EOLCanaryEOLCanary

Spring Boot 2.x — End of Life

EOL
EOL: Jun 30, 20238 releases in this series0 CVEs

Spring Boot 2.x — All releases

VersionReleasedActive supportEOL dateLatest patchStatus
2.7May 31, 2022Jun 30, 20232.7.18EOL
2.6Nov 17, 2021Nov 24, 20222.6.15EOL
2.5May 20, 2021May 19, 20222.5.15EOL
2.4Nov 12, 2020Nov 18, 20212.4.13EOL
2.3May 15, 2020May 20, 20212.3.12EOL
2.2Oct 16, 2019Oct 16, 20202.2.13EOL
2.1Oct 30, 2018Oct 30, 20192.1.18EOL
2.0Mar 1, 2018Mar 1, 20192.0.9EOL

CVEs affecting Spring Boot 2.x (0)

No CVEs tracked for Spring Boot 2.x.

Spring Boot 2.x is EOL — migrate to Spring Boot 3.x

Spring Boot 3.x is the next major release. Plan your upgrade before Spring Boot 2.x stops receiving security patches.

See Spring Boot 3.x

Frequently asked questions

Is Spring Boot 2 end of life?

Yes. All Spring Boot 2.x releases have reached end of life and no longer receive security patches. Migrate to Spring Boot 3.x as soon as possible.

What CVEs affect Spring Boot 2?

No CVEs are currently tracked for Spring Boot 2.x in our database. This may mean no vulnerabilities have been recorded yet, or the data is still syncing.

What is the latest Spring Boot 2 version?

The latest Spring Boot 2.x patch release is 2.7.18, released on November 23, 2023. Always run the latest patch to benefit from all security fixes.

How to migrate from Spring Boot 2 to Spring Boot 3?

To migrate from Spring Boot 2 to Spring Boot 3: (1) review the official Spring Boot 3 migration guide for breaking changes, (2) update dependencies and configuration accordingly, (3) test thoroughly in a staging environment, (4) deploy with a rollback plan. Starting early gives you time to resolve compatibility issues before your current version reaches end of life.

Is it safe to run Spring Boot 2 in production?

No. Spring Boot 2 has reached end of life and security vulnerabilities are no longer patched. Upgrade to a supported version immediately.

Data sourced from endoflife.date · CVE data from NVD · EPSS from FIRST.org · KEV from CISA