doesn't use https

An unqualified plugins block will fetch plugin jars from the Maven repo at This is an insecure default - it should use, similar to what the mavenCentral() and jcenter() functions default to.

Hi Kevin

Thanks for letting us know. We’ll take a look now and update here when resolved.

Kind Regards