Skip to content

Security: ashishramtri/groovy

Security

.github/SECURITY.md

Security Policy

Supported Versions

The latest released version in the Groovy 3.0.x stream of releases is the currently recommended version of Groovy and requires JDK8 as a minimum. The latest released version in the Groovy 2.5.x stream is recommended where JDK7 is required.

Version Supported Comment
<= 2.3.x
2.4.x Only severe/critical vulnerabilities (*)
2.5.x
3.0.x
4.x Pre-release status (**)

(*) The 2.4.x stream is no longer the focus of the core team but critical security fixes or community contributions may lead to additional releases.

(**) While in early stages of pre-release, security fixes are done on a best effort basis.

List of Security Vulnerability Fixes

The Groovy website has a list of Security fixes applicable to Groovy 2.4.4 and above (versions released since moving to Apache).

Reporting a Vulnerability

Apache Groovy follows the Apache general guidelines for handling security vulnerabilities.

There aren’t any published security advisories