Broadcom has rolled out the largest security update in Spring’s history and opened its clean-room build architecture to strengthen security across the open source Java ecosystem amid a sharp rise in vulnerabilities.
Broadcom has announced what it describes as the largest set of security updates in the 23-year history of the open-source Spring framework, while also opening its clean-room build architecture for Java dependencies used across the Spring ecosystem.
Delivered through Broadcom’s Tanzu business, the initiative aims to strengthen security across the Spring and broader Java ecosystems as the company reported a 1,700% increase in monthly security advisories from the Spring community between March and April this year.
To address the surge, Broadcom’s Spring engineering team has expanded its use of AI-assisted security analysis, including frontier-model-based vulnerability scanning, automated validation workflows, remediation-path assessment, and fix validation across the ecosystem.
The company is also extending software supply chain protections. Tanzu Spring customers will gain access to SLSA Level 3-validated software supply chain support, coverage across the full transitive dependency graph managed by the Spring Boot bill of materials, and secured dependencies built and tested across supported Spring releases.
In addition, the Tanzu Spring Platform now offers day-zero access to validated CVE patch-only releases through its Enterprise Repository before they are released to the open-source community. Broadcom said it will continue issuing CVEs for all Spring projects under open-source support as well as older versions covered under Tanzu Spring enterprise support.
“Spring is one of the most widely adopted application development frameworks in the world, and as its steward, we have a deep responsibility for its security,” said Purnima Padmanabhan, Vice President and General Manager, Tanzu Division, Broadcom. “This investment is about two things we will never separate: the health of the Spring community and the security of our customers who trust Spring to run their business.”
