Complete end-of-life dates, support windows, and security status for all Apache Spark versions. Data sourced from endoflife.date and official vendor documentation. Updated at every deploy.
| Version | Latest Release | Release Date | EOL Date | Days | Status |
|---|---|---|---|---|---|
| 1.0 | 1.0.2 | May 26, 2014 | Sep 3, 2014 | 4266 days past EOL | EOL |
| 1.1 | 1.1.1 | Sep 3, 2014 | Dec 10, 2014 | 4168 days past EOL | EOL |
| 1.2 | 1.2.2 | Dec 10, 2014 | Apr 5, 2015 | 4052 days past EOL | EOL |
| 1.3 | 1.3.1 | Mar 5, 2015 | Jun 2, 2015 | 3994 days past EOL | EOL |
| 1.4 | 1.4.1 | Jun 2, 2015 | Sep 8, 2015 | 3896 days past EOL | EOL |
| 1.5 | 1.5.2 | Sep 8, 2015 | Dec 21, 2015 | 3792 days past EOL | EOL |
| 1.6 | 1.6.3 | Dec 21, 2015 | Jul 19, 2016 | 3581 days past EOL | EOL |
| 2.0 | 2.0.2 | Jul 19, 2016 | Dec 15, 2016 | 3432 days past EOL | EOL |
| 2.1 | 2.1.3 | Dec 15, 2016 | Jun 26, 2018 | 2874 days past EOL | EOL |
| 2.2 | 2.2.3 | Jun 30, 2017 | Jan 30, 2019 | 2656 days past EOL | EOL |
| 2.3 | 2.3.4 | Feb 22, 2018 | Aug 25, 2019 | 2449 days past EOL | EOL |
| 2.4 LTS | 2.4.8 | Oct 29, 2018 | May 9, 2021 | 1826 days past EOL | EOL |
| 3.0 | 3.0.3 | Jun 6, 2020 | Dec 6, 2021 | 1615 days past EOL | EOL |
| 3.1 | 3.1.3 | Feb 22, 2021 | Aug 22, 2022 | 1356 days past EOL | EOL |
| 3.2 | 3.2.4 | Oct 6, 2021 | Apr 9, 2023 | 1126 days past EOL | EOL |
| 3.3 | 3.3.4 | Jun 9, 2022 | Dec 9, 2023 | 882 days past EOL | EOL |
| 3.4 | 3.4.4 | Apr 7, 2023 | Oct 21, 2024 | 565 days past EOL | EOL |
| 3.5 LTS | 3.5.8 | Sep 9, 2023 | Nov 30, 2027 | 570 days remaining | Active |
| 4.0 | 4.0.2 | May 19, 2025 | Nov 23, 2026 | 198 days remaining | Active |
| 4.1 | 4.1.1 | Dec 11, 2025 | Jun 11, 2027 | 398 days remaining | Active |
When a Apache Spark version reaches end of life, the maintainers stop issuing security patches. Vulnerabilities discovered after this date are publicly disclosed on the National Vulnerability Database, exploit code appears on GitHub, and your systems remain permanently exposed.
The CVE blind spot: Most vulnerability scanners check for known CVEs but do not flag the accumulation of unpatched vulnerabilities in EOL software. With a zero-day, nobody knows about the vulnerability. With EOL software, the vulnerability is public — listed, rated, and often weaponized — but no patch will ever exist. This is the most dangerous gap in enterprise security posture.
Organizations running EOL Apache Spark should treat it as a vulnerability class in their risk register, apply compensating controls (network segmentation, enhanced monitoring, access restriction), and prioritize migration to a supported version.
Upload requirements.txt, package.json, or Gemfile — full EOL report instantly.
Open Stack Scanner →