Thought Leadership | HeroDevs Blog

All Posts

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Open Source Ecosystem

Risk Mitigation

Security

EOL Software

Jul 7, 2026

Next.js EOL Dates: Version Support Timeline (9 Through 16)

A complete reference for every Next.js release timeline, the CVEs hitting end-of-life versions, and what teams running Next.js 13 and earlier need to do now.

Javier Perez

EOL Software

Jun 26, 2026

How AI Broke Open Source Security: End-of-Life Software Is the Most Exposed

AI now finds, patches, exploits, and even invents open source vulnerabilities faster than maintainers can keep up — and end-of-life software, with no maintainers at all, is the most exposed code in your stack.

JD Flynn

Security

Jun 25, 2026

Does Your AngularJS Application Have Vulnerabilities? HeroDevs Just Discovered One CVE-2026-11998

Why Expert Oversight is Your Only Defense Against Emerging EOL Threats

Javier Perez

Security

Jun 25, 2026

CVE-2026-11998: AngularJS SCE Resource URL Bypass Enables XS

Understanding the SCE Logic Flaw and Protecting Your AngularJS Applications from XSS Attacks

Ryan Jasinski

Compliance

Jun 25, 2026

Japan's Active Cyber Defense Law: What It Means for Open Source and EOL Software

How Japan's landmark Active Cyber Defense Law creates new obligations around unsupported software — and how HeroDevs keeps you compliant.

James Yi

EOL Software

Jun 24, 2026

The Ghost in the Dependency Tree: The End-of-Life Risk Your Scanners Miss

HeroDevs' Isaac Wuest joined the OpenSSF's "What's in the SOSS" podcast to talk about the blind spot in CVE-based scanning, the difference between attested end of life and maintainer abandonment, and what to do about the end-of-life packages hiding in your dependency tree.

Taylor Corbett

Security

Jun 23, 2026

CVE-2026-54512/54513: Jackson PolymorphicTypeValidator Bypass

How generic type parameters and array component types slip past a correctly configured BasicPolymorphicTypeValidator allowlist to reach gadget instantiation

Greg Allen

EOL Software

Jun 23, 2026

PostgreSQL EOL Dates: Every Version's Release & End-of-Life Timeline

A complete reference for every PostgreSQL major version, its five-year support window, and what end-of-life means for the teams still running older releases in production.

Greg Allen

Security

Jun 23, 2026

AryStinger Turns 4,300 Forgotten Routers Into a Recon-and-Proxy Network

When end-of-life stops being a software problem and becomes the whole device, and nobody is shipping firmware anymore.

Allison Vorthmann

Risk Mitigation

Jun 23, 2026

What a Disaster Recovery Gameday Taught Us About Resilience

How Controlled Failure Simulations Build Engineering Confidence and Process Reliability

Justin Gorny

Compliance

Jun 23, 2026

Your EOL Open Source Is a PCI DSS Compliance Problem — Here's How to Fix It

PCI DSS 4.0's Requirement 12.3.4 is now fully enforceable, and it targets end-of-life open source directly — here's what it means for teams handling payment card data, and how to close the audit gap.

Rob Nalen

EOL Software

Jun 23, 2026

Node.js End-of-Life Dates You Should Be Aware Of

End-of-life means a technology no longer receives support, like vulnerability fixes, from the original creator.

Taylor Corbett

EOL Software

Jun 23, 2026

What You Need to Know: Spring Framework’s End-of-Life Dates

A complete reference for every Spring Framework release timeline, and what end-of-life actually means for the enterprise Java teams still running 5.3 and 6.1 in production.