Gradle Release Notes

Version 6.4-rc-4

The Gradle team is excited to announce Gradle 6.4-rc-4.

This release features highly anticipated support for building and testing Java Modules, precompiled Groovy DSL script plugins for better build logic organization, and a single lock file per project resulting in fewer lock files in projects using dependency locking.

There are also several other improvements and bug fixes.

We would like to thank the following community contributors to this release of Gradle:

Roberto Perez Alcolea, SheliakLyr, James Baiera, Patrick Koenig, Matthew Duggan, David Burström, Nelson Osacky, Sebastian Schuberth, Ismael Juma, Steve Vermeulen, Victor Turansky, and Lars Kaulen.

Table Of Contents

Upgrade instructions

Switch your build to use Gradle 6.4-rc-4 by updating your wrapper:

./gradlew wrapper --gradle-version=6.4-rc-4

See the Gradle 6.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading to Gradle 6.4-rc-4.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Building, testing and running Java Modules

With this release, Gradle supports the Java Module System with everything you need to compile and execute tests for Java modules. You can also build Javadoc and run applications.

While there is some overlap with Gradle's dependency management features, Java Modules offer additional features like module boundaries that are enforced by the Java runtime.

The only thing you need to configure is module path inference for the Java plugins:

java {

Then you just need to make sure that you write a proper Java module by providing a descriptor as part of your sources:

└── main
    └── java

For more details, head over to the documentation on building modules, building modular applications and testing modules.

Also feel free to explore the samples.

Precompiled Groovy DSL script plugins

Script plugins are a convenient way to split up and organize a long build script, but they have some limitations and quirks. Kotlin DSL introduced precompiled script plugins that look like regular build scripts but have all of the advantages of binary plugins. They can:

Gradle now allows precompiled script plugins to be written using the Groovy DSL in addition to the Kotlin DSL.

For example, a Gradle script in buildSrc/src/main/groovy/my-plugin.gradle can be used as a plugin in the main project as plugins { id 'my-plugin' }.

Precompiled script plugins are covered in more depth in the user manual. There is also a sample available that demonstrates the feature in action.

Single dependency lock file per project

Dependency locking is a mechanism for creating reproducible builds even when using dynamic dependency versions. This release adds an improved dependency locking file format that results in fewer lock files in most projects that use this feature. In addition, when using this format, the lock file name and location can be configured.

This format will become the default lock file format in Gradle 7.0. For now, it is required to opt-in to use it.

Take a look at the documentation for more information and how to enable the feature.

Better dependency variant matching error messages

Gradle provides a powerful variant-aware dependency management engine.

This release introduces clearer variant matching error messages for the JVM ecosystem.

In previous releases, these error messages could be difficult to understand and sometimes lacked enough context to figure out what to do. Gradle 6.4 improves these error messages by making them more human-readable and introducing colors to the console to highlight problems.

Improvements to PMD code quality plugin

Incremental analysis is enabled by default

As of Gradle 6.4, the PMD plugin uses incremental analysis by default. This can significantly reduce analysis time on subsequent builds.

For builds relying on a version of PMD older than 6.0.0, you will need to explicitly disable incremental analysis.

Specify number of violations required before the build fails

The PMD plugin now lets you set the number of violations before the build fails. This can make it easier to introduce PMD into existing projects that may initially have many violations.

If you wanted to fail the build if the number of violations is above 150, you can set maxFailures to 150.

pmd {
    maxFailures = 150

This was contributed by Matthew Duggan.

Security warning about using DEBUG level logging

Potentially sensitive information is logged when Gradle is executed with debug level logging, such as sensitive credentials, authentication tokens or internal repository URLs. Much of this logging occurs deep in components of the JVM and other libraries outside the control of Gradle. While debugging, this information may be inherently useful. However, this information can be unintentionally exposed when Gradle builds are executed on Continuous Integration services where build logs are publicly-accessible. See the recent update about the fixed Plugin Portal vulnerability for an example of this security risk.

Gradle now warns users about the risks of using DEBUG level logging.

We recommend plugin maintainers avoid logging sensitive information if possible, and if it's not possible, that all sensitive information be logged exclusively at the DEBUG log level.

Fixed issues

Known issues

Known issues are problems that were discovered post release that are directly related to changes made in this release.

External contributions

We love getting contributions from the Gradle community. For information on contributing, please see

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.