The commercial use permissions look murky to me. But I'm not in the legal department.
What's more important is trust. What's to stop them from changing the licence again after evaluating the impact of the first change? Liquibase has collected "anonymous" metrics by default since version 4.30 (do they consider an IP address and timestamp as PII?). As soon as I saw that, I anticipated this scenario. It was not really a surprise. They have a way to analyse the impact. Now, I am reassessing the risks.
What's more important is trust. What's to stop them from changing the licence again after evaluating the impact of the first change? Liquibase has collected "anonymous" metrics by default since version 4.30 (do they consider an IP address and timestamp as PII?). As soon as I saw that, I anticipated this scenario. It was not really a surprise. They have a way to analyse the impact. Now, I am reassessing the risks.