Spring End-of-Life Resource Hub

End of life doesn’t have to mean end of support. Find strategies, resources, and solutions for keeping your Spring applications stable, secure, and compliant.

Spring EOL Resource Hub
EOL Calendar
Featured Articles
Java CVEs
Whitepapers
CVEs Explained
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

EOL Calendar

Stay ahead of critical EOL and LTS milestones before they impact production.
EOL
Enters LTS
New OSS Version release
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Spring Boot logo
Spring Boot
Spring Boot 3.5.6 (Sep 18, 2025)
Spring Boot 3.4 (Dec 31, 2025)
Spring Framework logo
Spring Framework
Spring Framework 6.1.x (OSS Support) Jun 30, 2025)
Apache Tomcat
Tomcat 11.0.11 (Sep 05, 2025)
Struts logo
Apache Struts
Struts 7.0.3 (GA) (Mar 03, 2025)
Struts 6.7.4 (GA) (Mar 05, 2025)
Apache Solr logo
Apache Solr
Solr 9.9.0 (Jul 24, 2025)
Apache Tapestry logo
Apache Tapestry
Tapestry 5.9.0 (Feb 11, 2025)
Apache Camel logo
Apache Camel
Camel 4.10.4 (LTS) (Apr 30, 2025)
Camel 4.8.7 (LTS) (May 09, 2025)
Camel 4.12.0 (May 29, 2025)
Camel 4.10.5 (LTS) (Jun 03, 2025)
Camel 4.8.8 (LTS) (Jun 26, 2025)
Camel 4.10.6 (LTS) (Jun 27, 2025)
Camel 4.13.0 (Jul 08, 2025)
Camel 4.14.0 (LTS) (Aug 19, 2025)
Camel 4.8.9 (LTS) (Sep 17, 2025)
Apache Spark logo
Apache Spark
Spark 4.0.0 (May 23, 2025)
Spark 3.5.6 (May 29, 2025)
Spark 4.0.1 (Sep 06, 2025)
Apache Cocoon logo
Apache Cocoon
Hibernate logo
Hibernate

Spring Migration Calculator

Estimate the time, risk, and effort required to migrate from Spring Boot 3.5 to Spring Boot 4 before end-of-life.

This Spring Boot 3 → 4 Migration Calculator helps you estimate the real-world effort required based on application size, dependencies, team capacity, and mandatory platform upgrades, so you can plan ahead before Spring Boot 3.5 reaches end of life.

For what the estimator is, how to use it, and why it matters as Spring Boot end-of-life approaches, click here to learn more

Spring Upgrade Migration Estimator

Tell us about your Migration
Please enter at least 1 application
Please enter at least 1 developer
Spring Project Utilization
Boot Framework
Application Specific Upgrade Requirements
Estimated Migration Time
0 weeks

Explore CVEs in Spring

Monitor and learn more about known vulnerabilities in legacy Spring and other popular Java libraries.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Medium
CVE-2022-31679
Spring
Spring Data REST
Information Exposure
>=3.5.0 <=3.5.12, >= 3.6.0 < 3.6.7, >= 3.7.0, < 3.7.3
Mar 24, 2026
Low
CVE-2024-22236
Spring
Spring Cloud Contract
Information Exposure
>=3.1.0 <3.1.10, >=4.0.0 <4.0.5, =4.1.0
Mar 24, 2026
Medium
CVE-2026-22739
Spring
Spring Cloud Config
Path Traversal
<3.1.13, >=4.1.0 <4.1.9, >=4.2.0 < 4.2.6, >=4.3.0 <4.3.2, >5.0.0 <5.0.2
Mar 24, 2026
High
CVE-2022-31690
Spring
Spring Security
Privilege Escalation
>= 5.7.0 < 5.7.5, < 5.6.9
Mar 24, 2026
Critical
CVE-2026-22732
Spring
Spring Security
Incorrectly Configured Access Control
>=4.0.2 <6.5.9, >=7.0.0 <7.0.4
Mar 20, 2026
High
CVE-2026-22731
Spring
Spring Boot
Authorization Bypass
>=3.4.0 <=3.4.14, >=3.5.0 <=3.5.11, >=4.0.0 <=4.0.3
Mar 20, 2026
High
CVE-2026-22733
Spring
Spring Boot
Authorization Bypass
>=2.0.0 <3.5.12, >=4.0.0 <4.0.4
Mar 20, 2026
Low
CVE-2026-22735
Spring
Spring Framework
Content Spoofing
>=4.3.0 <=4.3.30, >=5.3.0 <=5.3.46, >=6.1.0 <=6.1.25, >=6.2.0 <=6.2.16, >=7.0.0 <=7.0.5
Mar 20, 2026
Medium
CVE-2026-22737
Spring
Spring Framework
Path Traversal
>=4.2.0 <=6.2.16, >=7.0.0 <=7.0.5
Mar 20, 2026
High
CVE-2026-2818
Spring
Spring Data Geode
Path Traversal
>= 2.0.0 <= 2.7.18, >= 1.7.0 <= 2.2.13
Feb 20, 2026
Medium
CVE-2026-2817
Spring
Spring Data Geode
Creation of Temporary File in Directory with Insecure Permissions
>= 2.0.0 < 2.7.18, >= 1.7.0 <= 2.2.13
Feb 19, 2026
High
CVE-2022-22979
Spring
spring-cloud-function
Denial of Service
<3.2.6
Feb 17, 2026
High
CVE-2023-25194
Spring
Apache Kafka
Remote Code Execution
>=2.3.0 <=3.3.2
Dec 16, 2025
Medium
CVE-2024-31141
Spring
Apache Kafka
Inconsistent Interpretation of HTTP Requests
>=2.3.0 <=3.5.2 >=3.6.0 <=3.6.2 =3.7.0
Dec 16, 2025
High
CVE-2025-27817
Spring
Apache Kafka
Server-Side Request Forgery
>=3.1.0 <3.9.1
Dec 16, 2025

View All

Arrow

Featured Whitepaper

View All
Deep-dive reports and technical briefings on migration, risk, and long-term Spring strategy.

Java in 2025:
Navigating Migration, Security, and Long-Term Risk

The question for CIOs, CISOs, and engineering leaders is no longer whether to continue relying on Java. It is how to migrate safely between LTS versions, reduce exposure in legacy environments, and implement governance frameworks that withstand regulatory scrutiny.This white paper provides detailed analysis of migration realities, real-world breach lessons, supply-chain risk, and the economic, regulatory, and vendor dynamics shaping enterprise decisions in 2025.
Read White Paper
Java in 2025 - whitepaper thumbnail

Ready to Eliminate EOL Risk?

Start scanning your codebase today. Identify every end-of-life package in minutes, not hours.
Start Free Scan
Arrow
Schedule Demo
End-of-Life Dataset results
Get Started

By clicking “submit” I acknowledge receipt of our Privacy Policy.

Thank you! Your submission has been received!
Please enter a company email.