Gradle - v8.4.0
The Gradle team is excited to announce Gradle 8.4.
Amongst other improvements, this release addresses two security vulnerabilities:
- Incorrect permission assignment for symlinked files used in copy or archiving operations
- Possible local text file exfiltration by XML External entity injection
We would like to thank the following community members for their contributions to this release of Gradle:
Ahmed Ehab,
Andrei Rybak,
Baptiste Decroix,
BjΓΆrn Kautler,
Cesar de la Vega,
Ganavi Jayaram,
Gaurav Padam,
hwanseok,
J.T. McQuigg,
Jakub Chrzanowski,
Jendrik Johannes,
kackey0-1,
Konstantin Gribov,
Pratik Haldankar,
Qinglin,
Sebastian Schuberth,
Thad House,
valery1707,
Vladimir Sitnikov,
wuyangnju,
Yanming Zhou,
Yanshun Li,
Yusuke Uehara,
zeners
Upgrade instructions
Switch your build to use Gradle 8.4 by updating your wrapper:
./gradlew wrapper --gradle-version=8.4
Reporting problems
If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.
We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.
Security
Security wording was detected, but no CVEs were found.
Details
- πView and search all Gradle releases.
- π οΈCreate and share lists to track your tools.
- π¨Setup notifications for major, security, feature or patch updates.
- πMuch more coming soon!