search icon

How can we help you?

cross

close

Please type your search query, then press Enter or click the search button.

icon image
hamburger menu

Products

arrow down icon
Submit support request
DocumentationELS for LibrariesSpring®
sidebar hamburger menu

Spring®

Spring® is a trademark of Broadcom Inc. and/or its subsidiaries.


TuxCare's Endless Lifecycle Support (ELS) for Spring® provides security updates, system enhancement patches, and selected bug fixes that are integral to the stable operation of applications running on these versions of Spring® ecosystem components. These components have either reached their end of standard support from vendors or have reached End of Life (EOL).

  • Spring® Framework
  • Spring® Boot
  • Spring® Data
  • Spring® Security
  • etc.

Our ELS for Spring® service is designed to provide solutions for organizations that are not yet ready to migrate to newer versions and that are seeking long-term stability for their legacy Spring® applications.

Connection to ELS for Spring® Repository

This guide outlines the steps needed to integrate the TuxCare ELS for Spring® repository into your Java application. The repository provides trusted Java libraries that can be easily used with both Maven and Gradle projects.

Step 1: Get user credentials

You need a username and password in order to use the TuxCare ELS Spring® repository. Anonymous access is disabled. To receive a username and password please contact sales@tuxcare.com.

Step 2: Configure Registry

  1. Navigate to the directory depending on your operating system.

    • Windows
    Maven: C:\Users\{username}\.m2
Gradle: C:\Users\{username}\.gradle
    • macOS
    Maven: /Users/{username}/.m2
Gradle: /Users/{username}/.gradle
    • Linux
    Maven: /home/{username}/.m2
Gradle: /home/{username}/.gradle

  2. Add the TuxCare repository and plugin repository to your build configuration.

    For Maven, you may choose any valid <id> value instead of tuxcare-registry, but the same value must be used in both settings.xml and pom.xml.

    <?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.1.0">
    <servers>
        <server>
          <id>tuxcare-registry</id>
          <username>USERNAME</username>
          <password>PASSWORD</password>
        </server>
    </servers>
</settings>

    Here USERNAME and PASSWORD are your credentials mentioned in Step 1.

Step 3: Update Build Configuration

Add the TuxCare Spring® repository and plugins to your build configuration:

<repositories>
    <repository>
        <id>tuxcare-registry</id>
        <url>https://nexus.repo.tuxcare.com/repository/els_java/</url>
    </repository>
</repositories>

<pluginRepositories>
  <pluginRepository>
    <id>tuxcare-registry</id>
    <url>https://nexus.repo.tuxcare.com/repository/els_java/</url>
  </pluginRepository>
</pluginRepositories>
  • To fully switch from the official Spring® repository, replace it with the TuxCare repository.
  • To keep both, add TuxCare after the official one.

Example Maven and Gradle projects are available on GitHub. Remember to set the required environment variables.

Step 4: Update Dependencies

Replace the Spring® build dependencies in your build file with the TuxCare-maintained versions. Set the TuxCare release as the parent version. Your build tool will fetch the TuxCare versions of both your dependencies and their transitive dependencies.

You can find a specific artifact version in your TuxCare account on Nexus. Click Sign In in the top right corner to authenticate with your TuxCare credentials. After logging in, you may need to refresh or reopen the link to browse artifacts due to Nexus routing behavior.

<parent>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-parent</artifactId>
  <version>2.7.18-tuxcare.8</version>
</parent>

<dependencies>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
  </dependency>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-test</artifactId>
    <scope>test</scope>
  </dependency>
</dependencies>

Step 5: Verify and Build

  1. To confirm the TuxCare Spring® repository is set up correctly, use your build tool to list the project's dependencies. It shows both direct and transitive dependencies in the classpath.

    mvn dependency:tree -Dverbose

  2. After reviewing the dependencies, include any library from the repository into your project and then run a build:

    mvn clean install

The build tool you're using should be able to identify and resolve dependencies from the TuxCare ELS for Spring® repository.

Conclusion

You've successfully integrated the TuxCare ELS for Spring® repository into your project. You can now benefit from the secure and vetted Spring® libraries it provides.

Vulnerability Exploitability eXchange (VEX)

VEX is a machine-readable format that tells you if a known vulnerability is actually exploitable in your product. It reduces false positives and helps prioritize real risks.

TuxCare provides VEX for Spring® ELS versions: security.tuxcare.com/vex/cyclonedx/els_lang_java/.

How to Upgrade to a Newer Version of TuxCare Packages

If you have already installed a package with a tuxcare.1 suffix and want to upgrade to a newer release (for example, tuxcare.3), you need to update the version string in your Maven or Gradle build file.

Source Code

Source code for TuxCare-patched Spring® libraries is available in the repository. Source JARs follow the standard Maven naming convention with a -sources classifier.

For example: https://nexus.repo.tuxcare.com/repository/els_java/org/springframework/spring-core/5.3.39-tuxcare.9/spring-core-5.3.39-tuxcare.9-sources.jar.

If a source JAR is not available for a specific package, please contact sales@tuxcare.com to report the issue.

Resolved CVEs in ELS for Spring®

icon penEdit this page
Scroll up
2026. Cloud Linux Software Inc
×
Need help?
I'm a multilingual AI chatbot, trained to answer all your questions!