Historically, Gradle has shipped with some Groovy types in very prominent APIs.
This required the Kotlin DSL to add special integration to work with Groovy closures.
This has also forced plugins written in languages other than Groovy to use Groovy types for some APIs.

When the Kotlin DSL was introduced, we made an effort to add non-Groovy equivalents for all APIs.

    @Nonnull
    Optional<Boolean> model();

    /**
     * Should upgrade plugins known to fail with Maven 4 to their minimum compatible versions.
     * This includes upgrading plugins like maven-exec-plugin, maven-enforcer-plugin,
     * flatten-maven-plugin, and maven-shade-plugin to versions that work with Maven 4.
     *
     * @return an {@link Optional} containing the boolean value {@code true} if specified, or empty
     */
    @Nonnull

                for (Plugin element : src) {
                    if (element.isInherited() || !element.getExecutions().isEmpty()) {
                        // NOTE: Enforce recursive merge to trigger merging/inheritance logic for executions
                        Plugin plugin = new Plugin();
                        plugin.setLocation("", element.getLocation(""));

This release contains changes that address the following vulnerabilities:

### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

                    NoPluginFoundForPrefixException, LifecycleNotFoundException, PluginVersionResolutionException {
        List<MojoExecution> me = new ArrayList<>();
        me.add(createMojoExecution("enforce", "enforce-versions", VALIDATE));
        me.add(createMojoExecution("resources", "default-resources", PROCESS_RESOURCES));
        me.add(createMojoExecution("compile", "default-compile", COMPILE));

confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.

Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.

## Attribution

 * serialization of funnels. When possible, it is recommended that funnels be implemented as a
 * single-element enum to maintain serialization guarantees. See Effective Java (2nd Edition), Item
 * 3: "Enforce the singleton property with a private constructor or an enum type". For example:
 *
 * {@snippet :
 * public enum PersonFunnel implements Funnel<Person> {
 *   INSTANCE;

     * @return The result of dispatching the method to the object using the parameters {@code args}
     * @throws IllegalAccessRuntimeException
     *             If this {@link Method} object enforces Java language access control and the underlying method is not accessible
     * @throws InvocationTargetRuntimeException
     *             If the underlying method throws an exception
     * @see Method#invoke(Object, Object[])

    }

    /**
     * Delays before processing a URL, ensuring that requests to the same host are not made too frequently.
     * This method extracts the host from the URL and enforces a delay based on the configured
     * delayMillisBeforeProcessing parameter.
     *
     * @throws InterruptedRuntimeException if the thread is interrupted during the delay

- **Cross-Language Compatibility:**
Java serialization is inherently Java-centric and does not support cross-language scenarios well.

- **Type Safety:**
Java serialization does not enforce type safety as strictly as some alternatives, potentially leading to runtime errors.

## Decision

We do not use Java serialization.