swagger UI to display untrusted OpenAPI documents, you should upgrade to this version ASAP.

This release also changes Swagger UI's OperationSummary component to better tolerate badly-formed (i.e., non-string) summary fields.

Changelog:

• fix: gracefully handle non-string operation summaries (via #5189, #5191)
• fix: sanitize URLs used for OAuth auth flow (via #5190)

Swagger UI 3.20.8 Released!

Summary

This release contains styling fixes, support for x-www-form-urlencoded bodies without explicitly-defined request properties, and non-material security fixes from upstream modules.

In order to take advantage of the new X-Requested-With header in OAuth2 token requests, cross-origin APIs (which require CORS configuration) needs to send Access-Control-Allow-Headers: X-Requested-With as part of the OPTIONS response for your token endpoint. A CORS library will handle this for you - visit https://enable-cors.org for more guidance.

Changelog

• improvement: better operation path + summary overflow styling (via #5184)
• improvement: set X-Requested-With to prevent browser authentication dialog (via #4934)
• fix: provide JSON editor for x-www-form-urlencoded bodies lacking properties (via #5180)
• housekeeping: bump minimum lodash version (via #5156)

Swagger UI 3.20.7 Released!

Interface changes: none.

Changelog:

• improvement: generate non-smart Markdown quotes (via #5162)
• improvement(docker): smaller images via no-cache option (via #5157)
• fix: coerce multipart initial property values to string (via #5166)
• fix: gracefully handle malformed global tags array in taggedOperations selector (via #5159)
• fix: don't trigger url remote document load if urls is provided (via #5161)
• housekeeping: corresponding changes for swagger-api/swagger-editor#1935 (via #5170)
• housekeeping: losslessly crush PNG images with pingo (via #5158)

Swagger UI 3.20.6 Released!

Interface changes: none.

Changelog:

• improvement(docker): avoid caching mounted json/yml/yaml assets (via #5151)
• bug: parameter allowEmptyValue + required interactions (via #5142)
• housekeeping: add React compatibility issue to readme (via #5141)

Swagger UI 3.20.5 Released!

Interface changes: None.

Changelog:

• improvement: support Markdown in header descriptions (via #5120)
• improvement: add individual CSS classes to info items (via #5051)
• improvement: show description fields in form-data request bodies (via #5073)
• improvement: render request body description as Markdown (via #5078)
• fix: non-typesafe spec selector (via #5121)
• fix: tag-level deep link escaping inconsistencies (via #5117)
• fix: Immutable property access pattern (via #5112)
• fix: only apply instance-strip transformer to schema errors (via #5110)

Swagger UI 3.20.4 Released!

Interface changes: none.

Changelog:

• fix: urls.primaryName functionality regression (via #5097)

Swagger UI 3.20.3 Released!

Interface changes: none.

Changelog:

• improvement: generate default oauth2RedirectUrl based on page location (via #5085)
• improvement: add Schema/Model switching to ModelExample component (via #5080)
• housekeeping: branding updates (via #5084)

Swagger UI 3.20.2 Released!

Interface changes: none.

Changelog:

• improvement: OAuth2 UI and test suite (via #5066)
• fix: fall back to default configuration options in subtree resolver calls (via #5063)
• fix: label models section as Schemas in OpenAPI 3 (via #5065)

Swagger UI 3.20.1 Released!

Private interface changes:

• specSelectors.operationConsumes was removed in favor of the new specSelectors.consumesOptionsFor selector.

Changelog:

• improvement: hide Servers/Schemes/Authorize section when it's empty (via #4950)
• bugfix: only append type flag to curl if type is defined (via #5041)
• bugfix: apply css only on first child label and span for section header (via #4970)
• bugfix: path-item $ref produces/consumes inheritance (via #5049)