Security & CVE Remediation

AI-enabled vulnerability discovery has shattered the old pace of security response. What used to be a manageable monthly cadence is now a continuous, high-velocity crisis with hundreds of CVEs.

Tanzu Spring delivers first-party patches, extended support, and full-stack remediation directly from the engineers who build Spring, ensuring your applications remain secure, compliant, and continuously supported.

Volume and speed of AI-enabled CVEs are breaking existing triage processes

The way security vulnerabilities are discovered, published, and exploited has fundamentally shifted. With AI reducing the time to exploit from weeks to hours, organizations need immediate access to verified patches to remediate threats before they compromise your systems.

Previously

3–4 CVEs / month
Days or weeks to respond before exploit
Deliberate, manageable process

New Normal

Significant rise in the number of CVEs due to AI
< 1 day before potential exploit
AI-assisted fixes are unreliable and do not meet compliance standards (FIPS, etc.)

Tanzu Spring addresses Spring CVEs across all versions

In the new AI-enabled security environment, the most urgent risk is running out-of-support versions. Tanzu Spring provides a clear coverage path regardless of where your applications sit today.

Current OSS Spring versions

Day 0 patches for the latest version of 60+ OSS Spring projects
Includes CVE fixes as well as enhancements and bug fixes

Spring Enterprise – Long Term Support versions

Day 0 patches including backports for all active enterprise versions
Covers CVEs, dependency upgrades, and critical bug fixes beyond the OSS support window

Versions outside the Long Term Support window

Professional services and advanced support dedicated to guide and assist with Spring patching, upgrades or modernization

Ready to accelerate your security response?

Talk to an expert about how Tanzu Spring can protect your applications.