108 searches for "spring framework 5.3.20 end of life date" this week alone. Zero clicks. Either nobody has the answer or nobody trusts the ones they're finding. Let's fix that.
Spring Framework 5.3 reached end of life on December 31, 2024. Spring Framework 6.0 followed on the same date. Spring Framework 6.1 reached EOL on December 31, 2025. That means three major Spring versions are currently EOL simultaneously with no patches coming.
Complete Spring Framework EOL Schedule
| Version | Released | End of Life | Status | EOL Risk Score |
|---|---|---|---|---|
| Spring 4.3 | Jun 2016 | Dec 31, 2020 | π΄ EOL | 95 Critical |
| Spring 5.0 | Sep 2017 | Dec 31, 2020 | π΄ EOL | 93 Critical |
| Spring 5.2 | Sep 2019 | Dec 31, 2021 | π΄ EOL | 90 Critical |
| Spring 5.3 | Nov 2020 | Dec 31, 2024 | π΄ EOL | 82 Critical |
| Spring 6.0 | Nov 2022 | Dec 31, 2024 | π΄ EOL | 78 Critical |
| Spring 6.1 | Nov 2023 | Dec 31, 2025 | π΄ EOL | 72 Critical |
| Spring 6.2 | Nov 2024 | Dec 31, 2026 | β Active | 35 Medium |
β οΈ Spring 5.3, 6.0, and 6.1 are all currently EOL. Spring 6.2 is the only supported version β EOL December 31, 2026.
Spring Framework 5.3 - EOL December 31, 2024
Spring 5.3 was the last version in the Spring 5.x line and the last to support Java 8 and Java 11 as a minimum requirement. Many enterprise teams stayed on 5.3 specifically because migrating to Spring 6.x requires Java 17 minimum.
Spring Framework 5.3.20 β the version appearing in so many search queries β is a specific patch release within the 5.3.x line. The entire 5.3.x line is EOL as of December 31, 2024. It doesn't matter whether you're on 5.3.18, 5.3.20, or 5.3.39 β all are unsupported.
The biggest reason teams are still on 5.3: Java version lock-in. If your application runs on Java 8 or Java 11, you cannot upgrade to Spring 6.x without first upgrading Java. That's two migrations instead of one.
β Spring Framework 5.3 EOL Risk Score Card
Spring Framework 6.0 - EOL December 31, 2024
Spring 6.0 reached EOL the same day as Spring 5.3 β December 31, 2024. Teams that migrated to 6.0 to stay current found themselves EOL faster than expected.
The good news: migrating from 6.0 to 6.2 is significantly less painful than 5.3 to 6.x. You're already on Java 17, already on Jakarta EE namespace, already on the 6.x baseline. Most codebases complete this migration in days.
β Spring Framework 6.0 EOL Risk Score Card
Spring Framework 6.1 - EOL December 31, 2025
Spring 6.1 reached EOL on December 31, 2025 β five months ago. Teams that upgraded to 6.1 thinking they had runway until at least 2026 found the EOL came faster than expected.
If you're running Spring Framework 6.1 today, the migration to 6.2 is the shortest path available and should be treated as urgent. Spring 6.1 to 6.2 is a minor version bump β most applications require only dependency version updates and a rebuild.
β Spring Framework 6.1 EOL Risk Score Card
Spring Framework 6.2 - Current Stable, EOL December 31, 2026
Spring 6.2 is the only currently supported version. EOL is December 31, 2026 β approximately 7 months away.
That sounds comfortable. It isn't β particularly if you still need to complete a Java upgrade as part of the migration. Spring 7.0 is expected in late 2026. Start evaluating your migration path now. Don't wait until November.
What About Spring Boot?
Spring Boot and Spring Framework have separate but related EOL schedules:
| Spring Boot | EOL | Spring Framework |
|---|---|---|
| 2.7 | Nov 18, 2023 | 5.3 |
| 3.0 | Nov 18, 2023 | 6.0 |
| 3.1 | Nov 18, 2023 | 6.0 |
| 3.2 | Nov 18, 2024 | 6.1 |
| 3.3 | Nov 18, 2025 | 6.1 |
| 3.4 | Nov 18, 2026 | 6.2 β current |
Migrating from Spring 5.3 to Spring 6.2
This is the most complex migration in the Spring ecosystem right now. Two major barriers: Java 17 requirement and the javax β jakarta namespace change.
Step 1 - Upgrade Java to 17 first
Test on Java 17 before touching Spring. Fix deprecated API usage flagged by:
jdeps --jdk-internals your-app.jar
Step 2 - Run OpenRewrite
<plugin>
<groupId>org.openrewrite.maven</groupId>
<artifactId>rewrite-maven-plugin</artifactId>
<configuration>
<activeRecipes>
<recipe>org.openrewrite.java.spring.boot3.UpgradeSpringBoot_3_4</recipe>
</activeRecipes>
</configuration>
</plugin>
This automatically migrates javax β jakarta namespaces and updates Spring-specific patterns.
Step 3 - Update your dependency tree
Spring 6.x requires updated versions of Hibernate, Tomcat, Jackson, and most Spring ecosystem libraries.
Step 4 - Fix Spring Security configuration
WebSecurityConfigurerAdapter was removed in Spring 6.x. Migrate to component-based security configuration.
Step 5 - Full regression test on Java 17 before production.
Migrating from Spring 6.0 or 6.1 to Spring 6.2
Much simpler. Update your Spring dependency version in pom.xml or build.gradle, run your test suite, fix any deprecation warnings. Most codebases complete this in a day.
EOL Risk Scoreβ’ Summary
Every Spring Framework version has a dedicated score card on endoflife.ai with a 0-100 EOL Risk Scoreβ’.
| Version | Score | Band |
|---|---|---|
| Spring 4.3 | 95 | π΄ Critical |
| Spring 5.3 | 82 | π΄ Critical |
| Spring 6.0 | 78 | π΄ Critical |
| Spring 6.1 | 72 | π΄ Critical |
| Spring 6.2 | 35 | π‘ Medium |
Spring4Shell (CVE-2022-22965) was a critical RCE vulnerability that made global headlines in 2022. EOL versions of Spring Framework will never receive patches for similar future vulnerabilities.
Check Your Full Stack
Spring Framework EOL is one piece of the puzzle. Spring Boot, Spring Security, and your Java runtime each have their own end-of-life dates.
Use the free EOL Checker or Stack Scanner at endoflife.ai to audit your entire dependency tree - no account required.
This article is part of The EOL Intelligence Report series. EOL dates sourced from endoflife.date, Spring project official documentation, and CISA KEV Catalog.
Top comments (0)