You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Spring Boot 3.4.x reaches OSS end-of-life on 2025-11-20 and Spring Boot 3.5.x on 2026-05-22. The Dapr Java SDK currently targets Spring Boot 3.4.x (springboot.version=3.4.13) across the sdk-springboot, dapr-spring, and related modules.
Maintaining support for EOL Spring Boot versions creates an ongoing maintenance burden:
Transitive CVEs — many CVEs in the SDK dependency tree (tomcat-embed, logback, netty, commons-compress) originate from the Spring Boot BOM. Each patch release requires manual version overrides in the parent pom to work around what the BOM ships.
BOM shadowing — child modules that re-import the Spring Boot BOM can silently undo parent-level security overrides (e.g., netty-bom), as seen in [1.16] Fix/bump deps CVE 1.16 #1717.
Testing matrix — supporting multiple Spring Boot major versions (3.x and 4.x) doubles the integration test surface.
Proposal
release-1.17 (current): add a deprecation notice for Spring Boot 3.4 support in the docs and release notes.
release-1.18: drop Spring Boot 3.4 support. Minimum supported version becomes Spring Boot 3.5.
release-1.19: drop Spring Boot 3.5 support. Minimum supported version becomes Spring Boot 4.0.
Migration path
Users on Spring Boot 3.4 should upgrade to 3.5 (drop-in compatible).
Deprecate Spring Boot 3.4 and 3.5 support
Context
Spring Boot 3.4.x reaches OSS end-of-life on 2025-11-20 and Spring Boot 3.5.x on 2026-05-22. The Dapr Java SDK currently targets Spring Boot 3.4.x (
springboot.version=3.4.13) across thesdk-springboot,dapr-spring, and related modules.Maintaining support for EOL Spring Boot versions creates an ongoing maintenance burden:
Proposal
Migration path
dapr-spring-boot-4-autoconfigureand related SB4 modules are already available for early adopters.Benefits
Open questions