Products

Never-Ending Support for Open Source

The Never-Ending Support product line offers secure drop-in replacements for end-of-life open-source software your team depends on.

Secure what you need.
Skip what you don’t.

Get a Custom Quote

Featured NES Products

JavaScriptJava.NETPHPPythonDatabaseOther

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Talk to Sales

View All Products

Explore Pricing

Supported Products

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Featured NES Products

Featured NES ProductsFrontendBackendInfrastructure

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

AngularJS

1.4.x, 1.5.x, 1.8.x

JavaScript

Angular

v4 - v19

JavaScript

Spring

Various

Java

.NET

Node.js

12, 14, 16, 18, 20, 22

JavaScript

Struts

Various versions

Java

Bootstrap

2 - 4

JavaScript

2.x

JavaScript

PostgreSQL

12.x, 13.x

Database

Apache Grails

6.2, 7

Java

Apache Solr & Lucene

8.11.x

Java

Apache Tapestry

4.1.x

Java

Apache Tomcat

8.5

Java

CometD

5, 6, 7

Java

Django

3.2, 4.2

Python

Drupal 7

7.x

PHP

ESLint

8.x

JavaScript

Express

3.x

JavaScript

Fastify

3.x

JavaScript

Grunt

v0.4 - 1.5

JavaScript

Hibernate

5.6

Java

Jetty

9, 10, 11

Java

jQuery

1.3.x, 1.5.x, 1.6.x, 1.7.x, 1.12.x, 2.2.x, 3.5.x

JavaScript

Knockout.js

3.5.1, 3.4.2, 2.3.0

JavaScript

Lodash

3.x, 4.x

JavaScript

NestJS

JavaScript

Next.js

12.3.5

JavaScript

NumPy

1.26.x

Python

Nuxt

2.x

JavaScript

Protractor

7.0.0

JavaScript

PHP

7.2, 7.3, 7.4, 8.0, 8.1, 8.2

PHP

Rails

2.3, 3.2, 4.2, 5.2, 6.1

Other

Vuetify

2.x

JavaScript

Ember.js

Web Essentials

Apache Camel

2.25.x, 3.22.x

Java

Apache Cocoon

2.3.x

Java

Apache Spark

2.4.x

Java

Featured NES Products

Featured NES ProductsFrontendBackendInfrastructure

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Talk to Sales

View All Products

Explore Pricing

No NES Products available for Product Name

Do you need support for open source software not listed yet? Tell us what you need!

Request Support

Solutions

Never-Ending Support for Open Source.

HeroDevs partners with open-source authors to give companies Never-Ending Support, expert consulting, and engineering for sunsetted open-source packages.

Explore Pricing Talk to Sales View All Products

Get a Custom Quote

SOLUTIONS BY INDUSTRY

SOLUTIONS BY ROLE

Software Development Managers

Engineering Leaders

Compliance-Focused Decision-Makers

THOUGHT LEADERSHIP

Quantifying the Real Risks of Unsupported Open Source Software

A data-backed look at the security, compliance, and operational risks created by unsupported open source—and how long-term support models like NES help organizations stay secure and audit-ready.

Pricing

Developers

Integrate Seamlessly With Your Current Build Process

Switching to NES take minutes

Policies Terms of Service

Service Level Agreements

Vulnerability Directory

NES Documentation

Explore install and release notes for all NES products

NES Documentation

GUIDES

Download Methods Consuming Never-Ending Support Packages Nexus Repository Manager Instructions Artifactory Repository Manager Instructions

TOOLS

HeroDevs CLI Vulnerability Directory Report Vulnerability Open Source Sustainability Fund

GUIDES

Quantifying the Real Risks of Unsupported Open Source Software

A data-backed look at the security, compliance, and operational risks created by unsupported open source—and how long-term support models like NES help organizations stay secure and audit-ready.

Partners

Resources

Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

View Vulnerabilities

Spring End-of-Life Resource Hub

End of life doesn’t have to mean end of support. Find strategies, resources, and solutions for keeping your Spring applications stable, secure, and compliant.

Learn More

Resources

Explore the HeroDevs blog, whitepapers, documentation, and more to stay informed.

Company

About Us

Careers

Open Source Sustainability Fund

Resources

Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.

Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.

Talk to Our Experts

Get Pricing

Filter by Severity

CriticalHighMediumLow

Filter by Technology

Angular

AngularJS

Apache Solr & Lucene

Apache Spark

Apache Struts

Apache Tapestry

Apache Tomcat

Bootstrap

Drupal 7

Express

Jetty

jQuery

.NET

Next.js

Node.js

Rails

Spring

Vuetify

Filter by Category

Access of Resource Using Incompatible Type ('Type Confusion')

Authorization Bypass

Broken Access

Buffer Over-read

CBC Mode

Cache Deception

Cache Poisoning

Code Injection

Command Injection

Content Spoofing

Creation of Temporary File in Directory with Insecure Permissions

Cross-Site Scripting

Cross-site Request Forgery

Cryptanalysis

Cryptographic Weakness

Denial of Service

HTTP Request Smuggling

Heap-based Buffer Overflow

Improper Certificate Validation

Improper Handling of Highly Compressed Data (Data Amplification)

Improper Input Validation (4.16)

Improper Link Resolution Before File Access ('Link Following')

Improper Output Neutralization for Logs

Improper Session Handling

Inconsistent Interpretation of HTTP Requests

Incorrectly Configured Access Control

Inefficient Algorithmic Complexity

Information Exposure

Insufficient Verification of Data Authenticity

Integer Overflow or Wraparound

Log Injection

Memory Allocation with Excessive Size Value

Path Traversal

Predictable Initialization Vector

Privilege Abuse

Privilege Escalation

Prototype Pollution

ReDoS Vulnerability

Regular Expression Denial of Service

Remote Code Execution

Resource Injection

SQL Injection

Search Injection

Server-Side Request Forgery

Signature Forgery

URL Redirect/Open Redirect

Unchecked Input for Loop Condition

Uncontrolled Resource Consumption

Use After Free

Use of Unmaintained Third Party

Weak Authentication

Filtering by:

Severity

Text for Severity

Clear Filters

Severity

Technology

Libraries Affected

Category

Version(s) Affected

Published Date

Critical

CVE-2026-22732

Spring

Spring Security

Incorrectly Configured Access Control

>=4.0.2 <6.5.9, >=7.0.0 <7.0.4

Mar 20, 2026

High

CVE-2026-22731

Spring

Spring Boot

Authorization Bypass

>=3.4.0 <=3.4.14, >=3.5.0 <=3.5.11, >=4.0.0 <=4.0.3

Mar 20, 2026

High

CVE-2026-22733

Spring

Spring Boot

Authorization Bypass

>=2.0.0 <3.5.12, >=4.0.0 <4.0.4

Mar 20, 2026

Low

CVE-2026-22735

Spring

Spring Framework

Content Spoofing

>=4.3.0 <=4.3.30, >=5.3.0 <=5.3.46, >=6.1.0 <=6.1.25, >=6.2.0 <=6.2.16, >=7.0.0 <=7.0.5

Mar 20, 2026

Medium

CVE-2026-22737

Spring

Spring Framework

Path Traversal

>=4.2.0 <=6.2.16, >=7.0.0 <=7.0.5

Mar 20, 2026

Medium

CVE-2026-27980

Next.js

Denial of Service

>=10.0.0 <16.1.7

Mar 20, 2026

Medium

CVE-2026-29057

Next.js

Denial of Service

>=9.5.0 <15.5.13, >=16.0.0-beta.0 <16.1.7

Mar 20, 2026

Medium

CVE-2026-1917

Drupal 7

Authorization Bypass

>=7.1.0 <=7.1.2

Mar 19, 2026

Critical

CVE-2020-17531

Apache Tapestry

Remote Code Execution

>=4.0.0, <=4.1.6

Mar 18, 2026

High

CVE-2026-32635

Angular

@angular/core

Cross-Site Scripting

>= 22.0.0-next.0, < 22.0.0-next.3, >= 21.0.0-next.0, < 21.2.4, >= 20.0.0-next.0.0.0, < 20.3.18, >= 19.0.0.next.0, < 19.2.20, >= 17.0.0.next.0, <= 18.2.14

Mar 13, 2026

Medium

CVE-2026-22022

Apache Solr & Lucene

Apache Solr

Authorization Bypass

<9.8.0

Mar 13, 2026

Medium

CVE-2026-22444

Apache Solr & Lucene

Apache Solr

Authorization Bypass

<9.8.0

Mar 12, 2026

Low

CVE-2026-24733

Apache Tomcat

Improper Input Validation (4.16)

>=8.5.0 <=8.5.100, >=9.0.0.M1 <9.0.113, >=10.1.0-M1 <10.1.50, >=11.0.0-M1 <11.0.15

Mar 6, 2026

Medium

CVE-2025-66614

Apache Tomcat

Improper Input Validation (4.16)

>=8.5.0 <=8.5.100, >=9.0.0.M1 <9.0.113, >=10.1.0-M1 <10.1.50, >=11.0.0-M1 <=11.0.15

Mar 6, 2026

Low

CVE-2025-11143

Jetty

Improper Input Validation (4.16)

>=9.4.0 <=9.4.58, >=10.0.0 <=10.0.26, >=11.0.0 <=11.0.26, >=12.0.0 <=12.0.30, >=12.1.0 <=12.1.4

Mar 6, 2026

No results found

Please enter a valid Vulnerability ID number or Technology name.

Subscribe via RSS

First Name *

Last Name *

Work Email *

Thanks for signing up for our Newsletter! We look forward to connecting with you.

Oops! Something went wrong while submitting the form.

Drop-in replacements for deprecated open source software that keeps you secure and compliant.

+1 877-586-1965

hello@herodevs.com

8850 S 700 E #2437 Sandy, UT 84070

Overview

Never-Ending Support (NES) Products

Solutions

Software Development Managers

Engineers Leaders

Compliance-Focused Decision-Makers

Company

Resources

Vulnerability Directory

Open Source Sustainability Fund

What is EOL Security?

Partners

HeroDevs Partner Program

Become a Reseller

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Preferences Reject Accept

Manage Consent Preferences by Category

Essentials

Always active

Necessary for the site to function. Always On.

Marketing

Used for targeted advertising.

Personalization

Remembers your preferences and provides enhanced features.

Analytics

Measures usage and improves your experience.

Reject All Accept All

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.