End-of-Life Apache Struts Versions
What End-of-Life means
When a Struts version reaches End-of-Life (EOL), the Apache Struts Team no longer provides security patches, bug fixes, or updates for that branch. Users are strongly encouraged to migrate to a currently supported release.
The user mailing list and issue tracker are the only support options hosted by the Apache Struts project for supported versions. EOL versions receive no support at all from the project.
EOL versions
| Branch | EOL date | Announcement |
|---|---|---|
| Struts 2.5.x | 30 October 2023 | Announcement |
| Struts 2.3.x | 12 September 2019 | Announcement |
| Struts 1.x | 5 April 2013 | Announcement |
For a full list of individual releases that are no longer recommended due to known security issues, see the Releases page.
Commercial support for EOL versions
If migration is not immediately feasible, third-party vendors offer extended security support for EOL Struts versions. The Apache Software Foundation does not endorse any commercial offering; the following is provided for informational purposes only.
HeroDevs Never-Ending Support (NES) — extended security coverage and CVE remediation for EOL Apache Struts versions.
For a full list of commercial support options, see the Commercial Support page.