Featured Posts
All Posts

EOL Software
Jul 7, 2026
Next.js EOL Dates: Version Support Timeline (9 Through 16)
A complete reference for every Next.js release timeline, the CVEs hitting end-of-life versions, and what teams running Next.js 13 and earlier need to do now.
Javier Perez
.png)
EOL Software
Jul 3, 2026
Bootstrap End of Life Dates: Bootstrap 2, 3, 4, and 5 (2026 Guide)
A complete reference for every Bootstrap major version, its release timeline, end-of-life date, and the CVEs still actively affecting unsupported releases.
Greg Allen

Open Source Ecosystem
Jul 2, 2026
The AI CVE Tsunami: What Happens When LLMs Start Hunting Open Source Vulnerabilities at Scale
How AI is Accelerating Vulnerability Discovery and Challenging Open Source Security
Taylor Corbett

Open Source Ecosystem
Jul 1, 2026
Your CFO Just Shipped Code. Nobody Knows What’s In It.
The Hidden Risks of Vibe-Coded Apps and Invisible Tech Debt
Taylor Corbett

Security
Jul 1, 2026
Apache Tomcat CVE Round-Up: 7 Vulnerabilities Disclosed June 2026, Including CVE-2026-55957
An Important authentication bypass in the JNDIRealm, a Moderate default servlet security constraint bypass, and five more findings across the EncryptInterceptor, RewriteValve, FFM connector, examples webapp, and effective web.xml logging. Here is what changed, what affects end-of-life Tomcat 8.5, and who needs to act.
Greg Allen

EOL Software
Jul 1, 2026
Spring Boot Versions, EOL Dates, and Latest Releases (July 2026)
The current Spring Boot release, every supported branch, every end-of-life date, and what to do if you are stuck on an unsupported version. Updated for July 2026.
Greg Allen

Security
Jun 29, 2026
CVE-2026-42055: NGINX gRPC Heap Overflow Hits Ingress NGINX (2026)
How oversized headers in NGINX's HTTP/2 and gRPC proxy path corrupt worker memory and crash retired Ingress NGINX deployments
Greg Allen

Security
Jun 29, 2026
CVE-2026-48109: Out-of-Bounds Read in MessagePack for .NET LZ4
How a crafted LZ4 payload forces out-of-bounds reads during MessagePack decompression and crashes the process
Greg Allen
.png)
EOL Software
Jun 26, 2026
How AI Broke Open Source Security: End-of-Life Software Is the Most Exposed
AI now finds, patches, exploits, and even invents open source vulnerabilities faster than maintainers can keep up — and end-of-life software, with no maintainers at all, is the most exposed code in your stack.
JD Flynn

Security
Jun 25, 2026
Does Your AngularJS Application Have Vulnerabilities? HeroDevs Just Discovered One CVE-2026-11998
Why Expert Oversight is Your Only Defense Against Emerging EOL Threats
Javier Perez

Security
Jun 25, 2026
CVE-2026-11998: AngularJS SCE Resource URL Bypass Enables XS
Understanding the SCE Logic Flaw and Protecting Your AngularJS Applications from XSS Attacks
Ryan Jasinski

Compliance
Jun 25, 2026
Japan's Active Cyber Defense Law: What It Means for Open Source and EOL Software
How Japan's landmark Active Cyber Defense Law creates new obligations around unsupported software — and how HeroDevs keeps you compliant.
James Yi

EOL Software
Jun 24, 2026
The Ghost in the Dependency Tree: The End-of-Life Risk Your Scanners Miss
HeroDevs' Isaac Wuest joined the OpenSSF's "What's in the SOSS" podcast to talk about the blind spot in CVE-based scanning, the difference between attested end of life and maintainer abandonment, and what to do about the end-of-life packages hiding in your dependency tree.
Taylor Corbett
.png)
Security
Jun 23, 2026
CVE-2026-54512/54513: Jackson PolymorphicTypeValidator Bypass
How generic type parameters and array component types slip past a correctly configured BasicPolymorphicTypeValidator allowlist to reach gadget instantiation
Greg Allen

EOL Software
Jun 23, 2026
PostgreSQL EOL Dates: Every Version's Release & End-of-Life Timeline
A complete reference for every PostgreSQL major version, its five-year support window, and what end-of-life means for the teams still running older releases in production.
Greg Allen
.png)
.png)
.png)