Minimize Disruption and Stay Secure and Compliant With Spring LTS
The time-based Spring lifecycle, with releases coming every six months, puts organizations under intense pressure to stay current or put their applications at risk by staying on older versions. Keeping pace with frequent upgrades is challenging — teams must continually test, validate, and deploy updates while repeatedly configuring security settings to remain compliant.
With OpenLogic LTS, you don’t have to scramble to get on the latest version of Spring Boot or Spring Framework. You can extend the life of your deployments past community end-of-life — without compromising security or compliance — and take the time you need to test and transition.
Solution Overview:
- Available for Spring Boot 2.7 and 3.x versions and Spring Framework 5.3 and 6.x versions
- Includes patched Spring Security component
- Guaranteed CVE patches for critical and high vulnerabilities (CVSS score of 7+) and patches for other severities evaluated on demand
- Choose your level, up to Premium which includes production deployment support and 1-hour response times
Talk to our team about Spring LTS >>
Spring LTS Coverage: Supported Versions and EOL Dates
Version | Release Date | End of Community Support | OpenLogic LTS |
|---|---|---|---|
Spring Boot 2.7 | May 31, 2022 | June 30, 2023 | Through October 31, 2027 |
Spring Boot 3.0 | November 24, 2022 | December 31, 2023 | Through June 30, 2028 |
Spring Boot 3.1 | May 31, 2023 | June 30, 2024 | |
Spring Boot 3.2 | November 30, 2023 | December 31, 2024 | |
Spring Boot 3.3 | May 31, 2024 | June 30, 2025 | |
Spring Boot 3.4 | November 21, 2024 | December 31, 2025 | |
Spring Boot 3.5 | May 31, 2025 | June 30, 2026 | |
Spring Framework 5.3 | October 27, 2020 | August 31, 2024 | Through October 31, 2027 |
Spring Framework 6.0 | November 30, 2022 | June 30, 2024 | Through June 30, 2028 |
Spring Framework 6.1 | November 30, 2023 | June 30, 2025 | |
Spring Framework 6.2 | November 30, 2024 | June 30, 2026 |
Need More Than Long-Term Support?
OpenLogic Enterprise Architects can provide 24/7/365 technical support, backed by SLAs, as well as a range of professional services including migrations, upgrades, implementations, and consulting for Spring Boot and Spring Framework, and other Spring components including Spring Security and Spring Cloud.
The Spring Upgrade Dilemma: Move Fast or Stay Stable?
Keeping up with every new Spring release can feel like a full-time job. Should you always upgrade right away or is it safe to stay on the version that’s already working in production?
If your team is feeling the pressure to upgrade faster than your roadmap allows, this video will help you rethink your strategy — and show you how LTS can keep your Spring application secure, stable, and supported until you're ready to migrate.
Don't Let Spring EOL Disrupt Your Business
Now that the Spring lifecycle is aligned with OpenJDK, new releases come out twice a year and receive only a year of community support. Frequent upgrades are burdensome and strain resources — but staying on legacy versions exposes your applications to vulnerabilities and compliance audit failures.
Spring LTS covers you beyond community EOL so you don’t have upgrade as often. Don’t leave your applications unprotected — get long-term support today to extend the life of your deployments.
Trusted by the Global 500 and Beyond
Frequently Asked Questions
OpenLogic will patch:
- Critical severity (CVSS score 9.0+) CVEs within 14 days
- High severity (CVSS score 7.0-8.9) CVEs within 30 days
- All other severities will be evaluated and may be patched on demand
OpenLogic will provide Spring Boot and Spring Framework long-term support for at least 2 years past community end of life. For Spring Boot 2.7 and Spring Framework 5.3, we have extended coverage to October 2027 — 3 years after community EOL. As we identify popular community versions and customer needs, we will evaluate extending individual LTS versions beyond the two-year minimum.
Long-term support for Spring Boot 2.7 and Spring Framework 5.3 is available now. Long-term support for Spring Boot 3.x and Spring Framework 6.x versions will be available soon. OpenLogic plans to add one new Spring Boot and Spring Framework LTS release yearly, following the November release each year for each project.
We will provide your company with credentials to a Sonar Nexus repository with Spring Boot and Spring Framework LTS. You will be able to point your build systems (e.g. Gradle, Maven) to our repository to pull the framework version(s) you are interested in during build time.
OpenLogic’s online CVE Center tracks all the CVEs that our team has patched for our LTS builds. Each CVE listed references the LTS package version where the CVE has been resolved.
Customers can also subscribe to an RSS feed to get updates about new CVEs and the patched LTS packages we provide. Any time a new entry is added to the feed, your team will get a notification.
Finally, in our quarterly customer newsletter, we announce all product releases for the past quarter.
While we proactively patch the issues that most affect organizations, sometimes lesser severity CVEs can also impact your application. In those cases, you can open a support ticket with OpenLogic. We will evaluate the issue, and either provide you a workaround, or patch the issue in our next release.
Our primary competitors for Spring Framework and Spring Boot LTS give you exactly one thing: LTS builds. They cannot help your team if you experience downtime in production, or provide you with expert consultative services if you need to improve application performance or need help migrating to a newer version of the framework. OpenLogic can assist you with your entire application lifecycle, from development to production, from initial deployment to long-term maintenance and application health.
Spring Security provides both an authentication as well as authorization framework for consumption in Spring-based applications, as well as protection against CSRF attacks, default response headers to enforce common security policies, and TLS enforcement for incoming requests.
Yes. Spring LTS includes a patched Spring Security component that customers will use exactly as they would if they had installed from the Spring project itself.
Ready to Extend Your Runway With Spring LTS?
Avoid disruption and upgrade when you're ready by securing long-term support now. Click the button below to connect with our team and see pricing options.
Full Java Stack Support
OpenLogic also supports OpenJDK, Oracle Java, OpenJ9 and Tomcat.