Gradle 2.1: JCenter access now uses HTTPS


(René Groeschke) #1

Within the last months, the Gradle development team has been repeatedly approached by different community members to support HTTPS where possible. Since we take security concerns of our community very serious, we agreed on adding support for HTTPS in Gradle where possible.

As a first step we changed the default Gradle download URLs to use HTTPS. The Gradle Daemon and the Gradle Wrapper now use HTTPS to download the Gradle distribution if using the default locations.

Gradle 2.1 will include another change in this direction and use HTTPS instead of HTTP as a default protocol for accessing <a href="https://bintray.com/bintray/jcenter”>Bintray’s JCenter Maven repository.

If you need a public maven repository and want to use HTTPS for resolving your third-party dependencies, JCenter is the easiest way to go, as the maven 2 central repository does not offer free support for HTTPS.

If you’re already using JCenter for resolving your dependencies this change shouldn’t have any effect. If you want to keep using the plain HTTP url instead, you can reconfigure the JCenter repository in your Gradle build to do so.


(René Groeschke) #2

It seems maven central is reacting: http://blog.sonatype.com/2014/07/ssl_connectivity_for_central/