Skip to content

Security: apache/groovy

Security

.github/SECURITY.md

Security Policy

Supported Versions

The latest released version in the Groovy 4.0.x stream of releases is the currently recommended version of Groovy and requires JDK8 as a minimum.

The latest released version in the Groovy 3.0.x stream of releases is the currently recommended version of Groovy if you require access to the legacy parser or legacy packages of classes whose packages were renamed due to split package remediation (GROOVY-10542).

The latest released version in the Groovy 2.5.x stream is recommended where JDK7 is required.

Version Supported Comment
<= 2.4.x
2.5.x Reduced releases on this branch (*)
3.0.x
4.0.x
5.x Pre-release status (**)

(*) The 2.5.x stream is no longer the focus of the core team, but we are currently still doing critical security fixes if needed.

(**) While in early stages of pre-release, security fixes are done on a best-effort basis.

List of Security Vulnerability Fixes

The Groovy website has a list of Security fixes applicable to Groovy 2.4.4 and above (versions released since moving to Apache).

Reporting a Vulnerability

Apache Groovy follows the Apache general guidelines for handling security vulnerabilities.

There aren’t any published security advisories