[ https://issues.apache.org/jira/browse/RANGER-4304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17763639#comment-17763639 ]
Mugdha Varadkar commented on RANGER-4304: ----------------------------------------- This jira is in handling two fixes, # Updating the swagger version in Ranger Admin server - https://reviews.apache.org/r/74577/ # Updating the swagger version in [Ranger Site|https://ranger.apache.org/apidocs/ui/index.html] - [^0001-RANGER-4304-ranger-site.patch] [~sneethiraj] Request you to review and help in merging [^0001-RANGER-4304-ranger-site.patch] in https://github.com/apache/ranger-site for updating swagger version to 5.4.2 (https://ranger.apache.org/apidocs/ui/index.html) > Update swagger version in Ranger > -------------------------------- > > Key: RANGER-4304 > URL: https://issues.apache.org/jira/browse/RANGER-4304 > Project: Ranger > Issue Type: Improvement > Components: documentation > Reporter: Arnout Engelen > Assignee: Mugdha Varadkar > Priority: Major > Attachments: 0001-RANGER-4304-ranger-site.patch, > 0001-RANGER-4304.patch, 0002-RANGER-4304.patch > > > The Ranger website embeds a Swagger UI, AFAICS currently version 2.2.10. > Older versions of swagger, such as this one, suffer from a number of security > weaknesses. > > While fortunately [https://ranger.apache.org|https://ranger.apache.org/] does > not have any sensitive cookies or login mechanism or similar, so there isn't > really anything to compromise, it would be good to update to a recent version > of Swagger. Could you look into that? > > It is somewhat unclear to me whether the ranger site is maintained in SVN > ([https://svn.apache.org/viewvc/ranger/site/)] or git > ([https://github.com/apache/ranger-site]) -- This message was sent by Atlassian Jira (v8.20.10#820010)