What happens if team members leave or join after we’ve purchased licenses?

Licenses are purchased on annual terms, and there is no penalty if they are over-provisioned or unused. Additional licenses can be added after an agreement has started, and can be scaled back during each Support Agreement’s renewal period.

How are licenses tracked? Do you install a license server?

Our Support Agreements require customers to perform a 'good faith' internal audit to ensure compliance with licensing, but how this is done is up to you. We keep it simple, both for your sake AND compliance/security reasons: our products are offered free of any kind of license tracking, termination switches, or 'phone home' functionality of any kind.

Do you offer discounts for nonprofits, open source companies, or educational institutions?

Yes, contact sales to help us understand how we can support the causes that are important to you.

How hard is it to get this through our InfoSec and Legal procurement process?

Even at small organizations, procurement can be a lengthy & frustrating process for everyone involved. We’ve taken that into consideration at every step of our journey, and the end result is that we are a viable option for any organization. We’re confident that even the most rigorous business units will be able to onboard NES with ease.

What makes onboarding so easy?

- Our products are patched versions of what you’re already running, so they are familiar and behave identically (just more secure and compatible) - Our software contains no tracking, license enforcement mechanisms, nor 'phone home' functionality of any kind. We never receive information about your users, products, development practices, systems, environments, or any other sensitive information. - Our deliverables are neither On Premise nor Software As A Service and thus do not require a runtime environment. True to our love of Open Source, the source code is included for all products making security reviews a breeze. - Other than standard sales and procurement information (contact details, quotes, etc) our organization never receives nor retains sensitive information about your company. As such, we typically do not engage in NDAs or Data Sharing Agreements as there is simply no confidential information to protect.

Do I pay extra for development, staging, etc. environments?

No! You never pay an additional fee for any additional environment.

How does intellectual property for NES libraries work?

All NES libraries are offered for free with an active Support Agreement. This license is perpetual, meaning even after your Support Term ends you can continue using the latest version – no rollbacks required.

How does a license work?

When you buy a commercial license to one of our Never-Ending Support (NES) products, you choose the number of users that your team will need on that license. A user is any person committing code to the project repo. Users are unnamed and transferrable across team members.

Do you have multi-year license options?

Yes, we do offer multi-year terms if you need more than 12 months to migrate.

Pricing | Never-Ending Support for End-of-Life Open Source Software

NES for Angular

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Angular beyond end-of-life:

v4 - v17

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Angular code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Get security updates for the following versions of Angular beyond end-of-life:

Custom Pricing

Billed annually. Multi-year options available.

v4 - v17

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Angular

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Angular code to the project repo. Users are unnamed and transferrable across team members.

RxJS
NgRX
Angular Material
Ngx-translate
Ngx-Bootstrap

What is a “User”?

A user is any person committing Angular code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Angular

Our latest version of

NES for Angular

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Angular

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

Medium

CVE-2021-4231

Cross-Site Scripting

<=11.1.0

May 26, 2022

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Drupal 7

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Get Security Updates for Drupal 7 Core, Core Modules, and Core Themes as well as All Contributed Modules for Drupal 7 - with the guarantees of an Enterprise Grade SLA other high value features.

Our Drupal 7 NES Basic Edition covers all community-contributed (contrib) modules*

Installs within minutes
Compatible with all modern browsers
Email Support Only

‍

_{*Exclusions apply: Custom modules, modules that break due to third-party API changes, and closed-source or proprietary (closed-license) modules are not covered.}

‍

What is a “Site”?

A “site” means, (i) an individual dedicated website, and/or (ii) multiple websites co-located in a shared environment, and/or (iii) a deployment target, for which Subscription Services are deployed.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Get Security Updates for Drupal 7 Core, Core Modules, and Core Themes as well as All Contributed Modules for Drupal 7 - with the guarantees of an Enterprise Grade SLA other high value features.

Get security updates for common

Drupal 7

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “Site”?

A “site” means, (i) an individual dedicated website, and/or (ii) multiple websites co-located in a shared environment, and/or (iii) a deployment target, for which Subscription Services are deployed.

Our Drupal Essentials support coverage includes all contrib modules*.

*This excludes custom-modules, modules which break due to 3rd party APIs, closed-source / closed-license modules.

What is a “Site”?

A “site” means, (i) an individual dedicated website, and/or (ii) multiple websites co-located in a shared environment, and/or (iii) a deployment target, for which Subscription Services are deployed.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Drupal 7

Our latest version of

NES for Drupal 7

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Drupal 7

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

Medium

SA-CORE-2025-002

>= 7.x-3.0

May 16, 2025

Medium

CVE-2025-31689

>7.0.0 <=7.1.x-alpha12

May 16, 2025

Medium

CVE-2025-31687

>=7.0.0 <7.2.1

May 16, 2025

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for jQuery

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of jQuery beyond end-of-life:

1.3.x, 1.5.x, 1.6.x, 1.7.x, 1.12.x, 2.2.x, 3.5.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing jQuery code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Compatible with Core Versions of jQuery

Custom Pricing

Billed annually. Multi-year options available.

1.3.x, 1.5.x, 1.6.x, 1.7.x, 1.12.x, 2.2.x, 3.5.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

jQuery

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing jQuery code to the project repo. Users are unnamed and transferrable across team members.

jQueryUI
jQuery-validation
jQuery Mobile

What is a “User”?

A user is any person committing jQuery code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for jQuery

Our latest version of

NES for jQuery

include fixes for the vulnerabilities below. Our secure drop-in replacement for

jQuery

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

Medium

CVE-2020-7656

Cross-Site Scripting

<1.9.0

May 19, 2020

Medium

CVE-2020-11023

Cross-Site Scripting

>=1.0.3 <3.5.0

Apr 29, 2020

Medium

CVE-2020-11022

Cross-Site Scripting

>=1.2.0 <3.5.0

Apr 29, 2020

Medium

CVE-2019-11358

Cross-Site Scripting

>=1.1.4 <3.4.0

Apr 19, 2019

Medium

CVE-2015-9251

Cross-Site Scripting

<1.12.2 >=1.12.3 <3.0.0

Jan 18, 2018

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for AngularJS

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of AngularJS beyond end-of-life:

1.4.x, 1.5.x, 1.8.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing AngularJS code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Get security updates for the following versions of AngularJS beyond end-of-life:

Custom Pricing

Billed annually. Multi-year options available.

1.4.x, 1.5.x, 1.8.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

AngularJS

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing AngularJS code to the project repo. Users are unnamed and transferrable across team members.

angular-filter
angular-local-storage
angular-material
angular-moment
angular-moment-picker
angular-strap
protractor
angular-translate
angular-translate-loader-static-files
ui-select
angular-ui-bootstrap
angular-ui-sortable
angular-ui-router
uirouter-core

What is a “User”?

A user is any person committing AngularJS code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for AngularJS

Our latest version of

NES for AngularJS

include fixes for the vulnerabilities below. Our secure drop-in replacement for

AngularJS

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

Medium

CVE-2025-4690

ReDoS Vulnerability

>=0.0.0

Aug 19, 2025

Medium

CVE-2025-2336

Content Spoofing

>=1.3.1

Jun 4, 2025

Medium

CVE-2025-0716

Content Spoofing

>=0.0.0

Apr 29, 2025

Medium

CVE-2024-8372

Content Spoofing

>=1.3.0-rc.4

Sep 9, 2024

Medium

CVE-2024-8373

Content Spoofing

>=0.0.0

Sep 9, 2024

Medium

CVE-2024-33665

Cross-Site Scripting

>=2.19.1

Apr 25, 2024

High

CVE-2024-21490

ReDoS Vulnerability

>=1.3.0

Feb 10, 2024

Medium

CVE-2023-26118

ReDoS Vulnerability

>=1.4.9

Mar 30, 2023

Medium

CVE-2023-26117

ReDoS Vulnerability

>=1.0.0

Mar 30, 2023

Medium

CVE-2023-26116

ReDoS Vulnerability

>=1.2.21

Mar 30, 2023

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Vue 2

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Vue 2 beyond end-of-life:

2.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Vue 2 code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Get security updates for the following versions of Vue 2 beyond end-of-life:

Custom Pricing

Billed annually. Multi-year options available.

2.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Vue 2 code to the project repo. Users are unnamed and transferrable across team members.

Nuxt v2
Vue Router
Vuex
Vuetify 2
BootstrapVue 2

‍

What is a “User”?

A user is any person committing Vue 2 code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Vue 2

Our latest version of

NES for Vue 2

include fixes for the vulnerabilities below. Our secure drop-in replacement for

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

Medium

CVE-2024-6783

Cross-Site Scripting

>=2.0.0 <3.0.0

Jul 23, 2024

Low

CVE-2024-9506

ReDoS Vulnerability

>=2.0.0 <3.0.0

Oct 14, 2024

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Bootstrap

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Bootstrap beyond end-of-life:

2.x, 3.x, 4.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Bootstrap code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

2.x, 3.x, 4.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Bootstrap

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Bootstrap code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Bootstrap code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Bootstrap

Our latest version of

NES for Bootstrap

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Bootstrap

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

Medium

CVE-2024-6531

Cross-Site Scripting

>=4.0.0 <=4.6.2

Jul 11, 2024

Medium

CVE-2024-6485

Cross-Site Scripting

>=1.4.0 <=3.4.1

Jul 11, 2024

Medium

CVE-2024-6484

Cross-Site Scripting

>=3.2.0 <=3.4.1

Jul 11, 2024

Medium

CVE-2025-1647

Cross-Site Scripting

>=3.4.1 <4.0.0

May 15, 2025

Medium

CVE-2019-8331

Cross-Site Scripting

>=2.0.0 <=2.3.2, >=3.0.0-rc1 <3.4.1

Feb 28, 2025

Medium

CVE-2016-10735

Cross-Site Scripting

>=2.0.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.0.0-beta.2

Feb 28, 2025

Medium

CVE-2018-14042

Cross-Site Scripting

>=2.3.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.1.2

Feb 28, 2025

Medium

CVE-2018-14040

Cross-Site Scripting

>=2.3.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.1.2

Feb 28, 2025

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Nuxt

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Nuxt beyond end-of-life:

2.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Nuxt code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

2.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Nuxt

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Nuxt code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Nuxt code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Nuxt

Our latest version of

NES for Nuxt

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Nuxt

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Spring

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for Spring Projects coordinated by the following versions of Spring Boot:

1.x, 2.x, 3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Spring code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

1.x, 2.x, 3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Spring

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Spring code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Spring code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Spring

Our latest version of

NES for Spring

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Spring

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

High

CVE-2024-38816

Path Traversal

>=5.3.0 <=5.3.39, >=6.0.0 <=6.0.23, >=6.1.0 <=6.1.12

Sep 12, 2024

Low

CVE-2024-38820

Authorization Bypass

<5.3.41, >=6.0.0 <6.0.25, >=6.1.0 <6.1.14

Oct 23, 2024

Medium

CVE-2024-38807

Signature Forgery

>=2.7.0 <=2.7.21, >=3.0.0 <=3.0.16, >=3.1.0 <=3.1.12, >=3.2.0 <=3.2.8, >=3.3.0 <=3.3.2

Aug 23, 2024

Critical

CVE-2024-38821

Authorization Bypass

>=5.7.0 <5.7.13, >=5.8.0 <5.8.15, >=6.0.0 <6.0.13, >=6.1.0 <6.1.11, >=6.2.0 <6.2.7, >=6.3.0 <6.3.4

Oct 25, 2024

Low

CVE-2021-22112

Denial of Service

<5.2.9.RELEASE, >=5.3.0 <5.3.9.RELEASE, >=5.4.0 <5.4.4

Feb 19, 2021

High

CVE-2022-22978

Authorization Bypass

<5.4.11, >=5.5.0 <5.5.7, >=5.6.x <5.6.4

May 16, 2022

Medium

CVE-2022-22976

Authorization Bypass

<5.5.7, >=5.6.0 <5.6.4

May 17, 2022

High

CVE-2022-27772

Resource Injection

<2.2.11

Mar 30, 2023

High

CVE-2023-20883

Denial of Service

>=1.5.0 <=1.5.22, >=2.5.0 <2.5.15, >=2.6.0 <2.6.15, >=2.7.0 <2.7.12 >=3.0.0 <3.0.7

May 19, 2023

High

CVE-2024-22243

URL Redirect/Open Redirect

>=4.3.0 <=4.3.30, >=5.3.0 <5.3.32, >=6.0.0 <6.0.17, >=6.1.0 <6.1.4

Feb 23, 2024

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Protractor

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Protractor beyond end-of-life:

7.0.0

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Protractor code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

7.0.0

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Protractor

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Protractor code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Protractor code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Protractor

Our latest version of

NES for Protractor

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Protractor

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for ESLint

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of ESLint beyond end-of-life:

8.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing ESLint code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

8.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

ESLint

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing ESLint code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing ESLint code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for ESLint

Our latest version of

NES for ESLint

include fixes for the vulnerabilities below. Our secure drop-in replacement for

ESLint

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Express

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Express beyond end-of-life:

3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Express code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Express

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Express code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Express code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Express

Our latest version of

NES for Express

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Express

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

Medium

CVE-2024-10491

Resource Injection

>=3.0.0-alpha1 <=3.21.2

Oct 29, 2024

Medium

HD-2024-1410

Resource Injection

>=3.0.0-alpha1 <=3.21.2, >=4.0.0-rc1 <4.21.1, >=5.0.0-alpha.1 <5.0.1

Oct 17, 2024

Medium

CVE-2024-9266

URL Redirect/Open Redirect

>=3.4.5 <4.0.0

Oct 3, 2024

Medium

CVE-2024-43796

Cross-Site Scripting

>=3.0.0-alpha1, <=3.21.2, >=4.0.0-rc1, <4.20.0, >=5.0.0-alpha.1 <5.0.0

Sep 10, 2024

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Node.js

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Node.js beyond end-of-life:

12, 14, 16, 18, 20, 22

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across essential platforms and technologies

What is a “User”?

A user is any person committing Node.js code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

12, 14, 16, 18, 20, 22

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Node.js

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Node.js code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Node.js code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Node.js

Our latest version of

NES for Node.js

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Node.js

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

Low

HD-2024-1408

Information Exposure

>=16.0.0 <=16.20.2

Oct 15, 2024

Medium

HD-2024-1409

Denial of Service

>=14.0.0 <=14.21.3, >=16.0.0 <=16.20.2

Oct 15, 2024

High

HD-2024-1407

HTTP Request Smuggling

>=16.0.0 <16.20.1, >=18.0.0 <18.16.1, >=20.0.0 <20.3.1

Oct 16, 2024

High

CVE-2025-23087

Use of Unmaintained Third Party

<= 17.9.1

Jan 21, 2025

High

CVE-2025-23088

Use of Unmaintained Third Party

<= 19.9.0

Jan 21, 2025

High

CVE-2025-23089

Use of Unmaintained Third Party

<= 21.7.3

Jan 21, 2025

Medium

CVE-2025-23167

HTTP Request Smuggling

4.0 < 20.19.1

May 14, 2025

High

CVE-2025-23166

Cryptographic Weakness

4.0 < 20.19.1, 22 < 22.15.0, 24 < 24.0.1

May 14, 2025

Medium

CVE-2025-23085

Denial of Service

4.0 < 18.20.6, 20 < 20.18.2

Feb 7, 2025

Medium

CVE-2025-23084

Path Traversal

4.0 < 18.20.6, 20 < 20.18.2

Jan 28, 2025

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Rails

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions Rails beyond end-of-life:

2.3, 3.2, 4.2, 5.2, and 6.1

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Rails code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

2.3, 3.2, 4.2, 5.2, and 6.1

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Rails

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Rails code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Rails code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Rails

Our latest version of

NES for Rails

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Rails

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

High

CVE-2024-26142

Denial of Service

7.1.0.0 to 7.1.3.0

Feb 27, 2024

High

CVE-2023-22794

Remote Code Execution

<=6.0.6.0 <=6.1.7.0 <=7.0.4.0

Feb 9, 2023

Critical

CVE-2022-30123

Remote Code Execution

2.2.0.0 - <=2.2.3.0 2.1.0.0 - <=2.1.4.0 2.0.0.0 - <=2.0.9.0

Dec 5, 2022

Critical

CVE-2022-21831

Remote Code Execution

7.0.0.0 - <= 7.0.2.2 6.1.0.0 - <= 6.1.4.6 6.0.0.0 - <= 6.0.4.6 5.2.0.0 - <= 5.2.6.2

May 26, 2022

Critical

CVE-2020-8165

Remote Code Execution

6.0.0 - <= 6.0.3.0 5.0.0 - <= 5.2.4.2

Jun 19, 2020

High

CVE-2020-8163

Remote Code Execution

<= 5.0.0 Not affected: Applications that do not allow users to control the names of locals. <= 4.2.11.1

Jul 2, 2020

High

CVE-2020-8162

Authorization Bypass

<= 5.2.4.1 <= 6.0.3.0 Not affected: Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter.

Jun 19, 2020

High

CVE-2020-8161

Remote Code Execution

< 2.1.3 < 2.2.0 Applications that do not use Rack::Directory

Jul 20, 2020

Critical

CVE-2020-8159

Remote Code Execution

Rails 3.x Rails 2.x Rails > 4.x if using actionpack_page-cache <= 1.2.0

May 12, 2020

Critical

CVE-2019-5420

Remote Code Execution

6.0.0.0 - <= 6.0.0.beta2 5.2.0.0 - <= 5.2.2.0

Mar 27, 2019

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for .NET

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of .NET beyond end-of-life:

6, 8

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Includes 200 Endpoints
4 Developer Seats
Continuous vulnerability scanning
24/7 Support

What is a “User”?

A user is any person committing .NET code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Get security updates for essential frameworks of .NET beyond end-of-life

Custom Pricing

Billed annually. Multi-year options available.

6, 8

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

.NET

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing .NET code to the project repo. Users are unnamed and transferrable across team members.

Get Never-Ending Support for:

Entity Framework
WPF
WinForms

What is a “User”?

A user is any person committing .NET code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for .NET

Our latest version of

NES for .NET

include fixes for the vulnerabilities below. Our secure drop-in replacement for

.NET

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

High

CVE-2025-24070

Weak Authentication

ASP.NET Core: >= 6.0.0 <= 6.0.36 >= 8.0.0 <= 8.0.13 >= 9.0.0 <= 9.0.2 Microsoft.AspNetCore.Identity: <= 2.3.0

Apr 4, 2025

High

CVE-2025-21176

Buffer Over-read

>= 6.0.0 <= 6.0.36 >= 8.0.0 <= 8.0.11 <= 9.0.0

Apr 4, 2025

High

CVE-2025-21173

Creation of Temporary File in Directory with Insecure Permissions

>= 6.0.0 <= 6.0.36 >= 8.0.0 <= 8.0.11 <= 9.0.0

Apr 4, 2025

High

CVE-2025-21172

Heap-based Buffer Overflow

>= 6.0.0 <= 6.0.36 >= 8.0.0 <= 8.0.11 <= 9.0.0

Apr 4, 2025

High

CVE-2024-38229

Use After Free

>= 6.0.0 <= 6.0.36 >= 8.0.0 <= 8.0.8 >= 9.0.0-preview.1.24081.5 <= 9.0.0.RC.1

Apr 4, 2025

Critical

CVE-2024-35264

Use After Free

>= 6.0.0 <= 6.0.36 >= 8.0.0 <= 8.0.6

Apr 4, 2025

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

PHP

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of PHP beyond end-of-life:

7.2, 7.3, 7.4, 8.0, 8.1, 8.2

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing PHP code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

7.2, 7.3, 7.4, 8.0, 8.1, 8.2

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

PHP

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing PHP code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing PHP code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

PHP

Our latest version of

PHP

include fixes for the vulnerabilities below. Our secure drop-in replacement for

PHP

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Grunt

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Grunt beyond end-of-life:

v0.4 - 1.5

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Grunt code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

v0.4 - 1.5

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Grunt

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Grunt code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Grunt code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Grunt

Our latest version of

NES for Grunt

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Grunt

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Fastify

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Fastify beyond end-of-life:

3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Fastify code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Fastify

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Fastify code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Fastify code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Fastify

Our latest version of

NES for Fastify

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Fastify

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Apache Struts

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Struts beyond end-of-life:

Various versions

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Struts code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Along with security support for selected legacy versions of Apache Struts, your Struts legacy versions can also be compatible with modern versions of select web servers.

Custom Pricing

Billed annually. Multi-year options available.

Various versions

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Struts

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Struts code to the project repo. Users are unnamed and transferrable across team members.

With NES for Apache Struts: Forward Compatibility you get:

- Everything that is included in NES for Apache Struts, plus;

- Compatibility assurances with modern versions of select web servers.

‍

What is a “User”?

A user is any person committing Struts code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Apache Struts

Our latest version of

NES for Apache Struts

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Struts

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

Critical

CVE-2024-53677

Remote Code Execution

>=2.0.0 <=2.3.37, >=2.5.0 <=2.5.33, >=6.0.0 <=6.3.0.2

Dec 17, 2024

High

CVE-2016-3081

Remote Code Execution

>=2.3.19 <2.3.20.3, >=2.3.21 <2.3.24.3, >=2.3.25 <2.3.28.1

Apr 20, 2016

Critical

CVE-2018-11776

Remote Code Execution

>=2.3.0 <2.3.35, >=2.5.0 <2.5.17

Aug 18, 2022

High

CVE-2023-49735

Path Traversal

<=1.3.10, >=2.0.0

May 12, 2025

Medium

CVE-2023-34396

Denial of Service

<1.3.10, >=2.0.5 <2.5.31, >=6.0.0 <6.1.2.1

May 12, 2025

Low

CVE-2008-2025

Cross-Site Scripting

<1.2.9

May 12, 2025

Low

CVE-2006-1548

Cross-Site Scripting

<1.2.9

May 12, 2025

High

CVE-2006-1547

Denial of Service

<1.2.9

May 12, 2025

High

CVE-2006-1546

Authorization Bypass

<1.2.9

May 12, 2025

Low

CVE-2025-54656

>=1.2.9 <=1.3.10

Aug 4, 2025

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Apache Solr & Lucene

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Apache Solr & Lucene beyond end-of-life:

8.11.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Solr & Lucene code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

8.11.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Solr & Lucene

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Solr & Lucene code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Apache Solr & Lucene code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Apache Solr & Lucene

Our latest version of

NES for Apache Solr & Lucene

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Solr & Lucene

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

Medium

CVE-2025-24814

Remote Code Execution

<9.8.0

Mar 21, 2025

Medium

CVE-2024-52012

Path Traversal

<=9.0.0 <9.8.0

Mar 21, 2025

Medium

CVE-2024-45772

Remote Code Execution

>=4.4.0 <9.12.0

Mar 21, 2025

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Apache Tapestry

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Apache Tapestry beyond end-of-life:

4.1.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Tapestry code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

4.1.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Tapestry

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Tapestry code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Apache Tapestry code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Apache Tapestry

Our latest version of

NES for Apache Tapestry

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Tapestry

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Apache Cocoon

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Apache Cocoon beyond end-of-life:

2.3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Cocoon code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

2.3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Cocoon

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Cocoon code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Apache Cocoon code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Apache Cocoon

Our latest version of

NES for Apache Cocoon

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Cocoon

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Apache Camel

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Apache Camel beyond end-of-life:

2.25.x, 3.22.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Camel code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

2.25.x, 3.22.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Camel

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Camel code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Apache Camel code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Apache Camel

Our latest version of

NES for Apache Camel

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Camel

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Apache Spark

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Apache Spark beyond end-of-life:

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Spark code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Spark

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Spark code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Apache Spark code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Apache Spark

Our latest version of

NES for Apache Spark

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Spark

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

Medium

CVE-2022-31777

Cross-Site Scripting

3.3.0 <=3.2.1

Apr 9, 2025

Critical

CVE-2023-22946

<3.4.0 >=3.3.0 <=3.3.1 >=3.2.0 <=3.2.3 >=3.1.0 <=3.1.3 >=3.0.0 <=3.0.3 >=2.4.8

Apr 9, 2025

High

CVE-2023-32007

Command Injection

>=3.2.0 <=3.2.1 >=3.1.1 <=3.1.3 <=3.0.3

Apr 9, 2025

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Next.js

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Next.js beyond end-of-life:

12.3.5

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Next.js code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

12.3.5

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Next.js

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Next.js code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Next.js code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Next.js

Our latest version of

NES for Next.js

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Next.js

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

Critical

CVE-2025-29927

Authorization Bypass

>=11.1.4 <12.3.5, >=13.0.0 <13.5.9, >=14.0.0 <14.2.25, >=15.0.0 <15.2.3

Mar 23, 2025

High

CVE-2023-46298

Denial of Service

>=13.0.0 <13.4.20-canary.13

Apr 9, 2025

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Apache Tomcat

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Apache Tomcat beyond end-of-life:

8.5

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

A user is any person committing Apache Tomcat code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

8.5

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Tomcat

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

A user is any person committing Apache Tomcat code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Apache Tomcat

Our latest version of

NES for Apache Tomcat

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Tomcat

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

High

CVE-2024-56337

Remote Code Execution

>= 8.5.0 <= 8.5.100, >=9.0.0.M1 <9.0.98, >=10.1.0-M1 <10.1.34, >=11.0.0-M1 <11.0.2

May 28, 2025

Medium

CVE-2024-54677

Denial of Service

>= 8.5.0 <= 8.5.100, >=9.0.0.M1 <9.0.98, >=10.1.0-M1 <10.1.34, >=11.0.0-M1 <11.0.2

May 28, 2025

Medium

CVE-2024-52317

Information Exposure

>=9.0.92 <9.0.96, >=10.1.27 <10.1.31, >=11.0.0-M23 <11.0.0

May 28, 2025

Critical

CVE-2024-52316

Authorization Bypass

>= 8.5.0 <= 8.5.100, <9.0.96, >=10.1.0-M1 <10.1.30, >=11.0.0-M1 <11.0.1

May 28, 2025

High

CVE-2024-50379

Remote Code Execution

>= 8.5.0 <= 8.5.100, >=9.0.0.M1 <9.0.98, >=10.1.0-M1 <10.1.34, >=11.0.0-M1 <11.0.2

May 28, 2025

High

CVE-2024-38286

Denial of Service

>= 8.5.35 <= 8.5.100, >=9.0.13 <9.0.90, >=10.1.0-M1 <10.1.25, >=11.0.0-M1 <11.0.0.M21

May 28, 2025

High

CVE-2024-34750

Denial of Service

>= 8.5.0 <= 8.5.100, >=9.0.0.M1 <9.0.90, >=10.1.0-M1 <10.1.25, >=11.0.0-M1 <11.0.0-M21

May 28, 2025

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Knockout.js

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Knockout.js beyond end-of-life:

3.5.1, 3.4.2, 2.3.0

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Knockout.js code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

3.5.1, 3.4.2, 2.3.0

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Knockout.js

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Knockout.js code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Knockout.js code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Knockout.js

Our latest version of

NES for Knockout.js

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Knockout.js

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for NestJS

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of NestJS beyond end-of-life:

9

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing NestJS code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

9

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

NestJS

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing NestJS code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing NestJS code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for NestJS

Our latest version of

NES for NestJS

include fixes for the vulnerabilities below. Our secure drop-in replacement for

NestJS

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for PostgreSQL

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of PostgreSQL beyond end-of-life:

12.x, 13.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is an "installation"?

An installation or endpoint refers to any discrete deployment of PostgreSQL—whether via container, virtual machine, bare metal, cloud-managed service (e.g., AWS RDS), or manual file system setup—that results in a functional PostgreSQL cluster. Each such deployment capable of accepting client connections is considered a licensed unit. This does not include any non-production installations, which would be considered as included in this license and do not need to be counted.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

12.x, 13.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

PostgreSQL

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is an "installation"?

An installation or endpoint refers to any discrete deployment of PostgreSQL—whether via container, virtual machine, bare metal, cloud-managed service (e.g., AWS RDS), or manual file system setup—that results in a functional PostgreSQL cluster. Each such deployment capable of accepting client connections is considered a licensed unit. This does not include any non-production installations, which would be considered as included in this license and do not need to be counted.

What is an "installation"?

An installation or endpoint refers to any discrete deployment of PostgreSQL—whether via container, virtual machine, bare metal, cloud-managed service (e.g., AWS RDS), or manual file system setup—that results in a functional PostgreSQL cluster. Each such deployment capable of accepting client connections is considered a licensed unit. This does not include any non-production installations, which would be considered as included in this license and do not need to be counted.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for PostgreSQL

Our latest version of

NES for PostgreSQL

include fixes for the vulnerabilities below. Our secure drop-in replacement for

PostgreSQL

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Lodash

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Lodash beyond end-of-life:

3.x, 4.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Lodash code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

3.x, 4.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Lodash

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Lodash code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Lodash code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Lodash

Our latest version of

NES for Lodash

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Lodash

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Django

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Django beyond end-of-life:

3.2

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Django code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

3.2

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Django

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Django code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Django code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Django

Our latest version of

NES for Django

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Django

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for NumPy

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of NumPy beyond end-of-life:

1.26.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing NumPy code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

1.26.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

NumPy

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing NumPy code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing NumPy code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for NumPy

Our latest version of

NES for NumPy

include fixes for the vulnerabilities below. Our secure drop-in replacement for

NumPy

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Hibernate

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Hibernate beyond end-of-life:

5.6

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Hibernate code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

5.6

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Hibernate

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Hibernate code to the project repo. Users are unnamed and transferrable across team members.

What is a “User”?

A user is any person committing Hibernate code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Hibernate

Our latest version of

NES for Hibernate

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Hibernate

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Jetty

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of Jetty beyond end-of-life:

9, 10, 11

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

A user is any person committing Jetty code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

9, 10, 11

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Jetty

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

A user is any person committing Jetty code to the project repo. Users are unnamed and transferrable across team members.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Jetty

Our latest version of

NES for Jetty

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Jetty

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for CometD

Basic Edition

NES for Spring Boot Portfolio

Foundations

Core

Get security updates for the following versions of CometD beyond end-of-life:

5, 6, 7

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

Essentials Add-On

Core

Essentials

Forward Compatibility

Custom Pricing

Billed annually. Multi-year options available.

5, 6, 7

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

CometD

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

View Docs to see a full list of supported packages

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for CometD

Our latest version of

NES for CometD

include fixes for the vulnerabilities below. Our secure drop-in replacement for

CometD

is easy to install and takes only a few minutes to set up.

Severity

ID

Category

Version(s) Affected

Published Date

No items found.

View Full List

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Get a Custom Quote

How can we reach out to you to send your custom quote?

Frequently Asked Questions

Request Pricing

Every unpatched CVE is a risk. Fix them all now.

Ensuring Full Compliance and Security

Trusted by 900+ Companies, 8,000+ Developers

Frequently Asked Questions