JHipster release v6.3.1 Permalink to "JHipster release v6.3.1"

Warning, this release fixes an important security vulnerabilities:

  • Our previous release had an important security vulnerability, please read the v6.3.0 release notes for more information. It was announced that this vulnerability was only for users using JWT authentication: the issue is in fact wider, and affects people using session-based authentication and UAA authentication. Only people using OAuth2 authentication (with services like Keycloak or Okta) are safe. This was already fixed in the previous release, so there is nothing specific for this in this release.
  • We have a new vulnerability that affects Gradle users. The generated configuration file contained one Maven repository configured with HTTP, and not HTTPS, which could lead to man-in-the-middle attacks when doing a build. You will find all information in the security advisory, but to make a long story short: you should use HTTPS both in your Maven and Gradle build files.

What’s new in this release

This release closes 48 tickets and pull requests. It’s a patch release, so those are mostly library upgrades, bug fixes, as well as a number of smaller feature enhancements.

Closed tickets and merged pull requests Permalink to "Closed tickets and merged pull requests"

As always, you can check all closed tickets and merged pull requests here.

How to upgrade Permalink to "How to upgrade"

Automatic upgrade

For an automatic upgrade, use the JHipster upgrade sub-generator on an existing application:

Upgrade your version of JHipster:

npm update -g generator-jhipster

And then run the upgrade sub-generator:

jhipster upgrade

Manual upgrades

For a manual upgrade, first upgrade your version of JHipster with:

npm update -g generator-jhipster

If you have an existing project, it will still use the JHipster version with which it was generated. To upgrade your project, you must first delete its node_modules folder and then run:

jhipster

You can also update your project and all its entities by running

jhipster --with-entities

You can also update your entities one-by-one by running again the entity sub-generator, for example if your entity is named Foo

jhipster entity Foo

Help and bugs Permalink to "Help and bugs"

If you find any issue with this release, don’t hesitate to:

If the issue you have is an urgent bug or security issue, please: