The v0.19 release includes an important security fix to anyone accessing Hex repositories through a mirror. A bug has been found that would allow a malicious mirror to serve modified versions of Hex packages. hex versions 0.14.0 to 0.18.2 and rebar3 versions 3.7.0 to 3.7.5 are vulnerable. Make sure to update to hex 0.19.0 and rebar3 3.8.0.
