Does HeroDevs have an SLA for NES for Apache Struts?

Yes. Our response times vary based on the severity of the issue. Security-related and application-breaking issues are our top priority and will be resolved immediately (same day if possible). We can provide our SLA for your team to review upon request.

What Apache Struts versions does NES support?

NES for Apache Struts supports all versions. We provide ongoing support and patches to keep your applications secure and operational.

Does NES for Apache Struts help with compliance?

NES for Apache Struts helps maintain compliance by providing security patches and updates, even for older versions. Additionally, our enterprise-grade SLA stands up to HIPAA, SOC-2, PCI DSS, etc., and ensures your compliance with these standards. Many CVEs may affect older Apache Struts versions, and we address those for you.

Why do I need NES for Apache Struts?

Using an unsupported version of Apache Struts exposes your applications to security vulnerabilities and compliance risks. Upgrading to the latest version can be costly and time-consuming. Never-Ending Support (NES) for Apache Struts allows you to stay on your current version and remain supported until you are ready to upgrade.

How does licensing work?

When you purchase Never-Ending Support, you acquire a commercial license for the support services. Our pricing model is based on the number of users who will be committing code to the project repo. Users are unnamed and transferable across team members.

I got an error like "EOL/Obsolete Software: Apache Struts 2.3.x Detected." What can I do?

This means your application is running Apache Struts 2.3.x, which has reached end-of-life and no longer receives security updates—leaving it vulnerable to exploits. NES for Struts provides a drop-in replacement to keep your application secure, compliant, and fully supported. Talk to our sales team to explore your options.

When would I need NES for Apache Struts: Forward Compatibility?

If you are using Struts versions 1.x or 2.x and these EOL (legacy) versions are hindering you from upgrading underlying web servers such as Tomcat, Jetty, Wildfly, Glassfish, etc. With NES for Apache Struts: Modern Compatibility, you can stay on EOL versions of Struts and remain secure and free from vulnerabilities. You can also update your supporting web servers without fear of breaking the applications built with Struts.

Is NES for Apache Struts: Forward Compatibility included with NES for Apache Struts?

While both options contain CVE patches and enterprise-grade SLAs for future security assurances, NES for Apache Struts: Forward Compatibility goes a step further and allows users to update their underlying web server versions without fear of breaking their applications built on Struts. Ask our sales team to get more information on our solutions and pricing.

NEVER-ENDING SUPPORT FOR
Apache Struts

Name: NES for Apache Struts
Brand: HeroDevs
Rating: 5 (20 reviews)

Legacy Apache Struts versions still function after support ends — but that's not good enough for internal SLAs, CVE disclosures, and security audits.

Never-Ending Support (NES) for Apache Struts keeps you compliant, secure, and audit-ready without an unplanned migration or risky patchwork.

Get Pricing

View Docs

Your Struts is Under Attack

Legacy Struts versions are a known security risk—just ask Equifax. Since end-of-life, we’ve patched many additional CVEs, including remote code execution and transitive dependency flaws.

Our Never-Ending Support for Struts 1 and 2 goes beyond surface-level fixes: we’ve forked and secured vulnerable dependencies, addressing issues like CVE-2023-49735, CVE-2016-1182, and more—so your stack stays protected from the inside out.

Active Exploitation in the Wild

CVE-2006-1547 is being actively exploited. Attackers have automated tools scanning for vulnerable Struts installations. Your unpatched system is a sitting duck.

Compliance & Audit Failures

Running unpatched frameworks violates SOC 2, HIPAA, and PCI requirements. Fail an audit and face regulatory fines, customer churn, and damaged reputation.

The Equifax Reality

A single unpatched Struts vulnerability (CVE-2017-5638) cost Equifax $700M+ and destroyed executive careers. The same could happen to you with today’s active vulnerabilities.

Development Team Burnout

Your developers get pulled off roadmaps to chase emergency security fixes or attempt risky migrations. Innovation stops. Technical debt grows. Talent leaves.

Beyond CVEs:
Security for Struts v1 Transitive Dependencies

Our Never-Ending Support for Struts doesn’t stop at patching the framework itself. HeroDevs goes deeper—patching the vulnerable dependencies Struts relies on, not just Struts core.

We’ve forked and secured critical libraries that Struts v1 brings in, ensuring transitive vulnerabilities don’t slip through the cracks. It’s not just a CVE fix—it’s a fortified ecosystem.

View Docs

CVE Protection

0 Security Issues Fixed in NES for Struts
(and always looking for more)

At HeroDevs, we proactively address vulnerabilities, including critical CVEs impacting Apache Struts. These vulnerabilities may not always show up in standard scans unless you’re scanning the SBOM, yet they present substantial risks.

Severity

ID

Technology

Libraries Affected

Make Legacy Struts Apps Work on Tomcat 10+, Jetty 11+, and WildFly 27+

Still using Struts 1.x or 2.x? NES for Apache Struts: Forward Compatibility bridges the gap between using legacy Struts and wanting to be on modern web server versions.

With HeroDevs’ solution, you can run older Struts applications on Tomcat 10+, Jetty 11+, or WildFly 27+, etc. — without code refactoring and introducing breaking changes.

Why You’re Stuck

Servlet API 5.0+ replaced the javax.* namespace with jakarta.*, creating a breaking change for apps built on Struts 1.x and 2.x. If you’re trying to modernize your infrastructure or meet compliance mandates, you’ve likely hit a wall.

Does this sound familiar?

You can’t upgrade web servers and dependent infrastructure without your Struts apps failing

Your vulnerability scanners flag unpatchable CVEs

You're locked into insecure, deprecated infrastructure

You’ve realized refactoring for Servlet 5.0+ is too costly and time-consuming

Web Server

Tomcat 7 - 9

Tomcat 10.0+

Jetty 10

Jetty 11+

WildFly 10–26

WildFly 27+

GlassFish 5.x

GlassFish 6.2+

Struts 1.x and 2.x Compatible

NES for Struts: Forward Compatibility

NES for Apache Struts

is a secure drop-in replacement for

Apache Struts

and takes just a few minutes to set up.

Step 1

Update your project’s Maven or Gradle Files

Step 2

Set up token

Step 3

Install & Run!

The difference is night and day

See what changes when you protect your legacy Struts with HeroDevs:

Security Challenge

New CVE Discovery

Compliance Audits

Development Resources

Business Risk

Without HeroDevs

Vulnerability stays unpatched indefinitely

Fail on unpatched open source software

Team stops roadmap for emergency fixes

One exploit away from a major breach

With HeroDevs NES

Patched and deployed within 15 days

Pass audits with enterprise-grade SLAs

Keep shipping features; we handle security

Sleep peacefully with continuous protection

Versions

Struts Timeline

2000

Struts 1.0 Released

2008

Struts 1.3.10 Final

2013

Struts 1.x EOL

2019

Struts 2.3 EOL

2024

Struts 2.5 EOL

Last updated December 7 2008

Struts 1.x

Last updated December 5 2018

Struts 2.3

Last updated December 5 2023

Struts 2.5

What is Never-Ending Support?

Security Fixes

A new version of NES for Apache Struts will be released each time we find, validate, and fix a security issue.

Drop-In Compatibility

A direct replacement for your framework—no migrations, no rewrites, just ongoing support.

SLA Compliance

HeroDevs provides SLAs that ensure compliance by providing incident response and remediation in accordance with industry-standard regulations, including SOC 2, FedRAMP, PCI, and HIPAA.

Learn more.

Team of Experts

NES for Apache Struts is built by dedicated senior-level Java and security engineers.

Easy to Install

Our simple drop-in replacement means all you have to do is update your Maven/Gradle files and rebuild your project. No code changes or find & replace required.

Intellectual Property Protection

NES for Apache Struts is not only secure; HeroDevs also offers enterprise-level protection for all products.

Learn more.

The Problem We Solve

EOL Apache Struts versions expose businesses to security vulnerabilities, compliance gaps, and expensive, disruptive migrations. NES for Apache Struts is the only extended long-term support option available on the market for Apache Struts.

HeroDevs’ Never-Ending Support (NES) for Apache Struts provides proactive security patches, compliance guarantees, and seamless long-term support for EOL Struts versions. Our drop-in solution keeps your systems secure and operational, so you control when—and how—to modernize, without costly downtime or risks.

Let HeroDevs secure your legacy Apache Struts applications, ensuring your business remains compliant and protected.

Why HeroDevs?

Built By Apache Struts Experts

Our team of Apache Struts experts ensures our Never-Ending Support for Apache Struts products are the same quality you have come to expect when using Apache Struts open source projects.

We specifically design our NES for Apache Struts products to work seamlessly and ensure they are as dependable as the original Apache Struts projects you built your applications on.

We Give Back To Open Source

HeroDevs is deeply committed to the open-source community. We provide support through sponsorships, backing core contributors, and funding events that drive the ecosystem forward. Our engagement extends beyond financial contributions, embodying a commitment to the ongoing growth and innovation of open-source software. This holistic support ensures the vitality of the open-source movement, fostering an environment of collaboration and advancement.

Support

Frequently Asked Questions

Below are common questions our customers have. Of course, we’re happy to meet with you and answer these and other questions you might have.

Related Products

If you're leveraging this technology, chances are you're also using complementary systems that face similar end-of-life (EOL) challenges.

Explore our related NES products that offer proactive, comprehensive support for your entire tech stack to ensure continuity, security, and innovation across all your essential technologies.

HeroDevs Blog

Defeat Your Technical Villains

Whether it's continuous support through our Never-Ending Support (NES) library or our unparalleled professional services to get you migrated and moving forward, HeroDevs is to the rescue!

NES Products Pro Services