[
https://issues.apache.org/jira/browse/CXF-7581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16289454#comment-16289454
]
Andriy Redko commented on CXF-7581:
-----------------------------------
Hi Sergey,
Thanks, make sense, last question please, the point you mentioned "... URI
connections to check the availability of the resources will get us new CVE
pretty soon ..." concerns. This is what we do at the moment in the
SwaggerUiService by calling `resourceURL.openStream()` (which is functionally
equivalent to `resourceURL.openConnection().connect()` followed by
`resourceURL.openConnection().openStream()`). Has is been overlooked? Should we
address the possible CVE scenarios here? Thanks.
Best Regards,
Andriy Redko
> SwaggerUIResourceFilter doesn't allow call to service endpoint
> --------------------------------------------------------------
>
> Key: CXF-7581
> URL: https://issues.apache.org/jira/browse/CXF-7581
> Project: CXF
> Issue Type: Bug
> Reporter: Michael McCaskill
> Assignee: Andriy Redko
> Priority: Minor
>
> I'm using CXF 3.2.0 with Swagger UI webjar 3.5.0 and Spring Boot 1.5.8.
> In the process of rewriting an api and trying to be backwards compatible with
> the existing one. There's one endpoint "/images/{imageId}" that I'd like to
> support. Unfortunately the SwaggerUIResourceFilter class specifically has a
> pattern that includes "/images". Is there way to either customize the pattern
> or have that class take into consideration the entire path (i.e. if the call
> is "/services/images" vs if the call is "/api-docs/images")?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
