Gradle 5.6 is the last minor release for Gradle 5.x and brings with it a pretty hefty list of changes, including 59 fixes. There’s also an important security update, which fixes an issue with information disclosure.
No more leaking authentication data
It was discovered that using the Gradle build tool to resolve dependencies against a custom authenticated repository may leak authentication data to third parties.
When authenticating to a repository host, Gradle sends authentication headers first to the host in the initial repository URL, but in the case of a redirect (30X HTTP response code), Gradle also sends the authentication headers to the redirect host. Authentication headers often contain privacy sensitive information or data that could allow others to impersonate the user.
They are not aware of anyone having exploited the flaw, but nevertheless encourage upgrading if at all possible, as the features causing the problem are in the codebase and therefore not easy to disable.
RESOLVING TECHNICAL DEBTS IN SOFTWARE ARCHITECTURE
Dr. Carola Lilienthal (WPS – Workplace Solutions)
KEEPING UP WITH JAVA: LOOK AT ALL THESE NEW FEATURES!
Simon Ritter (Azul Systems)
CLOUD NATIVE COMMUNICATION: USING AMBASSADOR AND CONSUL CONNECT WITH JAVA APPS
Dr. Daniel Bryant (Big Picture Tech Ltd)
Faster Groovy compilation
This update includes two new features to accelerate Groovy compilation; Groovy compilation avoidance and incremental Groovy compilation. Compilation avoidance is an experimental feature that speeds things up by avoiding recompiling dependent projects if they haven’t had anything that affects their output changed. Incremental compilation means that if only a small set of Groovy source files have been changed, only the affected source files are recompiled.
Test fixtures for Java projects
A new Java test fixtures plugin has been introduced that can be used in tandem with the java or java-library plugin to create a conventional testFixtures source set. It will automatically connect the wires so that test compilation depends on test fixtures. They gave an example, too:
dependencies {
// this will add the test fixtures of "my-lib" on the compile classpath of the tests of _this_ project
testImplementation(testFixtures(project(":my-lib")))
}
SEE ALSO: Tooling as code – Having truly self-contained Gradle builds
Central management of plugin versions with settings script
Gradle 5.6 also simplifies plugin version management. Just configure all plugin versions in a settings script with the new pluginManagement.plugins{} block, build scripts can apply plugins via the plugins{} block without the version being specified:
pluginManagement {
plugins {
id 'org.my.plugin' version '1.1'
}
}
And a few more changes
- Better performance for very large projects on Windows using the Java library plugin
- Improved handling of ZIP archives on classpaths
- Support for PMD incremental analysis
- Executable Jar support with
project.javaexecandJavaExec - Fail the build on deprecation warnings
- Changes to file name case on case-insensitive file systems are now handled correctly
- Unavailable files are handled more gracefully
- Rich console output on Linux aarch64 machines
- Debug support for forked Java processes
- Improvements for plugin authors
- Improvements for tooling providers
They also promoted the API around artifact transforms so that it is no longer incubating.
Read the full Gradle 5.6 release notes here.
The post Gradle 5.6 released – faster Groovy compilation, new plugin for Java test fixtures & more appeared first on JAXenter.
Source : JAXenter
