Gradle, Inc. has reported thatMinecraftOnline had malicious Gradle Wrapper JARsin some of their repositories.

I warned about this sort of possibility six years agoand off and on thereafter.

I���ll re-up the same sorts of points that I have made before:

Do not use the Gradle Wrapper from an arbitrary project that you grab offof GitHub or elsewhere on the Internet. Delete it or replace it with a locally-generatedwrapper (gradle wrapper command).

Consider not publishing the Gradle Wrapper in your projects. Historically, I wouldpublish gradle-wrapper.properties, but not the actual Gradle Wrapper JAR andscripts.