Spring End-of-Life Resource Hub

End of life doesn’t have to mean end of support. Find strategies, resources, and solutions for keeping your Spring applications stable, secure, and compliant.

Spring EOL Resource Hub
EOL Calendar
Featured Articles
Java CVEs
CVEs Explained
Whitepapers
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

EOL Calendar

Stay ahead of critical EOL and LTS milestones before they impact production.
EOL
Enters LTS
New OSS Version release
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Spring Boot logo
Spring Boot
Spring Boot 3.5.6 (Sep 18, 2025)
Spring Boot 3.4 (Dec 31, 2025)
Spring Framework logo
Spring Framework
Spring Framework 6.1.x (OSS Support) Jun 30, 2025)
Apache Tomcat logo
Apache Tomcat
Tomcat 11.0.11 (Sep 05, 2025)
Struts logo
Apache Struts
Struts 7.0.3 (GA) (Mar 03, 2025)
Struts 6.7.4 (GA) (Mar 05, 2025)
Solr logo
Apache Solr
Solr 9.9.0 (Jul 24, 2025)
Apache Tapestry logo
Apache Tapestry
Tapestry 5.9.0 (Feb 11, 2025)
Apache Camel logo
Apache Camel
Camel 4.10.4 (LTS) (Apr 30, 2025)
Camel 4.8.7 (LTS) (May 09, 2025)
Camel 4.12.0 (May 29, 2025)
Camel 4.10.5 (LTS) (Jun 03, 2025)
Camel 4.8.8 (LTS) (Jun 26, 2025)
Camel 4.10.6 (LTS) (Jun 27, 2025)
Camel 4.13.0 (Jul 08, 2025)
Camel 4.14.0 (LTS) (Aug 19, 2025)
Camel 4.8.9 (LTS) (Sep 17, 2025)
Apache Spark logo
Apache Spark
Spark 4.0.0 (May 23, 2025)
Spark 3.5.6 (May 29, 2025)
Spark 4.0.1 (Sep 06, 2025)
Apache Cocoon logo
Apache Cocoon
Hibernate logo
Hibernate

Explore CVEs on EOL Java Libraries

Monitor and learn more about known vulnerabilities in legacy Spring and other popular Java libraries.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
High
CVE-2025-41253
Spring
Spring Cloud Gateway
Information Exposure
>=3.1.0 <=3.1.11, >=4.0.0, >=4.1.0 <=4.1.11, >=4.2.0 <=4.2.5, >=4.3.0 <=4.3.1
Oct 21, 2025
Medium
CVE-2025-41254
Spring
Spring Framework
Cross-site Request Forgery
>=6.2.0 < 6.2.12, >=6.1.0 < 6.1.24, >=6.0.0 <=6.0.29, >=5.3.0 < 5.3.46, <5.3.0, >4.3.0 <= 4.3.30
Oct 21, 2025
Medium
CVE-2025-41249
Spring
Spring Framework
Privilege Abuse
>=5.3.0 <=5.3.44, >=6.0.0 <=6.0.29, >=6.1.0 <6.1.23, >=6.2.0 <6.2.11
Sep 22, 2025
Critical
CVE-2025-41243
Spring
Spring Cloud Gateway
Incorrectly Configured Access Control
>=3.1.0 <=3.1.9, >=4.0.0 <=4.0.9, >=4.1.0 <=4.1.9, >=4.2.0 <4.2.5, >=4.3.0 <4.3.1
Sep 10, 2025
Medium
CVE-2025-41242
Spring
Spring Framework
Path Traversal
>=4.3.0 <=4.3.30, >=5.3.0 <=5.3.43, >=6.0.0 <=6.0.29, >=6.1.0 <=6.1.21, >=6.2.0 <=6.2.9
Aug 18, 2025
High
CVE-2025-41235
Spring
Spring Cloud Gateway
HTTP Request Smuggling
<=3.1.10, >= 4.0.0 <= 4.0.10, >=4.1.0 <4.1.8, >=4.2.0 <4.2.3, >4.3.0-{M1, M2, RC1} < 4.3.0
Jun 2, 2025
Low
CVE-2025-22233
Spring
Spring Framework
Authorization Bypass
>=4.3.0 <=4.3.30, >=5.3.0 <=5.3.42, >=6.0.0 <=6.0.27, >=6.1.0 <6.1.20, >=6.2.0 <6.2.7
May 15, 2025
High
CVE-2024-22257
Spring
Spring Security
Authorization Bypass
>=5.7.0 <5.7.12, >=5.8.0 <5.8.11, >=6.0.0 <6.0.10, >=6.1.0 <6.1.8, >=6.2.0 <6.2.3
May 8, 2025
Medium
CVE-2025-22235
Spring
Spring Boot
Incorrectly Configured Access Control
<2.7.0, >=2.7.0 <2.7.25, >=3.1.0 <3.1.16, >=3.2.0 <3.2.14, >=3.3.0 <3.3.11, >=3.4.0 <3.4.5
Apr 25, 2025
Medium
CVE-2025-22234
Spring
Spring Security
Information Exposure
=5.7.16, =5.8.18, =6.0.16, =6.1.14, =6.2.10, =6.3.8, =6.4.4
Apr 22, 2025
Medium
CVE-2025-22232
Spring
Spring Cloud Config
Authorization Bypass
>=2.2.0 <=2.2.8, >=3.0.0 <=3.0.7, >=3.1.0 <3.1.10, >=4.0.0 <=4.0.5, >=4.1.0 <4.1.6, >=4.2.0 <4.2.1
Apr 10, 2025
High
CVE-2025-22228
Spring
Spring Security
Authorization Bypass
<=5.6.12, >=5.7.0 <5.7.16, >=5.8.0 <5.8.18, >=6.0.0 <=6.0.16, >=6.1.0 <6.1.14, >=6.2.0 <6.2.10, >=6.3.0 <6.3.8, >=6.4.0 <6.4.4
Mar 20, 2025
Medium
CVE-2023-34040
Spring
Spring for Apache Kafka
Remote Code Execution
<2.9.11, >=3.0.0 <3.0.10
Mar 3, 2025
Low
CVE-2024-38829
Spring
Spring LDAP
Authorization Bypass
<=2.4.3, >=3.0.0 <=3.0.9, >=3.1.0 <=3.1.7, >=3.2.0 <3.2.7
Nov 20, 2024
Medium
CVE-2024-38827
Spring
Spring Security
Authorization Bypass
<=5.7.13, >=5.8.0 <=5.8.15, >=6.0.0 <=6.0.13, >=6.1.0 <=6.1.11, >=6.2.0 <=6.2.7, >=6.3.0 <=6.3.4
Nov 19, 2024
View All

Featured Whitepaper

View All
Deep-dive reports and technical briefings on migration, risk, and long-term Java strategy.

Java in 2025:
Navigating Migration, Security, and Long-Term Risk

The question for CIOs, CISOs, and engineering leaders is no longer whether to continue relying on Java. It is how to migrate safely between LTS versions, reduce exposure in legacy environments, and implement governance frameworks that withstand regulatory scrutiny.This white paper provides detailed analysis of migration realities, real-world breach lessons, supply-chain risk, and the economic, regulatory, and vendor dynamics shaping enterprise decisions in 2025.
Read White Paper
Java in 2025 - whitepaper thumbnail

Ready to Eliminate EOL Risk?

Start scanning your codebase today. Identify every end-of-life package in minutes, not hours.
Start Free Scan
Arrow
Schedule Demo
End-of-Life Dataset results
Get Started

By clicking “submit” I acknowledge receipt of our Privacy Policy.

Thank you! Your submission has been received!
Please enter a company email.

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Manage Consent Preferences by Category
Essentials
Always active

Necessary for the site to function. Always On.

Used for targeted advertising.

Remembers your preferences and provides enhanced features.

Measures usage and improves your experience.

Reject AllAccept All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.