Actual behavior
Gradle 9.3.1 is already available here.
However, in IDEasy metadata this is not showing up here.
Start: Install gradle
Found 2 CVE(s) for version 8.9 of tool gradle:
CVE-2026-22816 with severity 7.4 and affected versions: [(,8.14.4), [9.0.0,9.3.0)]
https://nvd.nist.gov/vuln/detail/CVE-2026-22816
CVE-2026-22865 with severity 7.4 and affected versions: [(,8.14.4), [9.0.0,9.3.0)]
https://nvd.nist.gov/vuln/detail/CVE-2026-22865
Found 2 CVE(s) for version 8.10 of tool gradle:
CVE-2026-22816 with severity 7.4 and affected versions: [(,8.14.4), [9.0.0,9.3.0)]
https://nvd.nist.gov/vuln/detail/CVE-2026-22816
CVE-2026-22865 with severity 7.4 and affected versions: [(,8.14.4), [9.0.0,9.3.0)]
https://nvd.nist.gov/vuln/detail/CVE-2026-22865
Please note that by selecting an unsafe version to install, you accept the risk to be attacked.
Which version do you want to install?
Option 1: current (8.9 - unsafe)
Option 2: nearest (8.10 - unsafe)
We need to analyse why our GradleUrlUpdater is not finding the new versions.
To fix the CVEs new releases need to be supported!
Reproduce
- ide install gradle *
- ide list-versions gradle
Expected behavior
IDEasy should support the latest version of gradle!
IDEasy status
IDE_ROOT is set to D:/projects
IDE_HOME is set to D:/projects/project
Your version of IDEasy is 2026.03.001-SNAPSHOT.
You are using a SNAPSHOT version of IDEasy. For stability consider switching to a stable release via 'ide upgrade --mode=stable'
Your version of IDEasy is 2026.03.001-SNAPSHOT but version 2026.03.001-20260227.031021-2 is available. Please run the following command to upgrade to the latest version:
ide upgrade
Your operating system is windows(10.0)@x64 [Windows 11@amd64]
You are online.
Found bash executable at: C:/Program Files/Git/usr/bin/bash.***
Found git executable at: C:/Program Files/Git/mingw64/bin/git.***
Your settings are up-to-date.
Successfully completed ide (status)
Related/Dependent issues
#23
Comments/Hints
https://github.com/devonfw/IDEasy/blob/main/url-updater/src/main/java/com/devonfw/tools/ide/url/tool/gradle/GradleUrlUpdater.java
URL updater was implemeted as web-crawler what is unstable. Needs to be updated to GitHubUrlUpdater.
See:
https://github.com/devonfw/IDEasy/actions/workflows/update-urls.yml
Actual behavior
Gradle 9.3.1 is already available here.
However, in IDEasy metadata this is not showing up here.
We need to analyse why our
GradleUrlUpdateris not finding the new versions.To fix the CVEs new releases need to be supported!
Reproduce
Expected behavior
IDEasy should support the latest version of gradle!
IDEasy status
Related/Dependent issues
#23
Comments/Hints
https://github.com/devonfw/IDEasy/blob/main/url-updater/src/main/java/com/devonfw/tools/ide/url/tool/gradle/GradleUrlUpdater.java
URL updater was implemeted as web-crawler what is unstable. Needs to be updated to GitHubUrlUpdater.
See:
https://github.com/devonfw/IDEasy/actions/workflows/update-urls.yml