By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Manage Consent Preferences by Category
Essentials
Always active

Necessary for the site to function. Always On.

Used for targeted advertising.

Remembers your preferences and provides enhanced features.

Measures usage and improves your experience.

Reject AllAccept All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Featured Posts

Two New Next.js Vulnerabilities: Content Injection and Cache Deception in the Image Optimizer
Security
Oct 9, 2025
Two New Next.js Vulnerabilities: Content Injection and Cache Deception in the Image Optimizer
Two medium-severity CVEs in Next.js Image Optimization exposed user data and cache leaks — HeroDevs’ NES for Next.js patches both, keeping EOL versions secure without refactoring.
The Danger of Legacy Containers in Open Source
Thought Leadership
Oct 8, 2025
The Danger of Legacy Containers in Open Source
When Bitnami’s container catalog went dark, thousands of open-source deployments were left running unpatched software. Here’s what that means—and how to stay secure.
Introducing the Spring End-of-Life Resource Hub — Stay Secure Beyond Support
Security
Oct 7, 2025
Introducing the Spring End-of-Life Resource Hub — Stay Secure Beyond Support
Track EOL dates, monitor active CVEs, and access expert resources to keep your Spring and Java apps secure and compliant long after official support ends.

All Posts

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Security
Press Release
Products
Thought Leadership
Thought Leadership
Oct 10, 2025
SPDX vs CycloneDX: Choosing the Right SBOM Format for Your Software Supply Chain
A clear, practical guide comparing SPDX and CycloneDX — their strengths, tools, and use cases — so you can pick the SBOM format that fits your workflow.
Anthony Dahanne
Anthony Dahanne
Share this post via:
herodevs.com/blog-posts/
spdx-vs-cyclonedx-choosing-the-right-sbom-format-for-your-software-supply-chain
Products
Oct 9, 2025
Spring Data Redis Exposure to Redis Lua Parser Use-After-Free (CVE-2025-49844)
A critical Redis Lua parser flaw (CVE-2025-49844) could enable remote code execution — here’s what it means for Spring Data Redis users and how to stay protected.
Ryan Murphy
Ryan Murphy
Share this post via:
herodevs.com/blog-posts/
spring-data-redis-exposure-to-redis-lua-parser-use-after-free-cve-2025-49844
Security
Oct 9, 2025
Two New Next.js Vulnerabilities: Content Injection and Cache Deception in the Image Optimizer
Two medium-severity CVEs in Next.js Image Optimization exposed user data and cache leaks — HeroDevs’ NES for Next.js patches both, keeping EOL versions secure without refactoring.
HeroDevs
HeroDevs
Share this post via:
herodevs.com/blog-posts/
two-new-next-js-vulnerabilities-content-injection-and-cache-deception-in-the-image-optimizer
Thought Leadership
Oct 9, 2025
What Does It Mean for Open Source if People Can Just “Stay on Something Forever”?
What long-term support means for open source — and how stability and innovation can coexist.
Allison Vorthmann
Allison Vorthmann
Share this post via:
herodevs.com/blog-posts/
what-does-it-mean-for-open-source-if-people-can-just-stay-on-something-forever
Thought Leadership
Oct 8, 2025
The Danger of Legacy Containers in Open Source
When Bitnami’s container catalog went dark, thousands of open-source deployments were left running unpatched software. Here’s what that means—and how to stay secure.
Hayden Barnes
Hayden Barnes
Share this post via:
herodevs.com/blog-posts/
bitnami-and-the-danger-of-legacy-containers
Security
Oct 7, 2025
Introducing the Spring End-of-Life Resource Hub — Stay Secure Beyond Support
Track EOL dates, monitor active CVEs, and access expert resources to keep your Spring and Java apps secure and compliant long after official support ends.
HeroDevs
HeroDevs
Share this post via:
herodevs.com/blog-posts/
introducing-the-spring-end-of-life-resource-hub----stay-secure-beyond-support
Thought Leadership
Oct 6, 2025
How Platform Engineering Teams Can Make Peace with EOL Timelines
Why platform teams need a new playbook for managing end-of-life open source without breaking developer velocity.
Parin Shah
Parin Shah
Share this post via:
herodevs.com/blog-posts/
how-platform-engineering-teams-can-make-peace-with-eol-timelines
Products
Oct 2, 2025
Trapped on Django 3.2? How Enterprises Can Balance Compliance and Migration Reality
From Compliance Risk to Migration Reality: Navigating Django 3.2’s End of Life
Isaac Wuest
Isaac Wuest
Share this post via:
herodevs.com/blog-posts/
trapped-on-django-3-2-how-enterprises-can-balance-compliance-and-migration-reality
Press Release
Oct 1, 2025
HeroDevs and IBM Collaborate to Protect Enterprises from Open-Source Risks
New integration is designed to deliver security, compliance, and flexibility for enterprises running end-of-life versions of Spring and Struts frameworks.
HeroDevs
HeroDevs
Share this post via:
herodevs.com/blog-posts/
herodevs-and-ibm-collaborate-to-protect-enterprises-from-open-source-risks
Products
Oct 1, 2025
Why IBM Chose HeroDevs to Secure the Future of Open-Source Software
IBM chooses HeroDevs to secure enterprises running on end-of-life frameworks like Spring and Struts, proving organizations no longer need to choose between security and innovation.
HeroDevs
HeroDevs
Share this post via:
herodevs.com/blog-posts/
why-ibm-chose-herodevs-to-secure-the-future-of-legacy-software
Security
Sep 30, 2025
HeroDevs Reaffirms Commitment: OSS Pledge for 2025 with over $160K in Support
HeroDevs renews its Open Source Pledge for 2025 with $160K in support, funding foundations, maintainers, and ecosystems like Vue and Bootstrap to strengthen the future of OSS.
HeroDevs
HeroDevs
Share this post via:
herodevs.com/blog-posts/
herodevs-reaffirms-commitment-oss-pledge-for-2025-with-over-160k-in-support
Thought Leadership
Sep 30, 2025
When Your Scanner Flags a Deprecated Package: What to Do Next
What to do when your security scanner flags unsupported or deprecated open source libraries—and how to turn panic into a sustainable response strategy.
Parin Shah
Parin Shah
Share this post via:
herodevs.com/blog-posts/
when-your-scanner-flags-a-deprecated-package-what-to-do-next
Security
Sep 25, 2025
What Is an SBOM, and Why Should You Care?
Why SBOMs are the new ingredient label for your software — and how to start using them today.
HeroDevs
HeroDevs
Share this post via:
herodevs.com/blog-posts/
what-is-an-sbom-and-why-should-you-care
Thought Leadership
Sep 23, 2025
How to Survive Rapid Release Cycles
OSS Stability in a Chaotic World
Parin Shah
Parin Shah
Share this post via:
herodevs.com/blog-posts/
how-to-survive-rapid-release-cycles
Security
Sep 18, 2025
NumPy 1.x Is Officially End-of-Life: What Now?
NumPy 1.x EOL: Secure Your Legacy Code with NES for NumPy
HeroDevs
HeroDevs
Share this post via:
herodevs.com/blog-posts/
numpy-1-x-is-officially-end-of-life-what-now