2020.10.20
Release date: 13 June 2023
We have fixed an issue that affected Swagger UI versions 3.14.1 to 3.37.2, allowing their libraries to fetch potentially malicious specification files linked through Swagger UI. Note that the issue is not directly exploitable, and it requires an authenticated user to actually open the malicious link.
To overcome this, we strongly advise you to update to the latest possible version (major or cumulative update).
Please see the security advisory for details.
You can download the latest product version from the Customer Portal.
We recommend that you regularly check the deprecation timeline for any updates regarding features that will be deprecated and removed.
