NES for Spring

Never-Ending Support for Spring

Never-Ending Support (NES) for Spring from HeroDevs means you can stay secure and compliant without migrating away.
Codey gradient
Arrow down

NES for Spring

is a secure drop-in replacement for

Spring

and takes just a few minutes to set up.

Step 1
Update your Maven/Gradle file
Step 2
Set up token
Step 3
Install & Run!
NES for spring cve

Security Issues Fixed in NES for Spring

By purchasing HeroDevs’ Never-Ending Support for Spring, you’re ensuring that your Spring applications stay secure and these vulnerabilities are mitigated. As more CVEs are discovered, you can rest easy knowing HeroDevs will fix them.

If you’re currently using Spring in your application’s tech stack, your application is vulnerable to the CVEs listed below.

Switch to Never-Ending Support for Spring in minutes to immediately mitigate these vulnerabilities.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
High
Spring
Spring Framework
Path Traversal
>=5.3.0, <=5.3.39 >=6.0.0, <=6.0.23 >=6.1.0, <=6.1.12
Sep 12, 2024
Medium
Spring
Spring Boot
Signature Forgery
>=2.7.0, <=2.7.21 >=3.0.0, <=3.0.16 >=3.1.0, <=3.1.12 >=3.2.0, <=3.2.8 >=3.3.0, <=3.3.2
Aug 23, 2024
Did you find a vulnerability in NES for Spring? We'll fix it!
Report a Vulnerability
Arrow

What is Never-Ending Support?

Security Fixes
A new version of NES for Spring will be released each time we find, validate, and fix a security issue.
Compatibility Fixes
NES for Spring ensures that your code continues to work seamlessly even after the software reaches its end of life, maintaining compatibility across all essential platforms and technologies.
SLA Compliance
HeroDevs provides SLAs that ensures compliance by providing incident response and remediation in accordance with industry-standard regulations, including FedRamp, PCI, and HIPAA.
Learn more.
Team of Experts
NES for Spring is built with advisement and consultation of core team members from Spring.
Easy to Install
Our simple drop-in replacement means all you have to do is change your package.json and rebuild your project. No code changes or find & replace required.
Intellectual Property Protection
NES for Spring is not only secure; HeroDevs also offers enterprise-level protection for all products.
Learn more

The Problem We Solve

84%
In a study conducted, 96% of all code bases contain open source code, of which 84% of those contained vulnerabilities in that open source code.
Does your website contain vulnerabilities?
Chances are, if you are behind in adopting actively supported versions of the open-source software you are using, you are exposed.
Websites using unsupported software are at risk. (2024 Open Source Security and Risk Analysis Report)
HeroDevs provides Never-Ending Support for Spring, so you can keep using it and stay secure and supported.

What is included in NES for Spring?

NES for Spring is a overarching initiative to provide continual security updates to various Spring Projects and Packages of the Spring ecosystem, delivered through different subscriptions. 



You will get the most comprehensive security support through our Foundations subscription and support can be extended to more packages through our targeted Essentials subscriptions.
Click on a subscription to view more details:

NES for Spring: Foundations

This is our flagship support subscription and includes a select list of packages common in every Spring app. In addition to supporting many key packages in the Spring Framework project there are included components of Spring Boot and Spring Security to ensure the greatest amount of foundational coverage included with this subscription.
Spring Framework
spring-core
spring-aop
spring-beans
spring-expression
spring-web
View packages
Arrow down
Hide packages
Arrow down
Spring Boot
spring-boot
spring-boot-starter
spring-boot-autoconfigure
spring-boot-test
spring-boot-actuator
View packages
Arrow down
Hide packages
Arrow down
Spring Security
spring-security-core
spring-security-crypto
spring-security-web
spring-security-data
spring-security-config
View packages
Arrow down
Hide packages
Arrow down
Talk to Our Experts
for a full list of supported packages

NES for Spring: Security Essentials

If your Spring app has various security requirements including configurations like consuming an OAuth2 standard flow from an external IdP or you have apps producing or consuming SAML Assertions, etc. this may be a subscription to consider adding on. Extended support for additional packages in Spring Security are included in this subscription.
Spring Security
spring-security-oauth2-client
spring-security-openid
spring-security-remote
spring-security-saml2
spring-security-rsocket
View packages
Arrow down
Hide packages
Arrow down
Talk to Our Experts
for a full list of supported packages

NES for Spring: Data Essentials

This subscription is right for you if your Spring app requires anything related to storing and persisting data. 



This subscription extends support to critical packages dealing with data within the Spring Framework, Spring Boot, and Spring Data projects.
Spring Framework
spring-orm
spring-oxm
spring-instrument
View packages
Arrow down
Hide packages
Arrow down
Spring Security
spring-security-ldap
View packages
Arrow down
Hide packages
Arrow down
Spring Boot
spring-boot-starter-data-cassandra
spring-boot-starter-data-mongodb
spring-boot-starter-data-jdbc
spring-boot-starter-data-ldap
spring-boot-starter-data-neo4j
View packages
Arrow down
Hide packages
Arrow down
Spring Data
spring-data-bom
spring-data-commons
spring-data-build
spring-data-jdbc
spring-data-relational
View packages
Arrow down
Hide packages
Arrow down
Spring LDAP
spring-ldap-core
spring-ldap-core-tiger
spring-ldap-test
spring-ldap-ldif-core
spring-ldap-odm
View packages
Arrow down
Hide packages
Arrow down
Other Projects
  • Spring Data MongoDB
  • Spring Data Redis
  • Spring Data R2DBC
  • Spring Data for Apache Cassandra
  • Spring Data Couchbase
  • Spring Data Neo4j
  • Spring Data Elasticsearch
  • Spring Data JPA
  • Spring Data KeyValue
  • Spring Data LDAP
View packages
Arrow down
Hide packages
Arrow down
Talk to Our Experts
for a full list of supported packages

Why HeroDevs?

Built By Spring Experts

Our team of Spring experts ensures our Never-Ending Support for Spring products are the same quality you have come to expect when using Spring open source projects.

We specifically design our NES for Spring products to work seamlessly and is as dependable as the original Spring projects you built your applications on.

Shield icon
Give back to open source icon
We Give Back To Open Source

HeroDevs is deeply committed to the open-source community. We support it through sponsorships, backing core contributors, and funding events that drive the ecosystem forward. Our engagement extends beyond financial contributions, embodying a commitment to the ongoing growth and innovation of open-source software. This holistic support ensures the vitality of the open-source movement, fostering an environment of collaboration and advancement.

We Partner With These Organizations

Related Products

If you're leveraging this technology, chances are you're also using complementary systems that face similar end-of-life (EOL) challenges.

Explore our related NES products that offer proactive, comprehensive support for your entire tech stack to ensure continuity, security, and innovation across all your essential technologies.
Leaping over technology stacks in a single bound!

Defeat Your Technical Villains

Whether it's continuous support through our Never-Ending Support (NES) library or our unparalleled professional services to get you migrated and moving forward, HeroDevs is to the rescue!

Contact Us

Got questions about Never-Ending Support for your open-source library? We're here to help!

Discover how HeroDevs NES Products can keep your systems secure and compliant.

Learn how our solutions can deliver value to your organization.

Get detailed pricing information tailored to your needs.

Trusted by industry leaders such as
Microsoft
Santander Bank
FINRA
CapitalOne
General Electric
Google
SAP
Unqork
Valid8 Financial
GSA
Queensland Rail
NYC Department of Health
Talk to an Expert

By clicking “submit” I acknowledge receipt of our Privacy Policy.

Thank you! Your submission has been received!
Please enter a company email.