[jira] [Comment Edited] (RANGER-4304) Update swagger version in Ranger

Mon, 16 Sep 2024 23:49:05 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-4304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17882271#comment-17882271
 ] 

Mugdha Varadkar edited comment on RANGER-4304 at 9/17/24 6:48 AM:
------------------------------------------------------------------

[~madhan], we need to commit this patch  [^0001-RANGER-4304-ranger-site.patch]  
into https://github.com/apache/ranger-site for updating swagger version to 
5.4.2.  Refer old 
[comment|https://issues.apache.org/jira/browse/RANGER-4304?focusedCommentId=17763639&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17763639].



Does a ranger committer has access on https://github.com/apache/ranger-site to 
push any patch ?


was (Author: mugdha.varadkar):
[~madhan], we need to commit this patch  [^0001-RANGER-4304-ranger-site.patch]  
into https://github.com/apache/ranger-site for updating swagger version to 
5.4.2.  Refer old 
[comment|https://issues.apache.org/jira/browse/RANGER-4304?focusedCommentId=17763639&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17763639].



Does a ranger committer has access on https://github.com/apache/ranger-site to 
commit any patch ?

> Update swagger version in Ranger
> --------------------------------
>
>                 Key: RANGER-4304
>                 URL: https://issues.apache.org/jira/browse/RANGER-4304
>             Project: Ranger
>          Issue Type: Improvement
>          Components: documentation
>            Reporter: Arnout Engelen
>            Assignee: Mugdha Varadkar
>            Priority: Major
>             Fix For: 3.0.0, 2.5.0
>
>         Attachments: 0001-RANGER-4304-ranger-site.patch, 
> 0001-RANGER-4304.patch, 0002-RANGER-4304.patch
>
>
> The Ranger website embeds a Swagger UI, AFAICS currently version 2.2.10. 
> Older versions of swagger, such as this one, suffer from a number of security 
> weaknesses.
>  
> While fortunately [https://ranger.apache.org|https://ranger.apache.org/] does 
> not have any sensitive cookies or login mechanism or similar, so there isn't 
> really anything to compromise, it would be good to update to a recent version 
> of Swagger. Could you look into that?
>  
> It is somewhat unclear to me whether the ranger site is maintained in SVN 
> ([https://svn.apache.org/viewvc/ranger/site/)] or git 
> ([https://github.com/apache/ranger-site])



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to