Greetings all! Given that we have around four versions of the commons-collections version 4.x.x, I wanted to check if the 3.y.y versions are still supported or not? To put it differently, are the 3.y.y EOL'ed?
If not, is it safe to believe that any security vulnerability fixes in 3.y.y series will still be made? I could not find anything on EOL of 3.y.y series, but our organization has recommended to move to the 4.x.x line. Unfortunately, this is not a drop-in replacement for 3.y.y artifacts and more over in some cases, commons-collections gets pulled in as transitive dependency of other libraries. As an example, the commons-validator mentions commons-collection 3.y.y as its dependency. (https://commons.apache.org/proper/commons-validator/dependencies.html) Appreciate your feedback on this. Thanks, Amit
