Check if wrapper matches the version specified in properties
Opened this issue · 1 comments
hfhbd commented
You could update the Gradle version in the properties but forget to update the wrapper too.
This could also be a (theoretically) security risk by checking-in a valid but outdated wrapper which could have vulnerabilities.
Marcono1234 commented
I assume this also has another security advantage: Currently the checksum is allowed to match any of the checksums of the 200+1 versions. This likely makes it easier (but it is still difficult) to create a malicious JAR which has a hash collision with any of the 200+ possible checksums, than causing a hash collision with a single checksum.
Footnotes
-
Maybe that number is too high, since multiple versions might use the same wrapper version. ↩