The dependency gradle-wrapper.jar has a number of security flaws as identified by a VeraCode static scan

[rohitsoman1010]

Dear All,

If you run a VeraCode static security scan against the latest release (tag : 2.5.133) you will see that there are a number of flaws identified due to 'gradle-wrapper.jar'.

The following flaws have been identified:

1. 1 HIGH severity flaw
   Type: CWE-327: Use of a Broken or Risky Cryptographic Algorithm - http://cwe.mitre.org/data/definitions/327.html
   From the scan report, these are the filenames identified:

   PathAssembler.java

   Here is the specific location identified where the flaws exist:

   gradle-wrapper.jar | org/.../wrapper/PathAssembler.java 64

2. 12 MEDIUM Severity Flaws:
   Type: CWE-73: External Control of File Name or Path - http://cwe.mitre.org/data/definitions/73.html
   From the scan report, these are the filenames identified:

   ExclusiveFileAccessManager.java
   GradleUserHomeLookup.java
   GradleWrapperMain.java
   Install.java
   PathAssembler.java
   WrapperExecutor.java

   Here are the specific locations identified where the flaws exist:

   gradle-wrapper.jar .../ExclusiveFileAccessManager.java 39
   gradle-wrapper.jar .../GradleUserHomeLookup.java 29
   gradle-wrapper.jar .../GradleUserHomeLookup.java 32
   gradle-wrapper.jar .../GradleUserHomeLookup.java 34
   gradle-wrapper.jar org/.../GradleWrapperMain.java 102
   gradle-wrapper.jar org/.../wrapper/Install.java 50
   gradle-wrapper.jar org/.../wrapper/Install.java 65
   gradle-wrapper.jar org/.../wrapper/Install.java 246
   gradle-wrapper.jar org/.../wrapper/Install.java 250
   gradle-wrapper.jar org/.../wrapper/PathAssembler.java 42
   gradle-wrapper.jar org/.../wrapper/PathAssembler.java 43
   gradle-wrapper.jar org/.../WrapperExecutor.java 70

Appreciate if someone could fix the security flaws (escpecially the HIGH severity one) reported by Veracode Static Scan and release a patched version at the earliest. Thanks in advance.
Cheers!

Best Regards,
Rohit Soman