The latest released version in the Groovy 3.0.x stream of releases is the currently recommended version of Groovy and requires JDK8 as a minimum. The latest released version in the Groovy 2.5.x stream is recommended where JDK7 is required.
| Version | Supported | Comment |
|---|---|---|
| <= 2.3.x | ❌ | |
| 2.4.x | ❔ | Only severe/critical vulnerabilities (*) |
| 2.5.x | ✅ | |
| 3.0.x | ✅ | |
| 4.x | ❔ | Pre-release status (**) |
(*) The 2.4.x stream is no longer the focus of the core team but critical security fixes or community contributions may lead to additional releases.
(**) While in early stages of pre-release, security fixes are done on a best effort basis.
The Groovy website has a list of Security fixes applicable to Groovy 2.4.4 and above (versions released since moving to Apache).
Apache Groovy follows the Apache general guidelines for handling security vulnerabilities.