Spring End-of-Life Resource Hub
End of life doesn’t have to mean end of support. Find strategies, resources, and solutions for keeping your Spring applications stable, secure, and compliant.
EOL Calendar
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Spring Framework 6.1.x (OSS Support) (Jun 30, 2025)
Spring Boot 3.3 (OSS Support) (Jun 30, 2025)
Spring Boot 3.1 (Commercial Support) (Jun 30, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Spring Framework 6.2.10 (Aug 14, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Spring Data Commons 3.3.7 (NES) (Aug 25, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Spring Framework 6.2.11 (Sep 11, 2025)
Spring Framework 6.1.24 (NES) (Sep 16, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Spring Boot 3.5.6 (Sep 18, 2025)
Spring Boot 3.4.10 (Sep 18, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Spring Boot 3.4 (Dec 31, 2025)
Spring Boot 3.2 (Commercial Support) (Dec 31, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Tomcat 8.5.101 (NES) (Jul 10, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Tomcat 8.5.102 (NES) (Jul 23, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Struts 7.0.3 (GA) (Mar 03, 2025)
Struts 6.7.4 (GA) (Mar 05, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Struts 2.5.x NES (latest: 2.5.37) (Sep 12, 2025)
Struts 1.x NES (forward-compatibility fork) latest 1.4.3 (Sep 12, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Camel 2.25.x, 3.22.x (NES) (Apr 10, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Camel 4.10.4 (LTS) (Apr 30, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Camel 4.8.7 (LTS) (May 09, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Camel 4.12.0 (May 29, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Camel 4.10.5 (LTS) (Jun 03, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Camel 4.8.8 (LTS) (Jun 26, 2025)
Camel 4.10.6 (LTS) (Jun 27, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Spark 4.0.0 (May 23, 2025)
Spark 3.5.6 (May 29, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Project retired to Apache Attic (move completed) (Mar 01, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Hibernate 5.6 (Sep 25, 2025)
EOL
Enters LTS
New OSS Version release
New NES Version Release
Featured Articles
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
![CVE-2024-38828: DoS via Spring MVC Controller Method with byte[] Parameter](https://cdn.prod.website-files.com/62876589ec366575fa309b1e/673e0f6a7971ec7d5afa92c9_CVE-2024-38828.png)
.png)
.png)
.png)
.png)
.png)
.png)
10 Tomcat CVEs to Watch Out for in 2025 (Patched by HeroDevs NES)
From RCE to DoS, these 2025 Apache Tomcat vulnerabilities target versions still widely used in production. HeroDevs NES neutralizes the threat.
Never-Ending Support Now Covers Spring Boot 3.2 and 3.4
Secure Spring Boot 3.2 & 3.4 Beyond End-of-Life with Never-Ending Support
Never-Ending Support Now Covers Spring Boot 3.2 and 3.4
Secure Spring Boot 3.2 & 3.4 Beyond End-of-Life with Never-Ending Support
Explore CVEs on EOL Java Versions
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Medium
Spring
Spring Framework
Privilege Abuse
>=5.3.0 <=5.3.44, >=6.0.0 <=6.0.29, >=6.1.0 <6.1.23, >=6.2.0 <6.2.11
Sep 22, 2025
High
Angular
@angular/platform-server, @angular/ssr, @nguniversal/common
Information Exposure
@angular/platform-server, =16.0.0-next.0 <18.2.14, >=19.0.0-next.0 <19.2.15, >=20.0.0-next.0 <20.3.0, >=21.0.0-next.0 <21.0.0-next.3, @angular/ssr, =17.0.0-next.0 <18.2.21, >=19.0.0-next.0 <19.2.16, >=20.0.0-next.0 <20.3.0, >=21.0.0-next.0 <21.0.0-next.3, @nguniversal/common, =16.0.0-next.0
Sep 11, 2025
Critical
Spring
Spring Cloud Gateway
Incorrectly Configured Access Control
>=3.1.0 <=3.1.9, >=4.0.0 <=4.0.9, >=4.1.0 <=4.1.9, >=4.2.0 <4.2.5, >=4.3.0 <4.3.1
Sep 10, 2025
Medium
Spring
Spring Framework
Path Traversal
>=4.3.0 <=4.3.30, >=5.3.0 <=5.3.43, >=6.0.0 <=6.0.29, >=6.1.0 <=6.1.21, >=6.2.0 <=6.2.9
Aug 18, 2025
High
Struts
Apache Commons Beanutils
Remote Code Execution
>=1.0 <1.11, >=2.0.0-M1 <2.0.0-M2
Aug 4, 2025
High
Struts
Apache Commons Fileupload
Denial of Service
>=1.0 <1.6.0, >=2.0.0-M1 <2.0.0-M
Aug 4, 2025
High
Apache Tomcat
Apache Tomcat
Path Traversal
>=9.0.0.M1 <9.0.105, >=10.1.0-M1 <10.1.41, >=11.0.0-M1 <11.0.7
Aug 4, 2025
Critical
Apache Tomcat
Apache Tomcat
Command Injection
>=9.0.76 <9.0.104, >=10.1.10 <10.1.40, >=11.0.0-M2 <11.0.6
Aug 4, 2025
Critical
Apache Tomcat
Apache Tomcat
Remote Code Execution
>=9.0.0.M1 <9.0.99, >=10.1.0-M1 <10.1.35, >=11.0.0-M1 <11.0.3
Jul 30, 2025
Medium
Apache Tomcat
Apache Tomcat
Denial of Service
>=9.0.0.M1 <9.0.107, >=10.1.0-M1 <10.1.43, >=11.0.0-M1 <11.0.9
Jul 30, 2025
Medium
Apache Tomcat
Apache Tomcat
Denial of Service
>=9.0.0.M1 <9.0.107, >=10.1.0-M1 <10.1.43, >=11.0.0-M1 <11.0.9
Jul 30, 2025
Featured Whitepaper
Maximize the Value of Legacy Software Without Adding to Your Tech Debt
Financial institutions face a unique challenge: maintaining secure, compliant, and innovative operations in a rapidly evolving digital landscape. As open-source software (OSS) becomes central to driving innovation, the end-of-life (EOL) of OSS presents new risks. Through real-world examples, we demonstrate how financial institutions can effectively manage OSS to safeguard operations, maintain compliance, and protect their reputations.
Shorts
Migration Stories
10 Tomcat CVEs to Watch Out for in 2025 (Patched by HeroDevs NES)
10 Tomcat CVEs to Watch Out for in 2025 (Patched by HeroDevs NES)
10 Tomcat CVEs to Watch Out for in 2025 (Patched by HeroDevs NES)
10 Tomcat CVEs to Watch Out for in 2025 (Patched by HeroDevs NES)
