anyone from jetbrains can confirm this? because this is a pretty serious issue

Yes, the author has been working directly with the teams from Jetbrains, Gradle, Spring, etc. to get these issues resolved and the word spread. It should be taken as very serious, and everyone should check their builds for these flaws

There's also that PR in Gradle to make http opt-in: https://github.com/gradle/gradle/pull/9419