Springsource Spring Framework
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Springsource Spring Framework.
EOL Dates
Ensure that you are using a supported version of Springsource Spring Framework. Here are some end of life, and end of support dates for Springsource Spring Framework.
| Release | EOL Date | End of Extended Support | Status |
|---|---|---|---|
| 7.0 | June 30, 2027 | June 30, 2028 |
Active
Springsource Spring Framework 7.0 will become EOL next year, in June 2027. |
| 6.2 | June 30, 2026 | June 30, 2032 |
EOL This Year
Springsource Spring Framework 6.2 will become EOL this year, in June 2026. |
| 6.1 | June 30, 2025 | June 30, 2026 |
EOL
Springsource Spring Framework 6.1 became EOL in 2025 and the extended support period ends in 2026. |
| 6.0 | June 30, 2024 | August 31, 2025 |
EOL
Springsource Spring Framework 6.0 became EOL in 2024 and the extended support period ended in 2025. |
| 5.3 | August 31, 2024 | June 30, 2029 |
EOL
Springsource Spring Framework 5.3 became EOL in 2024 and the extended support period ends in 2029. |
| 5.2 | December 31, 2021 | December 31, 2023 |
EOL
Springsource Spring Framework 5.2 became EOL in 2021 and the extended support period ended in 2023. |
| 5.1 | December 31, 2020 | December 31, 2022 |
EOL
Springsource Spring Framework 5.1 became EOL in 2020 and the extended support period ended in 2022. |
| 5.0 | December 31, 2020 | - |
EOL
Springsource Spring Framework 5.0 became EOL in 2020. |
| 4.3 | December 31, 2020 | - |
EOL
Springsource Spring Framework 4.3 became EOL in 2020. |
| 3.2 | December 31, 2016 | - |
EOL
Springsource Spring Framework 3.2 became EOL in 2016. |
Extended Support differs by vendor, and may cost additional fees. Check with Springsource to see how they define extended support.
By the Year
In 2026 there have been 0 vulnerabilities in Springsource Spring Framework.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
It may take a day or so for new Spring Framework vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Springsource Spring Framework Security Vulnerabilities
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which
CVE-2014-0054
- April 17, 2014
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which
CVE-2013-7315
- January 23, 2014
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which
CVE-2013-4152
- January 23, 2014
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3
CVE-2010-1622
- June 21, 2010
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Springsource Spring Framework or by Springsource? Click the Watch button to subscribe.
