Spring End-of-Life Resource Hub

End of life doesn’t have to mean end of support. Find strategies, resources, and solutions for keeping your Spring applications stable, secure, and compliant.

Spring EOL Resource Hub
EOL Calendar
Featured Articles
Java CVEs
CVEs Explained
Whitepapers
Migration Stories
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

EOL Calendar

A authorization bypass in Spring Cloud Config (CVE-2025-22232) puts Vault token security at risk...
EOL
Enters LTS
New OSS Version release
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Spring Boot logo
Spring Boot
Spring Boot 3.5.6 (Sep 18, 2025)
Spring Boot 3.4 (Dec 31, 2025)
Spring Framework logo
Spring Framework
Spring Framework 6.1.x (OSS Support) Jun 30, 2025)
Apache Tomcat logo
Apache Tomcat
Tomcat 11.0.11 (Sep 05, 2025)
Struts logo
Apache Struts
Struts 7.0.3 (GA) (Mar 03, 2025)
Struts 6.7.4 (GA) (Mar 05, 2025)
Solr logo
Apache Solr
Solr 9.9.0 (Jul 24, 2025)
Apache Tapestry logo
Apache Tapestry
Tapestry 5.9.0 (Feb 11, 2025)
Apache Camel logo
Apache Camel
Camel 4.10.4 (LTS) (Apr 30, 2025)
Camel 4.8.7 (LTS) (May 09, 2025)
Camel 4.12.0 (May 29, 2025)
Camel 4.10.5 (LTS) (Jun 03, 2025)
Camel 4.8.8 (LTS) (Jun 26, 2025)
Camel 4.10.6 (LTS) (Jun 27, 2025)
Camel 4.13.0 (Jul 08, 2025)
Camel 4.14.0 (LTS) (Aug 19, 2025)
Camel 4.8.9 (LTS) (Sep 17, 2025)
Apache Spark logo
Apache Spark
Spark 4.0.0 (May 23, 2025)
Spark 3.5.6 (May 29, 2025)
Spark 4.0.1 (Sep 06, 2025)
Apache Cocoon logo
Apache Cocoon
Hibernate logo
Hibernate

Explore CVEs on EOL Java Versions

View All
Monitor and learn more about known vulnerabilities in legacy Java and Spring versions to assess risk exposure.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Medium
CVE-2025-57752
Next.js
Next.js
Cache Deception
>=12.0.0 <14.2.31, >=15.0.0 <15.4.5
Oct 7, 2025
Medium
CVE-2025-55173
Next.js
Next.js
Content Spoofing
<14.2.31, >=15.0.0 <15.4.5
Oct 7, 2025
Medium
CVE-2025-41249
Spring
Spring Framework
Privilege Abuse
>=5.3.0 <=5.3.44, >=6.0.0 <=6.0.29, >=6.1.0 <6.1.23, >=6.2.0 <6.2.11
Sep 22, 2025
High
CVE-2025-59052
Angular
@angular/platform-server, @angular/ssr, @nguniversal/common
Information Exposure
@angular/platform-server, =16.0.0-next.0 <18.2.14, >=19.0.0-next.0 <19.2.15, >=20.0.0-next.0 <20.3.0, >=21.0.0-next.0 <21.0.0-next.3, @angular/ssr, =17.0.0-next.0 <18.2.21, >=19.0.0-next.0 <19.2.16, >=20.0.0-next.0 <20.3.0, >=21.0.0-next.0 <21.0.0-next.3, @nguniversal/common, =16.0.0-next.0
Sep 11, 2025
Critical
CVE-2025-41243
Spring
Spring Cloud Gateway
Incorrectly Configured Access Control
>=3.1.0 <=3.1.9, >=4.0.0 <=4.0.9, >=4.1.0 <=4.1.9, >=4.2.0 <4.2.5, >=4.3.0 <4.3.1
Sep 10, 2025
Medium
SA-CONTRIB-2025-028
Drupal 7
Access Code Drupal module
Broken Access
<=7.1.1
Aug 26, 2025
Medium
CVE-2025-4690
AngularJS
AngularJS
Regular Expression Denial of Service
>=0.0.0
Aug 19, 2025
Medium
CVE-2025-41242
Spring
Spring Framework
Path Traversal
>=4.3.0 <=4.3.30, >=5.3.0 <=5.3.43, >=6.0.0 <=6.0.29, >=6.1.0 <=6.1.21, >=6.2.0 <=6.2.9
Aug 18, 2025
Low
CVE-2025-54656
Struts
Apache Struts
Log Injection
>=1.2.9 <=1.3.10
Aug 4, 2025
High
CVE-2025-48734
Struts
Apache Commons Beanutils
Remote Code Execution
>=1.0 <1.11, >=2.0.0-M1 <2.0.0-M2
Aug 4, 2025
High
CVE-2025-48976
Struts
Apache Commons Fileupload
Denial of Service
>=1.0 <1.6.0, >=2.0.0-M1 <2.0.0-M
Aug 4, 2025
High
CVE-2025-46701
Apache Tomcat
Apache Tomcat
Path Traversal
>=9.0.0.M1 <9.0.105, >=10.1.0-M1 <10.1.41, >=11.0.0-M1 <11.0.7
Aug 4, 2025
Critical
CVE-2025-31651
Apache Tomcat
Apache Tomcat
Command Injection
>=9.0.76 <9.0.104, >=10.1.10 <10.1.40, >=11.0.0-M2 <11.0.6
Aug 4, 2025
Critical
CVE-2025-24813
Apache Tomcat
Apache Tomcat
Remote Code Execution
>=9.0.0.M1 <9.0.99, >=10.1.0-M1 <10.1.35, >=11.0.0-M1 <11.0.3
Jul 30, 2025
Medium
CVE-2025-53506
Apache Tomcat
Apache Tomcat
Denial of Service
>=9.0.0.M1 <9.0.107, >=10.1.0-M1 <10.1.43, >=11.0.0-M1 <11.0.9
Jul 30, 2025

Featured Whitepaper

View All
Deep-dive reports and technical briefings on migration, risk, and long-term Java strategy.

Java in 2025:
Navigating Migration, Security, and Long-Term Risk

The question for CIOs, CISOs, and engineering leaders is no longer whether to continue relying on Java. It is how to migrate safely between LTS versions, reduce exposure in legacy environments, and implement governance frameworks that withstand regulatory scrutiny.This white paper provides detailed analysis of migration realities, real-world breach lessons, supply-chain risk, and the economic, regulatory, and vendor dynamics shaping enterprise decisions in 2025.
Read White Paper
Java in 2025 - whitepaper thumbnail

Ready to Eliminate EOL Risk?

Start scanning your codebase today. Identify every end-of-life package in minutes, not hours.
Start Free Scan
Arrow
Schedule Demo
End-of-Life Dataset results

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Manage Consent Preferences by Category
Essentials
Always active

Necessary for the site to function. Always On.

Used for targeted advertising.

Remembers your preferences and provides enhanced features.

Measures usage and improves your experience.

Reject AllAccept All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.