Contact us
Start building

Secure your production apps for 15 years

Don’t let framework releases dictate your roadmap.
Get 15 years of security patches and browser compatibility updates for your current version—whether it's legacy Vaadin app or a locked Vaadin 24 minor version, Extended Maintenance gives you long-term stability and lets you upgrade when you’re ready, not when the framework forces you to.
Get 15 Years of Maintenance
Frame 3 (3)

What is Vaadin Maintenance

Vaadin Maintenance ensures your application remains stable, secure, and compatible — today, next year, and and well beyond the next decade.
Security updates
Patches for known vulnerabilities to keep your application protected
Bug fixes
Corrections to framework issues that impact stability or functionality
Compatibility updates
Regular updates to maintain seamless functionality across all major browsers, ensuring a consistent user experience
Quality-of-life improvements
Minor refinements that reduce friction in development and operations

Vaadin's release model

Vaadin's release model ensures a steady flow of new features and improvements while prioritizing stability, easy upgrades, and long-term maintainability. It consists of three types of releases:

Maintenance releases
Maintenance releases (e.g., 24.4.2) deliver critical bug fixes and patches between minor releases. These updates are trivial to apply and released weekly to maintain stability and address security issues quickly.
Minor releases
Minor releases (e.g., 24.4) occur quarterly, introducing new features and improvements while maintaining backward compatibility whenever possible. Bug fixes are applied to the latest version, and critical security or compatibility issues are addressed across all maintained versions.
Major releases
Major releases (e.g., 24.0) occur approximately every 12 to 24 months and may introduce breaking changes, such as Java version upgrades or removal of deprecated features, to keep the framework modern, efficient, and secure. To support a smooth transition, each major version receives 6 months of free maintenance, ensuring stability while allowing flexibility in upgrade scheduling.
Maintenance
  • 24.4.2
  • Bug fixes
  • Trivial update
  • Immediately replaces previous release
  • Weekly
Minor
  • 24.4
  • New features
  • Easy update
  • Previous minor maintained for 3 months (or up to 15 years with Extended Maintenance for 24 minor versions)
  • Quarterly
Major
  • 24
  • New features and removed deprecations with potential breaking change
  • Might require rework
  • Previous major maintained as open source for 6 months
  • Yearly

Read more about our release strategy in this blog post

Your path forward when maintenance ends

1. The high-risk

Applications built on Vaadin versions that have reached the end of maintenance will continue to function — but they become increasingly exposed to risks such as unpatched security vulnerabilities, browser incompatibilities, and evolving platform requirements.

2. The upgrade

To keep your application secure and reliable, we recommend upgrading to a maintained version. The best way to do this is to stay current with the latest Vaadin release. Our upgrade page provides guidance, tooling, and tips to help you adopt new versions efficiently.

3. The extended maintenance

If you're not ready to upgrade right away, Extended Maintenance gives your team more time — with up to 15 years of continued coverage. It ensures your application remains stable and compliant, while giving you the flexibility to plan upgrades around your business needs.

 

Extended Maintenance for long-term protection

For all major versions (V7, V8, V10, V14, V23, V24+)

Long-term security for established applications. Get 15 years of critical security patches and browser compatibility updates for any major Vaadin version. Keep mission-critical apps running securely without forced migrations.

Perfect for: 

•  Legacy V7 or V8 apps running business-critical workflows.

•  V14 or V23 apps with strict Java 11 or Spring Boot 2.x dependencies.

•  Any application where a major rewrite simply isn't feasible right now.

For Vaadin 24 minor versions (24.0–24.8)

If you are unable to upgrade to the latest minor release due to strict dependency requirements or compliance needs, you no longer need to force an upgrade to stay secure. Extended Maintenance now covers individual Vaadin 24 minor versions, allowing you to lock your version (e.g., Vaadin 24.3) and receive critical security patches and bug fixes without changing your Java or Spring Boot baselines. 

•  Avoid dependency hell: Keep your current Spring Boot/Java versions.

•  Regulatory compliance: Avoid triggering re-certification cycles.

•  15-year horizon: Support duration matches major version timelines.

Get 15 Years of Maintenance
Free vs Extended Maintenance

Upgrade at your own pace

Maintaining a secure and stable application is an ongoing responsibility. It requires consistent attention to vulnerabilities, third-party dependencies, and evolving platform requirements. Vaadin’s maintenance policy helps ensure that each release stays reliable — giving your team the flexibility to upgrade when the time is right.
Free maintenance

Each major release includes 6 months of free maintenance after the next major release, providing a stable transition window. During this time, all users receive critical bug fixes and security updates at no cost. For example, if you're using version 24 and version 25 is released in December, you'll continue to receive updates for version 24 until June — giving your team time to test and adopt the new version without rushing.

  • Major Version Support: 6 months after next major release

  • Versions covered: Latest minor only (e.g., V24.8)

  • Latest Minor Version: Supported

  • Past Minor Versions (e.g., 24.2): Not Supported (End of Life)
  •  
  • Security Patches: Latest release only

 

Extended Maintenance (Enterprise plan)

Extended Maintenance gives your application long-term stability and security, with 15 years of coverage included in the Enterprise plan. This timeline supports long-lived projects, regulated environments, and applications where upgrades must be carefully planned. Extended Maintenance is ideal for teams that need continued access to critical updates and long-term reliability.

  • Major Version Support: 15 Years

  • Versions covered: All major versions (V7, V8, V10, V14, V23, V24+) and any V24 minor version (24.0–24.8)

  • Latest Minor Version: Supported

  • Past Minor Versions (e.g., 24.2): Supported only for 24.0-24.8
  •  
  • Security Patches: Backported to your specific version

Want to secure your app for the next 15 years?

Every day you run an unpatched version, you are accumulating technical debt and security risk. Don’t let a failed audit or a production exploit dictate your engineering roadmap.
 
  • Instant compliance: Eliminate high-severity vulnerabilities without touching a single line of stable code.
  • 15-year portfolio protection: Secure everything from legacy Vaadin 7/8 to specific Vaadin 24 minor versions for over a decade.
  • End "dependency hell": Stop wasting expensive developer hours on forced Java or Spring Boot upgrades.

Let's talk about Extended Maintenance

Submit a form to schedule a brief session with our technical expert to activate your extended maintenance and secure your applications.