Gradle does not recognize pom version range (e.g., [1.52,])

When a pom declares a transitive dependency with a version range, Gradle cannot resolve it.

Tested with Gradle 2.10 and Gradle wrappers for 2.0, 2.6, and 2.8. Seems that this is not a regression.

For a real-world example, try to declare the following dependency:
compile ‘org.mitre:openid-connect-server-webapp:1.2.4’

It will fail as follows:

Could not resolve all dependencies for configuration ‘:compile’.

Could not find org.bouncycastle:bcprov-jdk15on:[1.52,].
Searched in the following locations:[1.52,]/bcprov-jdk15on-[1.52,].pom[1.52,]/bcprov-jdk15on-[1.52,].jar
Required by:
:mitreid-overlay-delegate:unspecified > org.mitre:openid-connect-server-webapp:1.2.4 > org.mitre:openid-connect-server:1.2.4 > org.mitre:openid-connect-common:1.2.4

The excerpt from openid-connect-parent-1.2.4.pom:


We shouldn’t be failing with that, but it’s not clear that [1.5,] (closed range) is supposed to be a valid range:

Looking at the tests for Maven, they don’t test this particular range spec. It looks like they treat it the same as [1.5,) (open range).

You can workaround it with either a force rule (this selects a particular version):

configurations.all {
   resolutionStrategy {
      force 'org.bouncycastle:bcprov-jdk15on:1.54'

Or by adding a first level dependency yourself (this preserves the range behavior):

dependencies { 
   someConf 'org.bouncycastle:bcprov-jdk15on:[1.5,)'

I raised GRADLE-3392