Spring LTS Keeps You Secure Past Community EOL
Many Spring versions being used in production — including Spring Boot 2.7, Spring Boot 3.4, Spring Boot 3.5, Spring Framework 5.3, Spring Framework 6.1, and Spring Framework 6.2 — are now (or soon will be) end of life and no longer receive security updates. If any of those releases are in your environment, your applications are at risk unless you upgrade.
If an immediate Spring Boot migration would drain resources from high-priority Q2 and Q3 initiatives, you need Spring Long-Term Support (LTS).
With Spring LTS from OpenLogic, you get proactive lifecycle management, including:
- Long-Term Coverage: Extended Spring support for Spring Boot 2.7 and 3.x and Spring Framework 5.3 and 6.x for at least two years beyond the community EOL date.
- Security Patches: Backported fixes for high and critical severity CVEs and patched Spring Security component.
- 24/7 SLA-Backed Support: Premium level includes technical support with guaranteed SLAs.
- Migration Expertise: Our team can provide guidance and/or hands-on-keyboard support.
Fill out the form to talk to an expert about Spring long-term support >>
Extended Spring Support for Enterprise Teams
Most LTS vendors ship you a build and call it a day. OpenLogic delivers the security patches your team needs today — and the migration expertise you'll need down the road.
Extend Your Spring Boot Migration Runway
Major version migrations require coordination across teams as well as careful testing and validation. With LTS, you don't have to rush.
- Spring Boot 2.7 and Spring Framework 5.3 support through October 2027.
- Spring Boot 3.x and Spring Framework 6.x support through June 2028.
Align upgrades with your roadmap instead of release cycles.
Stay Ahead of Spring Security Risks
Once a version reaches end of life and the community stops providing updates, internal teams carry more of the burden. With OpenLogic Spring LTS, you know exactly when fixes are ready without having to guess.
- Critical and high vulnerability patches delivered even after EOL.
Easy installation via our secure repository.
All builds come with patched Spring Security component.
Always Be Audit-Ready, On Any Version
Avoid the churn of constantly upgrading and having to revalidate with every new release.
- Remain on a stable, tested build without being forced onto the latest community release.
- Document CVE patch history to satisfy compliance and security audit requirements.
- Walk into your next audit with proof of support and a clear patch record.
Spring LTS Coverage: Supported Versions and EOL Dates
See which versions are covered under OpenLogic Spring LTS today, how far past community EOL that coverage extends, and what's coming next.
Version | Release Date | End of Community Support | OpenLogic LTS |
|---|---|---|---|
Spring Boot 2.7 | May 31, 2022 | June 30, 2023 | Through October 31, 2027 |
Spring Boot 3.0 | November 24, 2022 | December 31, 2023 | Through June 30, 2028 |
Spring Boot 3.1 | May 31, 2023 | June 30, 2024 | |
Spring Boot 3.2 | November 30, 2023 | December 31, 2024 | |
Spring Boot 3.3 | May 31, 2024 | June 30, 2025 | |
Spring Boot 3.4 | November 21, 2024 | December 31, 2025 | |
Spring Boot 3.5 | May 31, 2025 | June 30, 2026 | |
Spring Framework 5.3 | October 27, 2020 | August 31, 2024 | Through October 31, 2027 |
Spring Framework 6.0 | November 30, 2022 | June 30, 2024 | Through June 30, 2028 |
Spring Framework 6.1 | November 30, 2023 | June 30, 2025 | |
Spring Framework 6.2 | November 30, 2024 | June 30, 2026 |
Trusted by the Global 500 and Beyond
"OpenLogic enabled us to avoid downtime, reduce organizational costs, maintain security compliance, and facilitate an overall open source risk strategy."
Frequently Asked Questions
OpenLogic will patch:
- Critical severity (CVSS score 9.0+) CVEs within 14 days.
- High severity (CVSS score 7.0-8.9) CVEs within 30 days.
- All other severities will be evaluated and may be patched on demand.
OpenLogic will provide long-term support for at least 2 years past community Spring Boot and Spring Framework EOL. For Spring Boot 2.7 and Spring Framework 5.3, we have extended coverage to October 2027 — 3 years after community EOL. As we identify popular community versions and customer needs, we will evaluate extending individual LTS versions beyond the two-year minimum.
Long-term support for Spring Boot 2.7 and Spring Framework 5.3 is available now. Long-term support for Spring Boot 3.x and Spring Framework 6.x versions will be ready soon. OpenLogic plans to add one new Spring Boot and Spring Framework LTS release yearly, following the November release each year for each project.
We will provide your company with credentials to a Sonar Nexus repository with Spring Boot and Spring Framework LTS. You will be able to point your build systems (e.g. Gradle, Maven) to our repository to pull the framework version(s) you are interested in during build time.
OpenLogic’s online CVE Center tracks all the CVEs that our team has patched for our LTS builds. Each CVE listed references the LTS package version where the CVE has been resolved.
Customers can also subscribe to an RSS feed to get updates about new CVEs and the patched LTS packages we provide. Any time a new entry is added to the feed, your team will get a notification.
Finally, in our quarterly customer newsletter, we announce all product releases for the past quarter.
While we proactively patch the issues that most affect organizations, lesser severity CVEs can also impact your application sometimes. In those cases, you can open a support ticket with OpenLogic. We will evaluate the issue, and either provide you a workaround or patch the issue in our next release.
Our primary competitors for Spring Framework and Spring Boot LTS give you exactly one thing: LTS builds. They cannot help your team if you experience downtime in production, or provide you with expert consultative services if you need to improve application performance or need help migrating to a newer version of the framework. OpenLogic can assist you with your entire Spring Boot lifecycle, from development to production, from initial deployment to long-term maintenance and application health.
Spring Security provides both an authentication as well as authorization framework for consumption in Spring-based applications, as well as protection against CSRF attacks, default response headers to enforce common security policies, and TLS enforcement for incoming requests.
Yes, Spring LTS includes a patched Spring Security component that customers will use exactly as they would if they had installed from the Spring project itself.