Gradle 2.14 released

(Marco Vermeulen) #1

The Gradle team is pleased to announce Gradle 2.14.

The team is always working to improve the overall performance of Gradle, and this release does not disappoint. Gradle’s configuration time has dropped considerably through the application of some careful optimizations. The Gradle build itself has seen a 50% reduction in configuration time. You’ll see the biggest impact on multi-project builds, but everyone will benefit to some degree. This is reason enough to upgrade.

In other news, the Gradle daemon has become self-aware. Not in the AI sense, sadly, but you will find the daemon to be much more robust and resource-efficient now because it monitors its memory usage. It’s much less likely that you will need to manually kill daemons. Additionally, an important security vulnerability has been fixed concerning daemon communication and local privilege escalation. For more information read the corresponding section below. We strongly recommend that users upgrade to 2.14.

There are several other quality-of-life improvements for various users, including IntelliJ IDEA support for Play framework projects, and a fix that makes authoring plugins easier. In addition, we mentioned in our 2.13 release notes that composite build support is coming in Buildship 2.0. This amazing new feature will require Gradle 2.14 as a minimum version.

Finally, it’s time to start preparing for the departure of an old friend. Gradle 2.14 sees the deprecation of Java 6. It has been with us a long time now, reaching its official End of Life in 2013. You will still be able to use Java 6 with Gradle 2.14 and future versions, but you won’t be able to run Gradle 3.0 on it.

Enjoy the new version and let us know what you think!

Check the 2.14 release notes for more information.

Upgrade Instructions

Switch your build to use Gradle 2.14 quickly by updating your wrapper properties:

./gradlew wrapper --gradle-version=2.14

Standalone downloads are available at

Reporting Problems

If you find a problem with Gradle 2.14, please post a reply to this topic or create a new topic in Bugs. Be sure to include which operating system you are using, the version of Gradle you upgraded from and any steps you have found that reproduces your problem.

(Marco Vermeulen) #2

This topic is now a banner. It will appear at the top of every page until it is dismissed by the user.

(Donát Csikós) #3

We’ve added a section to the release notes describing an important security fix:

Local privilege escalation when using the Daemon

Gradle uses local network connections to communicate with the Gradle Daemon process. In previous versions, it was possible to detect on which local port a daemon process was listening to requests. Since the daemon process did not require authentication, an attacker on the same machine could execute arbitrary scripts using the privileges of the user who originally created the daemon. This vulnerability has been fixed in this release.

(Pepper Lebeck-Jobe) #4

This topic is no longer a banner. It will no longer appear at the top of every page.