Maven Dependency Health Checker — Find Outdated pom.xml Dependencies
Paste your pom.xml or Maven coordinates (groupId:artifactId:version, one per line). Checks each artifact against Maven Central for the latest version and last release date.
Paste your pom.xml or a list of Maven coordinates (groupId:artifactId:version, one per line). Checks each dependency against Maven Central for the latest version and release date. Works with Spring Boot, Jakarta EE, and any Maven artifact.
Or paste
pom.xml XML directly — the tool will parse <dependency> blocks automatically.What to watch for
- log4j 1.x and log4j 2.0–2.14 (Critical): log4j 1.2.17 is EOL and has multiple CVEs with no fixes. log4j 2.0–2.14 are vulnerable to Log4Shell (CVE-2021-44228). If you see these in your pom.xml, update immediately to log4j2 2.17.2+ or switch to Logback/SLF4J.
- Spring Boot major version behind: Spring Boot 2.x reached end of open-source support in November 2023. Spring Boot 3.x requires Java 17 as minimum, Jakarta EE 9 namespace changes. Migration guide: Spring Boot 3.0 Migration Guide.
- junit:junit (old JUnit 4): JUnit 5 (org.junit.jupiter) has been the current major version since 2017. JUnit 4 still works but is not actively developed. The artifact coordinates changed entirely for JUnit 5.
- Version property placeholders (${…}): This tool skips entries using
${spring.version}or similar property references — it can’t resolve them without the full project context.
For CVE scanning across Java deps, use the Vulnerability Scanner. Full dep health suite: npm · PyPI · Go · Rust · Maven (this tool).
Founded
2023 in London, UK
Contact
hello@releaserun.com