diff --git a/java/ql/lib/semmle/code/java/security/SpringBootActuatorsConfigQuery.qll b/java/ql/lib/semmle/code/java/security/SpringBootActuatorsConfigQuery.qll
index f8ff20f9978..be78380ad3c 100644
--- a/java/ql/lib/semmle/code/java/security/SpringBootActuatorsConfigQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SpringBootActuatorsConfigQuery.qll
@@ -110,7 +110,7 @@ predicate hasConfidentialEndPointExposed(SpringBootPom pom, ApplicationPropertie
         me.hasSecurityDisabled() and me.getFile() = apFile and me = apOption.asSome()
       )
       or
-      springBootVersion.matches("2.%") and //version 2.x
+      springBootVersion.matches(["2.%", "3.%"]) and //version 2.x and 3.x
       exists(ManagementEndPointInclude mi |
         mi.getFile() = apFile and
         mi = apOption.asSome() and
@@ -121,7 +121,7 @@ predicate hasConfidentialEndPointExposed(SpringBootPom pom, ApplicationPropertie
               .matches([
                   "%dump%", "%trace%", "%logfile%", "%shutdown%", "%startup%", "%mappings%",
                   "%env%", "%beans%", "%sessions%"
-                ]) // confidential endpoints to check although all endpoints apart from '/health' and '/info' are considered sensitive by Spring
+                ]) // confidential endpoints to check although all endpoints apart from '/health' are considered sensitive by Spring
         )
       )
     )
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.expected b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.expected
index 70a6068ab3f..5b29b16b1be 100644
--- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.expected
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.expected
@@ -1,4 +1,5 @@
-| Version1.4-/bad/default/pom.xml:29:9:32:22 | dependency | Insecure $@ of Spring Boot Actuator exposes sensitive endpoints (1.2.6.RELEASE). | file://:0:0:0:0 | (none) | configuration |
-| Version1.4-/bad/false/pom.xml:29:9:32:22 | dependency | Insecure $@ of Spring Boot Actuator exposes sensitive endpoints (1.2.6.RELEASE). | Version1.4-/bad/false/application.properties:2:1:2:33 | management.security.enabled=false | configuration |
-| Version1.5/bad/pom.xml:29:9:32:22 | dependency | Insecure $@ of Spring Boot Actuator exposes sensitive endpoints (1.5.6.RELEASE). | Version1.5/bad/application.properties:2:1:2:33 | management.security.enabled=false | configuration |
-| Version2+/bad/pom.xml:29:9:32:22 | dependency | Insecure $@ of Spring Boot Actuator exposes sensitive endpoints (2.2.6.RELEASE). | Version2+/bad/application.properties:2:1:2:43 | management.endpoints.web.exposure.include=* | configuration |
+| Version1.0.x-1.4.x/bad/default/pom.xml:29:9:32:22 | dependency | Insecure Spring Boot actuator $@ exposes sensitive endpoints (1.2.6.RELEASE). | file://:0:0:0:0 | (none) | configuration |
+| Version1.0.x-1.4.x/bad/false/pom.xml:29:9:32:22 | dependency | Insecure Spring Boot actuator $@ exposes sensitive endpoints (1.2.6.RELEASE). | Version1.0.x-1.4.x/bad/false/application.properties:2:1:2:33 | management.security.enabled=false | configuration |
+| Version1.5.x/bad/pom.xml:29:9:32:22 | dependency | Insecure Spring Boot actuator $@ exposes sensitive endpoints (1.5.6.RELEASE). | Version1.5.x/bad/application.properties:2:1:2:33 | management.security.enabled=false | configuration |
+| Version2.x/bad/pom.xml:29:9:32:22 | dependency | Insecure Spring Boot actuator $@ exposes sensitive endpoints (2.2.6.RELEASE). | Version2.x/bad/application.properties:2:1:2:43 | management.endpoints.web.exposure.include=* | configuration |
+| Version3.x/bad/pom.xml:29:9:32:22 | dependency | Insecure Spring Boot actuator $@ exposes sensitive endpoints (3.3.5). | Version3.x/bad/application.properties:2:1:2:43 | management.endpoints.web.exposure.include=* | configuration |
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.4-/bad/default/application.properties b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.0.x-1.4.x/bad/default/application.properties
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.4-/bad/default/application.properties
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.0.x-1.4.x/bad/default/application.properties
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.4-/bad/default/pom.xml b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.0.x-1.4.x/bad/default/pom.xml
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.4-/bad/default/pom.xml
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.0.x-1.4.x/bad/default/pom.xml
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.4-/bad/false/application.properties b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.0.x-1.4.x/bad/false/application.properties
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.4-/bad/false/application.properties
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.0.x-1.4.x/bad/false/application.properties
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.4-/bad/false/pom.xml b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.0.x-1.4.x/bad/false/pom.xml
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.4-/bad/false/pom.xml
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.0.x-1.4.x/bad/false/pom.xml
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.4-/good/application.properties b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.0.x-1.4.x/good/application.properties
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.4-/good/application.properties
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.0.x-1.4.x/good/application.properties
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.4-/good/pom.xml b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.0.x-1.4.x/good/pom.xml
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.4-/good/pom.xml
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.0.x-1.4.x/good/pom.xml
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5/bad/application.properties b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5.x/bad/application.properties
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5/bad/application.properties
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5.x/bad/application.properties
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5/bad/pom.xml b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5.x/bad/pom.xml
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5/bad/pom.xml
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5.x/bad/pom.xml
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5/good/application.properties b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5.x/good/application.properties
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5/good/application.properties
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5.x/good/application.properties
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5/good/pom.xml b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5.x/good/pom.xml
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5/good/pom.xml
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version1.5.x/good/pom.xml
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2+/application.properties b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2+/application.properties
deleted file mode 100644
index 797906a3ca3..00000000000
--- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2+/application.properties
+++ /dev/null
@@ -1,14 +0,0 @@
-#management.endpoints.web.base-path=/admin
-
-# vulnerable configuration (spring boot 1.0 - 1.4): exposes actuators by default
-
-# vulnerable configuration (spring boot 1.5+): requires value false to expose sensitive actuators
-management.security.enabled=false
-
-# vulnerable configuration (spring boot 2+): exposes health and info only by default, here overridden to expose everything
-management.endpoints.web.exposure.include=*
-management.endpoints.web.exposure.exclude=beans
-
-management.endpoint.shutdown.enabled=true
-
-management.endpoint.health.show-details=when_authorized
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2+/bad/application.properties b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2+/bad/application.properties
deleted file mode 100644
index a2e73d7022c..00000000000
--- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2+/bad/application.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-# vulnerable configuration (spring boot 2+): exposes health and info only by default, here overridden to expose everything
-management.endpoints.web.exposure.include=*
-management.endpoints.web.exposure.exclude=beans
-
-management.endpoint.shutdown.enabled=true
-
-management.endpoint.health.show-details=when_authorized
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2+/good/application.properties b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2+/good/application.properties
deleted file mode 100644
index c14bf64b13b..00000000000
--- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2+/good/application.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-# safe configuration (spring boot 2+): exposes health and info only by default, here overridden to expose one additional endpoint which we assume is intentional and safe.
-management.endpoints.web.exposure.include=beans,info,health
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2.x/bad/application.properties b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2.x/bad/application.properties
new file mode 100644
index 00000000000..bbc1915b05e
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2.x/bad/application.properties
@@ -0,0 +1,2 @@
+# vulnerable configuration (spring boot 2+): exposes health and info only by default, here overridden to expose everything
+management.endpoints.web.exposure.include=*
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2+/bad/pom.xml b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2.x/bad/pom.xml
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2+/bad/pom.xml
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2.x/bad/pom.xml
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2.x/good/application.properties b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2.x/good/application.properties
new file mode 100644
index 00000000000..f7e0c1b43ac
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2.x/good/application.properties
@@ -0,0 +1,2 @@
+# safe configuration (spring boot 2+): exposes health and info only by default
+management.endpoints.web.exposure.include=info,health
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2+/good/pom.xml b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2.x/good/pom.xml
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2+/good/pom.xml
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version2.x/good/pom.xml
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version3.x/bad/application.properties b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version3.x/bad/application.properties
new file mode 100644
index 00000000000..c5570065bae
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version3.x/bad/application.properties
@@ -0,0 +1,2 @@
+# vulnerable configuration (spring boot 3+): exposes health only by default, here overridden to expose everything
+management.endpoints.web.exposure.include=*
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version3.x/bad/pom.xml b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version3.x/bad/pom.xml
new file mode 100644
index 00000000000..12dab1d9421
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version3.x/bad/pom.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>spring-boot-actuator-app</groupId>
+    <artifactId>spring-boot-actuator-app</artifactId>
+    <version>1.0-SNAPSHOT</version>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
+    </properties>
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>3.3.5</version>
+        <relativePath/>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
+        </dependency> <!-- $ Alert -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-devtools</artifactId>
+        </dependency>
+        <!-- dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-test</artifactId>
+        </dependency>
+    </dependencies>
+
+</project>
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version3.x/good/application.properties b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version3.x/good/application.properties
new file mode 100644
index 00000000000..8ba56eadc35
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version3.x/good/application.properties
@@ -0,0 +1,2 @@
+# safe configuration (spring boot 3+): exposes health only by default.
+management.endpoints.web.exposure.include=health
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version3.x/good/pom.xml b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version3.x/good/pom.xml
new file mode 100644
index 00000000000..a8103e681e4
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/Version3.x/good/pom.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>spring-boot-actuator-app</groupId>
+    <artifactId>spring-boot-actuator-app</artifactId>
+    <version>1.0-SNAPSHOT</version>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
+    </properties>
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>3.3.5</version>
+        <relativePath/>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-devtools</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-test</artifactId>
+        </dependency>
+    </dependencies>
+
+</project>
\ No newline at end of file