By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Manage Consent Preferences by Category
Essentials
Always active

Necessary for the site to function. Always On.

Used for targeted advertising.

Remembers your preferences and provides enhanced features.

Measures usage and improves your experience.

Reject AllAccept All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Featured Posts

Dead Software Is the Vulnerability Your Scanner Misses. EOLDS Catches It — Free.
Security
Mar 3, 2026
Dead Software Is the Vulnerability Your Scanner Misses. EOLDS Catches It — Free.
Introducing the End-of-Life Data Set (EOLDS), free End Of Life detection across 12 million+ packages.
Before You Migrate to Grails 7, You Need to Answer These Questions
Products
Feb 26, 2026
Before You Migrate to Grails 7, You Need to Answer These Questions
What Your Plugin Footprint Reveals About Your Migration Risk
Angular 19 End of Life Is Coming: What Developers Need to Know
Products
Feb 20, 2026
Angular 19 End of Life Is Coming: What Developers Need to Know
What developers need to know about Angular 19 EOL, active CVEs, Angular 20 breaking changes, and your options before May 19, 2026.

All Posts

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Security
Press Release
Products
Thought Leadership
Security
Mar 5, 2026
CVE-2026-27739: SSRF and Header Injection in Angular SSR Request Handling Pipeline
How Angular's URL reconstruction logic turned trusted headers into an attacker-controlled proxy
Greg Allen
Greg Allen
Share this post via:
herodevs.com/blog-posts/
cve-2026-27739-ssrf-and-header-injection-in-angular-ssr-request-handling-pipeline
Security
Mar 5, 2026
CVE-2026-27970: Cross-Site Scripting (XSS) in Angular i18n ICU Messages
How compromised translation files can execute arbitrary JavaScript in Angular applications using internationalization
Greg Allen
Greg Allen
Share this post via:
herodevs.com/blog-posts/
cve-2026-27970-cross-site-scripting-xss-in-angular-i18n-icu-messages
Thought Leadership
Mar 5, 2026
Why Long-Term Support Isn’t Only an Enterprise Concern
Why small and mid-sized teams need long-term software support to stay secure, compliant, and focused on growth
HeroDevs
HeroDevs
Share this post via:
herodevs.com/blog-posts/
why-long-term-support-isnt-only-an-enterprise-concern
Products
Mar 5, 2026
My SCA Tool Flagged an EOL Component — What Now?
Your scanner shows green. Your dependency is abandoned. Here's how to understand the gap — and close it.
HeroDevs
HeroDevs
Share this post via:
herodevs.com/blog-posts/
my-sca-tool-flagged-an-eol-component----what-now
Thought Leadership
Mar 4, 2026
What the 2026 State of the Software Supply Chain Report Gets Right About End-of-Life Software
We partnered with Sonatype to quantify the EOL problem. Here's what the data actually showed — and what it means for your security program.
HeroDevs
HeroDevs
Share this post via:
herodevs.com/blog-posts/
herodevs-sonatype-2026-state-software-supply-chain-report
Security
Mar 3, 2026
Dead Software Is the Vulnerability Your Scanner Misses. EOLDS Catches It — Free.
Introducing the End-of-Life Data Set (EOLDS), free End Of Life detection across 12 million+ packages.
Parin Shah
Parin Shah
Share this post via:
herodevs.com/blog-posts/
dead-software-is-the-vulnerability-your-scanner-misses-eolds-catches-it----free
Thought Leadership
Mar 2, 2026
Women Who Shaped Open Source—and Why Their Work Still Matters
How leadership in governance, security, and sustainability reshaped open source—and strengthened the foundation enterprises rely on.
HeroDevs
HeroDevs
Share this post via:
herodevs.com/blog-posts/
women-who-shaped-open-source--and-why-their-work-still-matters
Thought Leadership
Feb 26, 2026
Tomcat’s TLS Cipher Change and What it Means for Spring Boot Apps
How a Routine Tomcat Update Broke TLS Cipher Enforcement — and How We Fixed It
Joe Kuhel
Joe Kuhel
Share this post via:
herodevs.com/blog-posts/
tomcats-tls-cipher-change-and-what-it-means-for-spring-boot-apps
Thought Leadership
Feb 26, 2026
Stop Guessing What's Running in Production: A Fast Grails Estate Inventory
Five Commands to Understand Your Grails Technical Posture Before You Plan Anything
Steve Poole
Steve Poole
Share this post via:
herodevs.com/blog-posts/
stop-guessing-whats-running-in-production-a-fast-grails-estate-inventory
Products
Feb 26, 2026
Which Grails Plugins Will Break Your Migration? Here's How to Find Out
A Practical Technical Guide to Mapping Plugin Risk Across Your Grails Services
Steve Poole
Steve Poole
Share this post via:
herodevs.com/blog-posts/
which-grails-plugins-will-break-your-migration-heres-how-to-find-out
Products
Feb 26, 2026
Before You Migrate to Grails 7, You Need to Answer These Questions
What Your Plugin Footprint Reveals About Your Migration Risk
Steve Poole
Steve Poole
Share this post via:
herodevs.com/blog-posts/
before-you-migrate-to-grails-7-you-need-to-answer-these-questions
Thought Leadership
Feb 26, 2026
EOL Software Risk: Small Problem or Enterprise Crisis? Here's How to Tell
Whether you're managing one aging app or a hundred, end-of-life risk is real — but the size of your legacy estate changes everything about how you should respond.
HeroDevs
HeroDevs
Share this post via:
herodevs.com/blog-posts/
eol-software-risk-small-problem-or-enterprise-crisis-heres-how-to-tell
Products
Feb 24, 2026
When Node.js Reaches End of Life, Security Takes Over
Managing Security, Compliance, and Continuity in Enterprise Node.js
Juan José Arboleda
Juan José Arboleda
Share this post via:
herodevs.com/blog-posts/
when-node-js-reaches-end-of-life-security-takes-over
Thought Leadership
Feb 23, 2026
Open Source Security Management Is Missing a Pillar: It's Time to Talk About EOL
Why EOL Dependencies Are the Vulnerability Your OSSM Program Can't Patch Away
HeroDevs
HeroDevs
Share this post via:
herodevs.com/blog-posts/
open-source-security-management-is-missing-a-pillar-its-time-to-talk-about-eol
Security
Feb 23, 2026
How to Fix jQuery UI Vulnerabilities: Resolving CVEs in Outdated Versions
Patch CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, and CVE-2010-5312 Without Breaking Your Application
Greg Allen
Greg Allen
Share this post via:
herodevs.com/blog-posts/
how-to-fix-jquery-ui-vulnerabilities-resolving-cves-in-outdated-versions