Author: Karsten Silz Oct 2, 2019 1 min read


JHipster 6.3.0 & 6.3.1: Security fixes and updated dependencies

JHipster portrait #3

JHipster 6.3.0: First-ever JHipster Security Advisory

The JHipster team released the minor version 6.3.0 on September 13, 2019. The headline feature is a fix for a security vulnerability in JWT authentication. This is the first time that the JHipster team published a security advisory with Github!

Besides that, Angular gets updated to version 8.2 (something that was sorely missing in the last release), Spring Boot to 2.1.8, and the Docker images to their latest versions.

Github has the 247 closed tickets and merged pull requests for this release.

JHipster 6.3.1: Emergency fix

The JHipster team published the minor release 6.3.1 on September 20, 2019. It turned out that the security vulnerability in JWT authentication (which was fixed in 6.3.0) affects other authentication mechanisms, too, except for OAuth2. So that is now fixed. Gradle was susceptible to man-in-the-middle attacks with HTTP addresses for repositories. That also got fixed.

Github has the 48 closed tickets and merged pull requests for this release.

This month in "How to Build Java Applications Today":
News is back, Release Radar & Editorial are new, Technology Index is updated. Read my editorial: Log4Shell Shows The Need for "Trustworthy Java".

Read my newsletter

comments powered by Disqus