ยซ Changelog History


Hex v0.19.0 Release Notes

Release Date: 2019-01-15 // over 5 years ago

  • โœจ Enhancements

    • ๐Ÿ‘Œ Improve output of mix hex.config
    • ๐Ÿ“ฆ Print publisher in mix hex.info PACKAGE VERSION
    • โž• Add organization flag to dependency config in mix hex.info PACKAGE

    ๐Ÿ› Bug fixes

    • Don't follow symlinks when adding files to tarballs
    • ๐Ÿ— Error with a descriptive msg when building a package with git dependencies
    • ๐Ÿ‘Œ Improve listing of incompatible package versions when displaying backtrack error message
    • ๐Ÿ‘Œ Improve resolver performance when it needs to do a lot of backtracking

    ๐Ÿ”’ Security fixes

    • Verify authenticity of registry records. This fixes a vulnerability that would allow a malicious mirror to serve modified versions of Hex packages. A new check has been introduced that requires the latest registry record version, if you are using a repository or mirror that has not been updated yet you can disable this check by setting the environment variable HEX_NO_VERIFY_REPO_ORIGIN=1. Further clarification of this issue will come at a later stage.