The CommonsBlog

Only one totally new artifact this time: androidx.xr.arcore:arcore-play-services.

You can find the rest of the 1000+ updated artifacts here!

—Nov 19, 2025

There is a new artifact group: androidx.xr.glimmer. It has a single artifact, named androidx.xr.glimmer:glimmer. I have not even a glimmer of an idea of what this is for, but XR is not my area.

Beyond that, you can find the rest of the 600+ updated artifacts here!

—Nov 06, 2025

This time, we got a new artifact group: androidx.xr.projected, with a single androidx.xr.projected:projected artifact. Android XR also got five other new artifacts:

• androidx.xr.arcore:arcore-projected
• androidx.xr.arcore:arcore-runtime
• androidx.xr.scenecore:scenecore-runtime
• androidx.xr.scenecore:scenecore-spatial-core
• androidx.xr.scenecore:scenecore-spatial-rendering

Beyond that, DataStore got WASM support, plus Camera and Media picked up new artifacts:

• androidx.camera:camera-camera2-pipe
• androidx.datastore:datastore-core-okio-wasm-js
• androidx.datastore:datastore-core-wasm-js
• androidx.datastore:datastore-preferences-core-wasm-js
• androidx.media3:media3-inspector
• androidx.media3:media3-ui-compose-material3

And, we got 975 artifact updates — see all of them here!

—Oct 22, 2025

Since Google declined to supply Gradle security advice to developers, here is my periodic reminder:

• Only use the Gradle Wrapper scripts and JAR from a project if you completely trust where they came from (e.g., were generated by Android Studio when you created the project). In particular, do not use the Gradle Wrapper from an arbitrary project that you grab off of GitHub or elsewhere on the Internet. Delete it or replace it with a locally-generated wrapper (gradle wrapper command).

• Always check the distributionUrl in the gradle-wrapper.properties file before importing a project into Android Studio or using the Gradle wrapper scripts, to see if the URL looks reasonable (e.g., points to gradle.org). Even better, if it has a distributionSha256Sum value, confirm that it is one that matches a known-good Gradle version.

Otherwise — especially if you decline to use Safe Mode in Android Studio — you may wind up the victim of an attack, as I wrote about 2.5 years ago.

It may also be worthwhile to examine the Gradle plugins and compile-time annotation processors to see if there is anything unusual, though “unusual” is difficult to quantify.

—Oct 12, 2025

No new artifacts this week, but we did get updates to 842 of them, including:

• A stable 1.1.0 release for androidx.metrics:metrics-performance

• A new minor release for heifwriter

• New patch releases for Camera, Compose, HealthConnect, Room, and Wear Compose

View all the changes here!

—Oct 08, 2025