Spring Boot ↗

VMware · Web / Framework

Track your version:Monitors Spring Boot and tailors your dashboard to that exact version.

4.1.0 · latest cycle100/100 Healthy

Summary iPlain-English security verdict for Spring Boot, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Spring Boot currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 4.1.0. It's on the latest patch with no significant known issues — keep it current.

Disclosure trend iNew CVEs published for Spring Boot each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19

'20

'21

'22

'23

'24

'25

'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2017-8046 CRITICAL Improper input validation EPSS 73% → fixed in 1.5.9 CVE-2021-26987 CRITICAL EPSS 2% → fixed in 1.3.2 CVE-2023-20873 CRITICAL EPSS 1% → fixed in 3.0.6 CVE-2023-44794 CRITICAL Improper access control EPSS 1% → see advisory CVE-2026-40976 CRITICAL Missing authorization EPSS 0% → fixed in 4.0.6

See all 19 known Spring Boot CVEs & security history →

Get alerted about Spring Boot

Be emailed the moment Spring Boot gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.

We email only on real events for Spring Boot — no marketing, no sharing, and we never know what you run. Track your whole stack →

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each Spring Boot release line is supported — and when it sunsets. Select a line for its full report.

Jul31'27 Spring Boot 4.1EOL 2027-07-31

Dec31'26 Spring Boot 4.0EOL 2026-12-31

Jun30'26 Spring Boot 3.5EOL 2026-06-30

Dec31'25 Spring Boot 3.4ended 2025-12-31

Jun30'25 Spring Boot 3.3ended 2025-06-30

Dec31'24 Spring Boot 3.2ended 2024-12-31

Jun30'24 Spring Boot 3.1ended 2024-06-30

Dec31'23 Spring Boot 3.0ended 2023-12-31

Jun30'23 Spring Boot 2.7ended 2023-06-30

Nov24'22 Spring Boot 2.6ended 2022-11-24

May19'22 Spring Boot 2.5ended 2022-05-19

Nov18'21 Spring Boot 2.4ended 2021-11-18

Full Spring Boot end-of-life dates & support timeline →

4.1 latest 4.1.0 Supported until 2027-07-314.1.0 → 4.0 latest 4.0.7 Supported until 2026-12-314.0.7 → 3.5 latest 3.5.15 Supported until 2026-06-303.5.15 → 3.4 latest 3.4.13 End of life ended 2025-12-313.4.13 → 3.3 latest 3.3.13 End of life ended 2025-06-303.3.13 → 3.2 latest 3.2.12 End of life ended 2024-12-313.2.12 → 3.1 latest 3.1.12 End of life ended 2024-06-303.1.12 → 3.0 latest 3.0.13 End of life ended 2023-12-313.0.13 → 2.7 latest 2.7.18 End of life ended 2023-06-302.7.18 → 2.6 latest 2.6.15 End of life ended 2022-11-242.6.15 → See all upcoming end-of-life dates →

Frequently asked

Is Spring Boot safe and patched?

What should I do about Spring Boot now?

Upgrade Spring Boot to the latest supported release (4.1.0) or later and apply available security updates, then confirm against VMware's official advisory.

When does Spring Boot reach end-of-life?

The latest supported Spring Boot release is 4.1.0. After end-of-life a release no longer receives security patches.

Which versions of Spring Boot are still receiving security updates?

Supported Spring Boot release lines (latest 4.1.0): 4.1, 4.0, 3.5. End-of-life releases no longer receive security patches.

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against VMware's official advisory before you patch or upgrade — Spring Boot official site ↗