Gradle - v7.6.2
This is a patch release for 7.6. We recommend using 7.6.2 instead of 7.6.
This release addresses two security vulnerabilities:
* Dependency cache path traversal
* Path traversal vulnerabilities in handling of Tar archives
It also fixes the following issues:
* #23201 Backport dependency upgrades to 7.x
* #23202 Backport Scala incremental compilation fixes
* #23325 Backport JSoup update to resolve CVE-2022-36033
* #23458 Backport JUnit5 dynamic test logging bug fix
* #23681 Dependency graph resolution: Equivalent excludes can cause un-necessary graph mutations [backport 7.x]
* #23922 Backport "Use Compiler API data for incremental compilation after a failure" to 7.x
* #23951 Exclude rule merging: missing optimization [Backport 7.x]
* #24132 Extending an already resolved configuration no longer works correctly [backport 7.x]
* #24234 7.6.1 breaks gradle-consistent-versions
* #24390 Gradle 7.4 fails on multi release jar's with JDK 19 code
* #24439 Gradle complains about invalid tool chain - picking up the source package location - it should just ignore them [Backport]
* #24443 Maven artifact referenced only in dependency constraints raises IllegalStateException: Corrupt serialized resolution result [backport]
* #24901 Backport fix for test exception that cannot be deserialized to 7.x
Upgrade Instructions
Switch your build to use Gradle 7.6.2 by updating your wrapper:
./gradlew wrapper --gradle-version=7.6.2
See the Gradle 7.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading to Gradle 7.6.2.
Reporting Problems
If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.
Security
Details
- 🔍View and search all Gradle releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!