You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Gradle distribution is downloaded over unencrypted http, leaving the installation of Gradle itself open to man-in-the-middle attacks.
Moreover, even if gradleVersion is set to a version for which the Gradle wrapper was already installed externally (and through https), this plugin seems to download it again – via http!
It turns out that these issues can be solved by upgrading the gradle-tooling-api dependency from 1.7 (which dates from 2012!) to at least 1.12. But since the default Gradle version installed is already 2.4 (a bit behind the current one, 2.11, but whatever), perhaps the Tooling API dependency could be updated to at least that same version?
The text was updated successfully, but these errors were encountered:
The Gradle distribution is downloaded over unencrypted http, leaving the installation of Gradle itself open to man-in-the-middle attacks.
Moreover, even if
gradleVersionis set to a version for which the Gradle wrapper was already installed externally (and through https), this plugin seems to download it again – via http!It turns out that these issues can be solved by upgrading the
gradle-tooling-apidependency from 1.7 (which dates from 2012!) to at least 1.12. But since the default Gradle version installed is already 2.4 (a bit behind the current one, 2.11, but whatever), perhaps the Tooling API dependency could be updated to at least that same version?The text was updated successfully, but these errors were encountered: