Gradle Wrapper Supply Chain Attack
Gradle, Inc. has reported that MinecraftOnline had malicious Gradle Wrapper JARs in some of their repositories.
I warned about this sort of possibility six years ago and off and on thereafter.
I’ll re-up the same sorts of points that I have made before:
Do not use the Gradle Wrapper from an arbitrary project that you grab off of GitHub or elsewhere on the Internet. Delete it or replace it with a locally-generated wrapper (
Consider not publishing the Gradle Wrapper in your projects. Historically, I would publish
gradle-wrapper.properties, but not the actual Gradle Wrapper JAR and scripts.