groovy 2.4.5 is outdated and vulnerabilities are reported with that version

[vaidyavi]

groovy 2.4.5 is outdated and vulnerabilities are reported with 2.4.5 version.

Vulnerabilities reported :
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, an attacker could bake a special serialized object that will execute code directly when deserialized. All applications that rely on serialization and do not isolate the code that deserializes objects were subject to this vulnerability

Can we upgrade groovy version to 2.5.8?

[BrianGilreath]

My man. The code hasn't seen any updates for over eight years. I'm going to unstar/unwatch this repo. I've moved on to this other project - https://github.com/perplexhub/rsql-jpa-specification

[jirutka]

This is more or less irrelevant because Groovy is used only for tests, not in runtime.