New Version of Swagger Codegen Plugs Security Vulnerabilities

Swagger Codegen 2.2.0 has been released with new functionality, security fixes, and improvements including JMustache update, codegen model improvement, addition of Apache 2.0 license to all generators, and additional integration tests using Shippable and AppVeyor. This latest release of Swagger Codegen includes a number of enhancements and bug fixes for API client generators and API server generators. Most importantly, this new version of Swagger CodeGen addresses a security vulnerability that was widely reported last month. The vulnerability involves Swagger-driven code generation tools that could potentially expose Node.js, PHP, Ruby and Java applications to injectable code payloads.

Swagger Codegen is an open source project that allows client libraries and server stubs to be generated from a Swagger-based API definition. In March of last year, SmartBear software acquired the Swagger API open source project from Reverb Technologies. 

There are quite a few platforms that feature automatic code and/or SDK generation based on API definition formats like Swagger and RAML. ProgrammableWeb has published several articles covering automatic code and/or SDK generation platforms including the release of APIMatic automatic code generator for APIs, a product review of REST United online application for automatically generating SDKs for REST APIs, and the addition of automatic SDK Generation to the MuleSoft Anypoint Platform.

Swagger Codegen 2.2.0 includes many enhancements and security fixes including (but not limited to):

  • Update JMustache to the latest version (v1.12)
  • Improvement to codegen model
  • Fix unicode issue when reading OpenAPI spec
  • Add Apache 2.0 license to all generators
  • Improvements to API documentation
  • Additional integration tests using Shippable and AppVeyor
  • Fixes to prevent code injection

For more information about Swagger Codegen 2.2.0 including a complete list of enhancements and bug fixes, visit the project repository on GitHub.

Disclosure: MuleSoft is the parent company to ProgrammableWeb.

Be sure to read the next SDK article: Twitter Launches Twitter Kit and Digits 2.0 for Android