The latest released version in the Groovy 4.0.x stream of releases is the currently recommended version of Groovy and requires JDK8 as a minimum.
The latest released version in the Groovy 3.0.x stream of releases is the currently recommended version of Groovy if you require access to the legacy parser or legacy packages of classes whose packages were renamed due to split package remediation (GROOVY-10542).
The latest released version in the Groovy 2.5.x stream is recommended where JDK7 is required.
| Version | Supported | Comment |
|---|---|---|
| <= 2.4.x | ❌ | |
| 2.5.x | ✅ | Reduced releases on this branch (*) |
| 3.0.x | ✅ | |
| 4.0.x | ✅ | |
| 5.x | ❔ | Pre-release status (**) |
(*) The 2.5.x stream is no longer the focus of the core team, but we are currently still doing critical security fixes if needed.
(**) While in early stages of pre-release, security fixes are done on a best-effort basis.
The Groovy website has a list of Security fixes applicable to Groovy 2.4.4 and above (versions released since moving to Apache).
Apache Groovy follows the Apache general guidelines for handling security vulnerabilities.