Will there be a new release for 2.7?

[functicons]

I wanted to backport the fix for CVE-2022-36944 to 2.7, because upgrading to 2.9+ is a breaking change for our customers. I can work on the backport, but not sure if there will be a new release for 2.7?

[lrytz]

upgrading to 2.9+ is a breaking change

Can you share why that is?

[functicons]

upgrading to 2.9+ is a breaking change

Can you share why that is?

We are a cloud provider, our Spark service currently comes with scala-collection-compat 2.7.0. Our customers' jobs are running with the version, upgrading to 2.9+ will be a potential breaking change for them, so it's not feasible. The ideal solution for us would be that there is a new 2.7.x release with the CVE fix, and we upgrade to the new version. So we wanted to know if it is possible. Thank you!

[SethTisue]

Setting up branches for old versions, backporting fixes to old branches, and releasing from old branches is the sort of thing we typically do under commercial support contracts.

In a purely open source context, community-based maintenance is focused on the current release series — especially when it's merely a minor version bump we're talking about, not a major, compatibility breaking one.