Introducing Never-Ending Support for Spring at HeroDevs

As open source software evolves, maintaining older versions becomes increasingly challenging. This is especially true for widely-used technologies like the Spring Framework, which powers millions of enterprise applications. 

At HeroDevs, we understand the critical need to maintain security and compliance in legacy systems, which is why we're proud to introduce Never-Ending Support (NES) for Spring. Spring Framework 5 will become unsupported as of August 2024, and every version before that already does not receive community software security support, leaving applications vulnerable to threats. 

Security Vulnerabilities in Spring

As Spring Framework 5.3 reaches its EOL in August 2024, it is crucial to address the security vulnerabilities of unsupported versions. Recent vulnerabilities in Spring include:

• CVE-2024-22259: Spring Framework versions are vulnerable to Open Redirect attacks when UriComponentsBuilder parses and fails to validate externally provided URLs.
• CVE-2021-22118: Spring Framework versions are vulnerable to Privilege Escalation. A malicious local user can recreate the temporary storage directory to read or modify uploaded files or overwrite files with multipart request data in the WebFlux application.
• CVE-2023-34055: In Spring Boot versions including 2.7.0 - 2.7.17, DoS attacks are possible based on specifically crafted HTTP requests.

Handling these vulnerabilities is paramount for maintaining the security and integrity of applications that still rely on Spring.

What HeroDevs Offers with Never-Ending Support for Spring Framework

With Never-Ending Support for Spring, you will get continuous security and compatibility updates for a collection of Spring Framework Projects, including most components from Spring Framework, Spring Boot, Spring Security, Spring Data, and other critical Spring projects.

Once you install Never-Ending Support Spring, our secure drop-in replacement for various Spring Projects, here's what you can expect:

• Security Fixes: We release an updated version of NES for Spring each time we discover, validate, and fix a security issue.
• Ensured Compatibility: Rest easy knowing that our compatibility fixes will ensure your Spring applications continue operating in their respective Java environments.
• SLA Compliance: Our SLAs enable you to comply with major frameworks like FedRAMP, PCI, HIPAA, SOC2/ISO27001, and more.
• Team of Experts: Our product is built and maintained with the help of Spring contributors and experts, ensuring the same excellent quality of support you expect.

Benefits of Never-Ending Support for Spring

With Never-Ending Support (NES) for Spring, switching from your current version to ours is as trivial as upgrading low-impact minor versions. Installation is straightforward, and our expert engineers are ready to assist you, guaranteeing a seamless integration with your existing tech stack.

Choosing HeroDevs NES for Spring comes with several advantages:

• Eliminate the timeline: With NES support, you can extend the life of your systems and decide when and how to update. 
• Fast, easy drop-in replacement: With just a few tweaks to your Maven or Gradle build processes, you’ll rebuild your projects and return to delivering features.
• Get visibility into security patches: With transparent SBOMs, build artifacts, and source code, you can receive complete visibility into what’s in your packages.
• Immediately pass security and compliance scans: Scan and compare NES for Spring directly to open source counterparts, giving you visibility that your supply chain is safe.
• Cost-Effectiveness: NES for Spring allows you to use your existing version at a fraction of the cost of a rewrite or replacement.
• Reliability: Ensure your applications continue to function flawlessly and remain compliant with modern regulatory frameworks and standards.

Have a particularly complex or intimidating Spring configuration? Our professional services experts are always available to engage. Whether it’s an upfront assessment, performing the adoption (or migration) completely, or you’re just in a pinch, there’s no potential dead ends that could halt your migration efforts.  

Commitment to the Open Source Community

At HeroDevs, we're dedicated to supporting the open source community by providing financial support and resources that promote growth and sustainability. As leading partners, we proudly sponsor some of the most foundational projects on the open web, including Vue.js, Angular, The OpenJS Foundation, and the Drupal Association, among many others.

• Sponsorships: In everything we do, we fund essential open source projects, helping to guarantee their ongoing development, success, and security for the future.
• Supporting Contributors: We support the key contributors of these projects financially and through career development opportunities, allowing them to focus on their innovative work. This ensures that open source users have dedicated contributors who can continue to support the technology sustainably.
• Community Events: We organize, sponsor, and participate in events, from conferences to workshops, that promote collaboration and creativity within the open source community.

Getting Started with Never-Ending Support for Spring

Contact our support team for seamless integration of NES into your current infrastructure. Our installation process is designed for minimal disruption, and with our 24/7 support, you can expect a smooth transition and immediate assistance. Don’t forget to ask about our trial versions of Never-Ending Support (NES) for Spring. These trials allow you to experience firsthand how easy it is to integrate NES into your existing Spring application.

Conclusion

Never-Ending Support for Spring, brought to you by HeroDevs, offers a strategic, secure, and efficient solution for managing your applications. Extend the functionality and security of your legacy systems, ensuring they remain robust against both current and future threats.

‍