We are proud to announce the release of the new Gradle Wrapper Validation GitHub Action.
Gradle Wrapper in Open Source
gradle-wrapper.jar is a binary blob of executable code that is checked into nearly 2.8 Million GitHub Repositories.
Searching across GitHub you can find many pull requests (PRs) with helpful titles like ‘Update to Gradle xxx’. Many of these PRs are contributed by individuals outside of the organization maintaining the project.
Maintainers are grateful for these kinds of contributions as it takes an item off of their backlog. But there are security implications of accepting changes to the Gradle Wrapper...
❯ Read more
Starting in January 2020, Gradle services will only serve requests made with HTTPS. From that point on, all requests made with HTTP will be denied and any builds and artifact mirrors that use a Gradle URL with the non-secure HTTP protocol will fail.
If you are proxying our services through your own artifact servers like Artifactory or Nexus, you will need to ensure that you update your mirror configurations so they are using HTTPS instead of HTTP.
This change will impact the following services.
By default, the Gradle build tool uses HTTPS when resolving plugins from the Plugin Portal. You should be unaffected if you do not declare a custom plugin repository.
If your organization...
❯ Read more