+1 Groovy 2.4.x is too old and lacks maintenance. It's strongly recommended to use Groovy 4+.
Cheers, Daniel Sun On 2024/06/28 02:08:57 Paul King wrote: > Hi folks, > > Groovy 2.4.x hasn't been something we have progressed for some time. > The last "real" commit to the GROOVY_2_4_X branch and the last release > (2.4.21) were both in Dec 2020. > > For reference, 2.4.x supports back to JDK 1.6 while 2.5.x (which is > not part of this discussion) supports back to JDK 1.7: > https://groovy.apache.org/download.html#requirements > > On the recommended page for GitHub security policy: > https://github.com/apache/groovy/security/policy > > We state: > 2.4.x Only severe/critical vulnerabilities (*) > (*) The 2.4.x stream is no longer the focus of the core team but > critical security fixes or community contributions may lead to > additional releases. > > I propose to make the EOL official. I don't think the "weak support" > will be good enough once CRA regulations come into play. My > understanding from the CRA requirements is that we either intend to > provide timely fixes for vulnerabilities for any supported version, or > we should mark versions as EOL. This doesn't stop us from making an > emergency fix/release if we chose, it just indicates that shouldn't be > the expectation. > > If anyone objects, please discuss here, otherwise I will create a VOTE > thread in a few days. > > Paul. > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > Virus-free.www.avast.com > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >
