Spring End-of-Life Resource Hub

End of life doesn’t have to mean end of support. Find strategies, resources, and solutions for keeping your Spring applications stable, secure, and compliant.

Spring EOL Resource Hub
EOL Calendar
Featured Articles
Java CVEs
Whitepapers
CVEs Explained
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

EOL Calendar

Stay ahead of critical EOL and LTS milestones before they impact production.
EOL
Enters LTS
New OSS Version release
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Spring Boot logo
Spring Boot
Spring Boot 3.5.6 (Sep 18, 2025)
Spring Boot 3.4 (Dec 31, 2025)
Spring Framework logo
Spring Framework
Spring Framework 6.1.x (OSS Support) Jun 30, 2025)
Apache Tomcat logo
Apache Tomcat
Tomcat 11.0.11 (Sep 05, 2025)
Struts logo
Apache Struts
Struts 7.0.3 (GA) (Mar 03, 2025)
Struts 6.7.4 (GA) (Mar 05, 2025)
Apache Solr logo
Apache Solr
Solr 9.9.0 (Jul 24, 2025)
Apache Tapestry logo
Apache Tapestry
Tapestry 5.9.0 (Feb 11, 2025)
Apache Camel logo
Apache Camel
Camel 4.10.4 (LTS) (Apr 30, 2025)
Camel 4.8.7 (LTS) (May 09, 2025)
Camel 4.12.0 (May 29, 2025)
Camel 4.10.5 (LTS) (Jun 03, 2025)
Camel 4.8.8 (LTS) (Jun 26, 2025)
Camel 4.10.6 (LTS) (Jun 27, 2025)
Camel 4.13.0 (Jul 08, 2025)
Camel 4.14.0 (LTS) (Aug 19, 2025)
Camel 4.8.9 (LTS) (Sep 17, 2025)
Apache Spark logo
Apache Spark
Spark 4.0.0 (May 23, 2025)
Spark 3.5.6 (May 29, 2025)
Spark 4.0.1 (Sep 06, 2025)
Apache Cocoon logo
Apache Cocoon
Hibernate logo
Hibernate

Spring Migration Calculator

Estimate the time, risk, and effort required to migrate from Spring Boot 3.5 to Spring Boot 4 before end-of-life.

This Spring Boot 3 → 4 Migration Calculator helps you estimate the real-world effort required based on application size, dependencies, team capacity, and mandatory platform upgrades, so you can plan ahead before Spring Boot 3.5 reaches end of life.

For what the estimator is, how to use it, and why it matters as Spring Boot end-of-life approaches, click here to learn more

Spring Upgrade Migration Estimator

Tell us about your Migration
Please enter at least 1 application
Please enter at least 1 developer
Spring Project Utilization
Boot Framework
Application Specific Upgrade Requirements
Estimated Migration Time
0 weeks

Explore CVEs in Spring

Monitor and learn more about known vulnerabilities in legacy Spring and other popular Java libraries.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Medium
CVE-2026-41004
Spring
Spring Cloud Config
Information Exposure
>=1.3.0 <=3.1.13, >=4.1.0 <=4.1.9, >=4.2.0 <=4.2.6, >=4.3.0 <=4.3.2, >=5.0.0 <=5.0.2
May 7, 2026
High
CVE-2026-41002
Spring
Spring Cloud Config
Path Traversal
>=1.0.0 <=3.1.13, >=4.1.0 <=4.1.9, >=4.2.0 <=4.2.6, >=4.3.0 <=4.3.2, >=5.0.0 <=5.0.2
May 7, 2026
High
CVE-2026-40981
Spring
Spring Cloud Config
Information Exposure
>=3.1.0 <=3.1.13, >=4.1.0 <=4.1.9, >=4.2.0 <=4.2.6, >=4.3.0 <=4.3.2, >=5.0.0 <=5.0.2
May 7, 2026
Critical
CVE-2026-40982
Spring
Spring Cloud Config
Path Traversal
>=1.0.0 <=3.1.13, >=4.1.0 <=4.1.9, >=4.2.0 <=4.2.6, >=4.3.0 <=4.3.2, >=5.0.0 <=5.0.2
May 7, 2026
Medium
CVE-2023-34055
Spring
Spring Boot
Denial of Service
>=2.5.0 <=2.7.17, >=3.0.0 <=3.0.12, >=3.1.0 <=3.1.5
May 1, 2026
Medium
CVE-2023-34050
Spring
Spring AMQP
Remote Code Execution
>=1.0.0 <=2.4.16, >=3.0.0 <=3.0.9
May 1, 2026
Medium
CVE-2026-40977
Spring
Spring Boot
Path Traversal
>=1.0.2 <=2.7.32, >=3.3.0 <=3.3.18, >=3.4.0 <=3.4.15, >=3.5.0 <=3.5.13, >=4.0.0 <=4.0.5
Apr 27, 2026
Medium
CVE-2026-40975
Spring
Spring Boot
Information Exposure
>=1.0.0 <=3.5.13, >=4.0.0 <=4.0.5
Apr 27, 2026
High
CVE-2026-40973
Spring
Spring Boot
Incorrectly Configured Access Control
>=2.7.0 <=2.7.32, >=3.3.0 <=3.3.18, >=3.4.0 <=3.4.15, >=3.5.0 <=3.5.13, >=4.0.0 <=4.0.5
Apr 27, 2026
High
CVE-2026-40972
Spring
Spring Boot
Information Exposure
>=1.3.0 <=2.7.32, >=3.3.0 <=3.3.18, >=3.4.0 <=3.4.15, >=3.5.0 <=3.5.13, >=4.0.0 <=4.0.5
Apr 27, 2026
Medium
CVE-2026-40974
Spring
Spring Boot
Incorrectly Configured Access Control
>=1.3.0 <=2.7.32, >=3.0.0 <=3.3.18, >=3.4.0 <=3.4.15, >=3.5.0 <=3.5.13, >=4.0.0 <=4.0.5
Apr 25, 2026
Critical
CVE-2026-22752
Spring
Spring Security
Authorization Bypass
1.3.x; 1.4.x; 1.5.x; 7.0.x
Apr 23, 2026
Medium
CVE-2026-22751
Spring
Spring Security
Authorization Bypass
6.4.x; 6.5.x; 7.0.x
Apr 23, 2026
Medium
CVE-2026-22748
Spring
Spring Security
Weak Authentication
6.2.x; 6.3.x; 6.4.x; 6.5.x; 7.0.x
Apr 23, 2026
Low
CVE-2026-22746
Spring
Spring Security
Authorization Bypass
4.2.x; 5.5.x; 5.7.x; 5.8.x; 6.2.x; 6.3.x; 6.4.x; 6.5.x; 7.0.x
Apr 23, 2026

View All

Arrow

Featured Whitepaper

View All
Deep-dive reports and technical briefings on migration, risk, and long-term Spring strategy.

Java in 2025:
Navigating Migration, Security, and Long-Term Risk

The question for CIOs, CISOs, and engineering leaders is no longer whether to continue relying on Java. It is how to migrate safely between LTS versions, reduce exposure in legacy environments, and implement governance frameworks that withstand regulatory scrutiny.This white paper provides detailed analysis of migration realities, real-world breach lessons, supply-chain risk, and the economic, regulatory, and vendor dynamics shaping enterprise decisions in 2025.
Read White Paper
Java in 2025 - whitepaper thumbnail

Ready to Eliminate EOL Risk?

Start scanning your codebase today. Identify every end-of-life package in minutes, not hours.
Start Free Scan
Arrow
Schedule Demo
End-of-Life Dataset results
Get Started

By clicking “submit” I acknowledge receipt of our Privacy Policy.

Thank you! Your submission has been received!
Please enter a company email.