JHipster 6.3.0 & 6.3.1: Security fixes and updated dependencies
JHipster 6.3.0: First-ever JHipster Security Advisory
The JHipster team released the minor version 6.3.0 on September 13, 2019. The headline feature is a fix for a security vulnerability in JWT authentication. This is the first time that the JHipster team published a security advisory with Github!
Besides that, Angular gets updated to version 8.2 (something that was sorely missing in the last release), Spring Boot to 2.1.8, and the Docker images to their latest versions.
JHipster 6.3.1: Emergency fix
The JHipster team published the minor release 6.3.1 on September 20, 2019. It turned out that the security vulnerability in JWT authentication (which was fixed in 6.3.0) affects other authentication mechanisms, too, except for OAuth2. So that is now fixed. Gradle was susceptible to man-in-the-middle attacks with HTTP addresses for repositories. That also got fixed.