Never-Ending Support for Spring versions 4.3, 5.3
NES for Spring
Never-Ending Support (NES) for Spring from HeroDevs means you can stay secure and compliant without migrating away.
Supported Versions
What is included in NES for Spring 4?
NES for Spring 4 is an overarching initiative to provide continual security updates to various Spring Projects and Packages of the Spring ecosystem branching off of Spring Framework 4.3 and compatible versions of other Spring Projects, delivered through different subscriptions. NES for Spring 4 is the only extended long term support option available on the market for Spring 4.
You will get the most comprehensive security support through our NES for Spring 4: Foundations subscription and support can be extended to more packages through our targeted NES for Spring 4: Essentials subscription.
You will get the most comprehensive security support through our NES for Spring 4: Foundations subscription and support can be extended to more packages through our targeted NES for Spring 4: Essentials subscription.
Foundations
NES for Spring 4 : Foundations
NES for Spring 4: Foundations is our flagship support subscription and includes a select list of packages common in every Spring 4 app. In addition to supporting many key packages in the Spring Framework version 4 project there are included components of Spring Boot and Spring Security to ensure the greatest amount of foundational coverage included with this subscription.
Listed below are some common packages in:
Listed below are some common packages in:
Spring Framework (4.3.x)
spring-core
spring-aop
spring-beans
spring-expression
spring-web
15+ more
Spring Boot (1.5.x)
spring-boot
spring-boot-starter
spring-boot-autoconfigure
spring-boot-test
spring-boot-actuator
34+ more
Spring Security (4.2.x)
spring-security-core
spring-security-crypto
spring-security-web
spring-security-data
spring-security-config
21+ more
Essentials
NES for Spring 4 : Essentials
If your security requirements go beyond what’s included in NES for Spring 4: Foundations, our Essentials Add-On offers the flexibility to customize your support package. This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.
Whether your projects are small or enterprise-scale, the Essentials Add-On gives you the freedom to scale your support as your needs evolve. Choose what you need from hundreds of Spring packages across dozens of additional Spring Projects.
Whether your projects are small or enterprise-scale, the Essentials Add-On gives you the freedom to scale your support as your needs evolve. Choose what you need from hundreds of Spring packages across dozens of additional Spring Projects.
For a full list of supported packages
Talk to Our Experts
What is included in NES for Spring 5?
NES for Spring 5 is an overarching initiative to provide continual security updates to various Spring Projects and Packages of the Spring ecosystem branching off of Spring Framework 5.3 and compatible versions of other Spring Projects, delivered through different subscriptions.
You will get the most comprehensive security support through our NES for Spring Foundations subscription and support can be extended to more packages through our targeted NES for Spring Essentials subscriptions.
You will get the most comprehensive security support through our NES for Spring Foundations subscription and support can be extended to more packages through our targeted NES for Spring Essentials subscriptions.
Foundations
NES for Spring 5 : Foundations
NES for Spring 5: Foundations is our flagship support subscription and includes a select list of packages common in every Spring 5 app. In addition to supporting many key packages in the Spring Framework version 5 project there are included components of Spring Boot and Spring Security to ensure the greatest amount of foundational coverage included with this subscription.
Listed below are some common packages in:
Listed below are some common packages in:
Spring Framework (5.3.x)
spring-core
spring-aop
spring-beans
spring-expression
spring-web
8+ more
Spring Boot (2.7.x)
spring-boot
spring-boot-starter
spring-boot-autoconfigure
spring-boot-test
spring-boot-actuator
37+ more
Spring Security (5.8.x)
spring-security-core
spring-security-crypto
spring-security-web
spring-security-data
spring-security-config
6+ more
Essentials
NES for Spring 5 : Essentials
If your security requirements go beyond what’s included in NES for Spring 5: Foundations, our Essentials Add-On offers the flexibility to customize your support package. This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.
Whether your projects are small or enterprise-scale, the Essentials Add-On gives you the freedom to scale your support as your needs evolve. Choose what you need from hundreds of Spring packages across dozens of additional Spring Projects.
Whether your projects are small or enterprise-scale, the Essentials Add-On gives you the freedom to scale your support as your needs evolve. Choose what you need from hundreds of Spring packages across dozens of additional Spring Projects.
For a full list of supported packages
Talk to Our Experts
Extended Version Support
Cost Flexibility
Broad Ecosystem Support
Certified CVE Naming Authority (CNA)
Open Source Pledge
Direct Access to Spring Experts
Built for Flexibility, Not Forced Upgrades –
Secure, Tailored Support for Spring 4.3 and Beyond
Secure, Tailored Support for Spring 4.3 and Beyond
At HeroDevs, we’re not just another platform provider—we’re a dedicated Spring support partner committed to safeguarding your existing Spring environment, including legacy versions like Spring 4.3. With our Never-Ending Support program, you gain peace of mind through targeted security updates and compliance for the exact modules you need, without the unnecessary costs. Join the growing number of companies that trust HeroDevs to keep their critical Spring applications secure, compliant, and compatible.
Contact Us
NES for spring cve
Security Issues Fixed in NES for Spring
By purchasing HeroDevs’ Never-Ending Support for Spring, you’re ensuring that your Spring applications stay secure and these vulnerabilities are mitigated. As more CVEs are discovered, you can rest easy knowing HeroDevs will fix them.
If you’re currently using Spring in your application’s tech stack, your application is vulnerable to the CVEs listed below.
Switch to Never-Ending Support for Spring in minutes to immediately mitigate these vulnerabilities.
If you’re currently using Spring in your application’s tech stack, your application is vulnerable to the CVEs listed below.
Switch to Never-Ending Support for Spring in minutes to immediately mitigate these vulnerabilities.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Critical
Spring
Apache Struts
Remote Code Execution
>=2.0.0 <=2.3.37, >=2.5.0 <=2.5.33, >=6.0.0 <=6.3.0.2
Dec 17, 2024
Low
Spring
Spring LDAP
Authorization Bypass
<=2.4.3, >=3.0.0 <=3.0.9, >=3.1.0 <=3.1.7, >=3.2.0 <3.2.7
Nov 20, 2024
Medium
Spring
Spring Security
Authorization Bypass
<=5.7.13, >=5.8.0 <=5.8.15, >=6.0.0 <=6.0.13, >=6.1.0 <=6.1.11, >=6.2.0 <=6.2.7, >=6.3.0 <=6.3.4
Nov 19, 2024
High
Spring
Spring Framework
Path Traversal
<5.3.41, >=6.0.0 <6.0.25, >=6.1.0 <6.1.14
Oct 30, 2024
Critical
Spring
Spring Security
Authorization Bypass
>=5.7.0 <5.7.13, >=5.8.0 <5.8.15, >=6.0.0 <6.0.13, >=6.1.0 <6.1.11, >=6.2.0 <6.2.7, >=6.3.0 <6.3.4
Oct 25, 2024
Low
Spring
Spring Framework
Authorization Bypass
<5.3.41, >=6.0.0 <6.0.25, >=6.1.0 <6.1.14
Oct 23, 2024
High
Spring
Spring Framework
Path Traversal
>=5.3.0 <=5.3.39, >=6.0.0 <=6.0.23, >=6.1.0 <=6.1.12
Sep 12, 2024
Medium
Spring
Spring Framework
Denial of Service
>=4.3.0 <=4.3.30, >=5.3.0 <5.3.38, >=6.0.0 <6.0.23, >=6.1.0 <6.1.12
Aug 27, 2024
Medium
Spring
Spring Boot
Signature Forgery
>=2.7.0 <=2.7.21, >=3.0.0 <=3.0.16, >=3.1.0 <=3.1.12, >=3.2.0 <=3.2.8, >=3.3.0 <=3.3.2
Aug 23, 2024
High
Spring
Spring Framework
URL Redirect/Open Redirect
>=4.3.0, >=5.3.0 <5.3.34, >=6.0.0 <6.0.19, >=6.1.0 <6.1.6
Apr 16, 2024
High
Spring
Spring Framework
URL Redirect/Open Redirect
<=4.3.31, >=5.3.0 <5.3.33, >=6.0.0 <6.0.17, >=6.1.0 <6.1.5
Mar 16, 2024
High
Spring
Spring Framework
URL Redirect/Open Redirect
>=4.3.0 <=4.3.30, >=5.3.0 <5.3.32, >=6.0.0 <6.0.17, >=6.1.0 <6.1.4
Feb 23, 2024
High
Spring
Spring Boot
Denial of Service
>=1.5.0 <=1.5.22, >=2.5.0 <2.5.15, >=2.6.0 <2.6.15, >=2.7.0 <2.7.12 >=3.0.0 <3.0.7
May 19, 2023
High
Spring
Spring Security
Authorization Bypass
<5.4.11, >=5.5.0 <5.5.7, >=5.6.x <5.6.4
May 16, 2022
Low
Spring
Spring Security
Denial of Service
<5.2.9.RELEASE, >=5.3.0 <5.3.9.RELEASE, >=5.4.0 <5.4.4
Feb 19, 2021
Did you find a vulnerability in NES for Spring? We'll fix it!
Report a Vulnerability
NES for Spring
is a secure drop-in replacement for
Spring
and is easy to set up.
Step 1
Update your Maven/Gradle file
Step 2
Set up token
Step 3
Install & Run!
What is Never-Ending Support?
Security Fixes
A new version of NES for Spring will be released each time we find, validate, and fix a security issue.
Compatibility Fixes
NES for Spring ensures that your code continues to work seamlessly even after the software reaches its end of life, maintaining compatibility across all essential platforms and technologies.
SLA Compliance
HeroDevs provides SLAs that ensure compliance by providing incident response and remediation in accordance with industry-standard regulations, including SOC 2, FedRamp, PCI, and HIPAA.
Learn more.
Team of Experts
NES for Spring is built with advisement and consultation of core team members from Spring.
Easy to Install
Our simple drop-in replacement means all you have to do is change a few files and configurations and then rebuild your project. No code changes or find & replace required.
Intellectual Property Protection
NES for Spring is not only secure; HeroDevs also offers enterprise-level protection for all products.
Learn moreThe Problem We Solve
84%
of all codebases with open source components contained vulnerabilities.
Does your website contain vulnerabilities?
Chances are, if you are behind in adopting actively supported versions of the open-source software you are using, you are exposed.
Websites using unsupported software are at risk. (2024 Open Source Security and Risk Analysis Report)
Websites using unsupported software are at risk. (2024 Open Source Security and Risk Analysis Report)
HeroDevs provides Never-Ending Support for Spring, so you can keep using it and stay secure and supported.
Why HeroDevs?
Built By Spring Experts
Our team of Spring experts ensures our Never-Ending Support for Spring products are the same quality you have come to expect when using Spring open source projects.
We specifically design our NES for Spring products to work seamlessly and is as dependable as the original Spring projects you built your applications on.
We Give Back To Open Source
HeroDevs is deeply committed to the open-source community. We support it through sponsorships, backing core contributors, and funding events that drive the ecosystem forward. Our engagement extends beyond financial contributions, embodying a commitment to the ongoing growth and innovation of open-source software. This holistic support ensures the vitality of the open-source movement, fostering an environment of collaboration and advancement.
We Partner With These Organizations
Related Products
If you're leveraging this technology, chances are you're also using complementary systems that face similar end-of-life (EOL) challenges.
Explore our related NES products that offer proactive, comprehensive support for your entire tech stack to ensure continuity, security, and innovation across all your essential technologies.
Explore our related NES products that offer proactive, comprehensive support for your entire tech stack to ensure continuity, security, and innovation across all your essential technologies.
Related Blog Posts
.png)
Leaping over technology stacks in a single bound!
Defeat Your Technical Villains
Whether it's continuous support through our Never-Ending Support (NES) library or our unparalleled professional services to get you migrated and moving forward, HeroDevs is to the rescue!
Contact Us
Got questions about Never-Ending Support for your open-source library? We're here to help!
%201.svg){kind=small}
Discover how HeroDevs NES Products can keep your systems secure and compliant.
Learn how our solutions can deliver value to your organization.
Get detailed pricing information tailored to your needs.
Trusted by industry leaders such as
Talk to an Expert