DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

The software you build is only as secure as the code that powers it. Learn how malicious code creeps into your software supply chain.

Apache Cassandra combines the benefits of major NoSQL databases to support data management needs not covered by traditional RDBMS vendors.

Generative AI has transformed nearly every industry. How can you leverage GenAI to improve your productivity and efficiency?

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Related

  • Understanding Dependencies...Visually!
  • While Performing Dependency Selection, I Avoid the Loss Of Sleep From Node.js Libraries' Dangers
  • Why I Started Using Dependency Injection in Python
  • Understanding ldd: The Linux Dynamic Dependency Explorer

Trending

  • Operational Principles, Architecture, Benefits, and Limitations of Artificial Intelligence Large Language Models
  • Mastering Fluent Bit: Installing and Configuring Fluent Bit on Kubernetes (Part 3)
  • The Smart Way to Talk to Your Database: Why Hybrid API + NL2SQL Wins
  • Event-Driven Architectures: Designing Scalable and Resilient Cloud Solutions
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. Fixing Gradle Dependency Resolution

Fixing Gradle Dependency Resolution

Maven Central and Bintray have announced that they will discontinue support for TLS v1.1 and below. Here’s what you need to know to correct your Gradle builds.

By 
Eric Wendelin user avatar
Eric Wendelin
·
Updated Jun. 25, 18 · Tutorial
Likes (2)
Comment
Save
Tweet
Share
16.3K Views

Join the DZone community and get the full member experience.

Join For Free

Maven Central and Bintray have announced that they will discontinue support for TLS v1.1 and below. Here’s what you need to know to correct your Gradle builds if you’re affected.

You will need to take action if you are using Java 6 or 7 and using Gradle versions 2.1 through 4.8.

How to Check if You’re Affected

You may already be getting one of the following errors from your build after an error message saying: “Could not resolve [coordinates]”:

Received fatal alert: protocol_version

or

Peer not authenticated

If not, you can check to see whether you will be affected by running the following code:

gradle --version       # Without Gradle Wrapper

./gradlew --version    # Using Gradle Wrapper on *nix

gradlew.bat --version  # Using Gradle Wrapper on Windows


It will print something like this:

------------------------------------------------------------
Gradle 3.5
------------------------------------------------------------

Build time:   2017-04-10 13:37:25 UTC
Revision:     b762622a185d59ce0cfc9cbc6ab5dd22469e18a6

Groovy:       2.4.10
Ant:          Apache Ant(TM) version 1.9.6 compiled on June 29 2015
JVM:          1.7.0_80 (Oracle Corporation 24.80-b11)
OS:           Mac OS X 10.13.5 x86_64


You must take action, if all of these are true:

  • JVM version is Java 7u130 or lower
  • and the Gradle version is between 2.1 and 4.8, inclusive
  • and you have declared a repository {} of mavenCentral() or jcenter()

How to Use TLS 1.2 for Dependency Resolution

You can take any one of the following actions to use TLS v1.2+:

  • Run Gradle with Java 1.7.0_131-b31 or above
  • or upgrade to Gradle 4.8.1 or above
  • or replace mavenCentral() with maven { url = "http://repo.maven.apache.org/maven2" } and jcenter() with maven { url = "http://jcenter.bintray.com" }

The first two solutions are recommended. While, the third opens a possible attack vector.

Other Resources

Posts about discontinued support for old versions of TLS on Maven Central and in the Bintray knowledge base explain the background for the necessity of these changes.

You may also find Gradle-specific details from gradle/gradle#5740 on GitHub.

Gradle Dependency

Published at DZone with permission of Eric Wendelin, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Understanding Dependencies...Visually!
  • While Performing Dependency Selection, I Avoid the Loss Of Sleep From Node.js Libraries' Dangers
  • Why I Started Using Dependency Injection in Python
  • Understanding ldd: The Linux Dynamic Dependency Explorer

Partner Resources

×
Comments

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: