+1 out with it I would consider 2.5 for EOL as well
Hi folks, Groovy 2.4.x hasn't been something we have progressed for some time. The last "real" commit to the GROOVY_2_4_X branch and the last release (2.4.21) were both in Dec 2020. For reference, 2.4.x supports back to JDK 1.6 while 2.5.x (which is not part of this discussion) supports back to JDK 1.7: https://groovy.apache.org/download.html#requirements On the recommended page for GitHub security policy: https://github.com/apache/groovy/security/policy We state: 2.4.x Only severe/critical vulnerabilities (*) (*) The 2.4.x stream is no longer the focus of the core team but critical security fixes or community contributions may lead to additional releases. I propose to make the EOL official. I don't think the "weak support" will be good enough once CRA regulations come into play. My understanding from the CRA requirements is that we either intend to provide timely fixes for vulnerabilities for any supported version, or we should mark versions as EOL. This doesn't stop us from making an emergency fix/release if we chose, it just indicates that shouldn't be the expectation. If anyone objects, please discuss here, otherwise I will create a VOTE thread in a few days. Paul. <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free.www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
