Broadcom Opens Java Security Infrastructure to Spring Community
Open Source For You, Tuesday, June 9th, 2026
Broadcom releases Spring's largest-ever security update and opens its clean-room build architecture to the Java ecosystem.
Broadcom, via its Tanzu business, released what it calls the largest security update in Spring's 23-year history while opening its clean-room build architecture to the broader Java ecosystem.
The company reported a 1,700% surge in monthly Spring community security advisories between March and April 2026, prompting expanded use of AI-powered security analysis, including frontier-model vulnerability scanning and automated validation. New protections include SLSA Level 3-validated supply chain support, transitive dependency coverage through Spring Boot's bill of materials, and day-zero access to validated CVE patches for Tanzu Spring customers. Tanzu VP and GM Purnima Padmanabhan framed the investment around the health of the Spring community and customer security.