The EOL experts. We let your developers focus on mission-critical work, while we keep your open-source stack running in the background. #LifeAfterEOL
Joined January 2018
- Tweets 1,417
- Following 748
- Followers 2,670
- Likes 3,151
449 Photos and videos
Join us May 27 for a live conversation with two members of the Node.js Technical Steering Committee — Matteo Collina (Chair) and Marco Ippolito — moderated by HeroDevs' Javier Perez.
On the agenda ✍️
→ The path to Node 27 LTS and the new release cadence
→ Vulnerability handling in the age of AI-generated CVE reports
→ Staying secure on Node 20 when you can't migrate yet
📅 May 27, 2026 | 11:00 AM EST | Free registration
Register → herodevs.com/from-node-20-eo…
#NodeJS #OpenSource #EndOfLife #DevSecOps #JavaScript #HeroDevs
1
2
757
Counting down: 18 days until Spring Boot 3.5 EOL. ⏲
This is the dangerous kind — no compile error, no warning. Can you catch it:
True or false: In Jackson 3.0, JacksonException no longer extends IOException — it's now a RuntimeException.
#SpringBoot #Java #SoftwareEngineering
100%
True
0%
False
1 votes • Final results
1
1
84
Software isn't just code. It's the chat rooms, the conferences, the people who know how to answer the question when something breaks.
Deprecate a framework, and you don't just lose the patches. You lose the community.
That's why migration paths matter as much as destinations — and why staying secure on what you've already got keeps the door open.
#OpenSource #DevSecOps #EndOfLife #HeroDevs
1
52
⏳ 20 days until Spring Boot 3.5 hits end-of-life.
Three weeks. That's the runway left before community patches stop on June 30.
If your migration plan is still a Jira ticket and a vague timeline, this is the week to make it real.
#SpringBoot #Java #EOL
1
84
21 days. That's all that's left of community support for Spring Boot 3.5. 🗓️
Code compiles. Tests pass. Production breaks. Spot the silent one:
True or false: Jackson 3.0 changes the default date serialisation from numeric timestamps to ISO-8601 strings.
#SpringBoot #Java #SoftwareEngineering
1
2
96
Who's that vulnerability? A scanner just flagged it — and there's no patch coming.
The June 2026 AI Cybersecurity Executive Order builds a national apparatus for AI-assisted vulnerability discovery. It accelerates the half of the lifecycle that hurts end-of-life software most: finding flaws. It funds none of the fixes.
For maintained software, that loop closes — a CVE lands, upstream ships a patch, you update. For EOL frameworks, the loop is broken. No maintainer, no patch, no answer to the auditor.
With CRA Article 14 reporting starting September 11 and DORA already in force, "we know about the CVE but no fix exists" gets weaker by the day — not stronger.
Know your EOL exposure. Line up a patch source before the next AI-surfaced CVE lands against a framework no one maintains anymore.
#OpenSourceSecurity #EndOfLife #Cybersecurity #VulnerabilityManagement #SoftwareSupplyChain #DevSecOps #Compliance
1
1
206
Learn More 🔗 herodevs.com/blog-posts/ai-c…
162
CVEs only track the vulnerabilities someone actually reported. So what happens when a package goes end-of-life and no one's looking anymore?
That's the "ghost in the dependency tree" — and it's exactly what Isaac Wuest, Product Line Leader at HeroDevs, unpacked on @openssf 's What's in the SOSS podcast.
Listen to the full podcast 🎧 openssf.org/podcast/2026/06/…
#OpenSource #SoftwareSupplyChain #EndOfLife #CyberSecurity #AppSec
1
84
That's a wrap on Microsoft Build 2026. 🎬
Our takeaway: the faster the frontier moves, the more critical the foundation becomes. Every new AI workload still runs on top of something — and a lot of that something is .NET, Java, Node, and other open source stacks quietly aging out of support. The leap forward only works if the layer underneath is still secure.
Grateful to everyone we got to connect with this week. Until next year. 👋
#MicrosoftBuild #Build2026 #AI #OpenSource #DevSecOps #HeroDevs
1
94
The reactive SCA-scan-and-patch model is breaking under the weight of AI-discovered CVEs.
What replaces it? Curated, SLA-backed open source. techstrong.tv/videos/intervi…
1
1
4
142
33 days to go. ⏱️
Infra surprises are the worst kind of surprises:
True or false: Undertow has been completely removed as an embedded server option in Spring Boot 4.0.
#SpringBoot #Tomcat #Java
0%
True
0%
False
0 votes • Final results
85
🔴 Happening now. Join us live.
Live Q&A is open. Jump in → herodevs.com/from-node-20-eo…
#NodeJS #OpenSource #EndOfLife #DevSecOps #JavaScript #HeroDevs
79
Tomorrow. One hour. Two members of the Node.js Technical Steering Committee.
Matteo Collina (TSC Chair) and Marco Ippolito (TSC & HeroDevs Engineer) join HeroDevs' Javier Perez to talk Node 20 EOL, the path to Node 27 LTS, and how the project is handling a flood of AI-generated CVE reports — plus what to do if you can't migrate off Node 20 yet.
Live Q&A included.
📅 May 27, 2026 | 11:00 AM EST | Free registration
Register → herodevs.com/from-node-20-eo…
#NodeJS #OpenSource #EndOfLife #DevSecOps #JavaScript #HeroDevs
1
14
13
11,579
ACTIVE: 'TrapDoor' supply chain campaign hits npm, PyPI & Crates.io with 34 malicious packages stealing SSH keys, AWS creds & crypto wallets. Novel technique poisons AI assistant config files to trigger exfiltration. #SupplyChain #DevSecOps
thehackernews.com/2026/05/tr…
1
118
Heads up: Kubernetes 1.33 reaches End of Life on June 28, 2026. No more security patches after that date. K8s 1.34 EOLs Oct 27. With active supply chain attacks targeting Kubernetes service account tokens, staying on a supported release is more urgent than ever. #OpenSource #DevSecOps
kubernetes.io/releases/patch…
96
⏳ 35 days until Spring Boot 3.5 hits end-of-life.
Before you bump that version number, drop your guess below 👇
True or false: Spring Boot 4.0 uses Jakarta EE 10, the same as Spring Boot 3.x.
#SpringBoot #Java #JakartaEE
0%
True
0%
False
0 votes • Final results
150
Apache's Tomcat 8.5 security page is the tip of the iceberg. 🧊
May 10, 2026: Apache shipped patches for seven new CVEs in 9.x, 10.1.x, and 11.x. Tomcat 8.5 isn't listed in any of them — but NVD confirms 8.5 is affected by every one.
The standout: CVE-2026-43512. Any user not in the configured realm authenticates successfully if the request presents the literal password "null."
Tomcat 8.5 reached EOL March 31, 2024. The CVE disclosures haven't stopped. The documentation just has.
"No entry on Apache's page" ≠ "Not affected." It means the project stopped tracking your version.
#ApacheTomcat #Tomcat #Java #EndOfLife #EOL #CVE #DevSecOps #VulnerabilityManagement #HeroDevs #NeverEndingSupport
153
⏱️ Counting down: 40 days until Spring Boot 3.5 EOL.
Make sure you know what you're upgrading into — vote below ⬇️
True or false: Spring Boot 4.0 requires Java 21 as its minimum version — Java 17 is no longer supported.
#SpringBoot #Java #JakartaEE
0%
True
100%
False
1 votes • Final results
83
"Reporting a CVE takes a fraction of the time it takes a maintainer to verify it."
— Our CEO Aaron Mitchell on the AI-driven CVE surge breaking open source maintainer bandwidth. techstrong.tv/videos/intervi…
89
Drupal drops a 'highly critical' unauthenticated core security update today (May 20). Exploits could emerge within hours. EOL Drupal 8 and 9 get manual-only patch files with no correctness guarantee. If you're on EOL Drupal, now is the time to plan your upgrade path. #CyberSecurity #OSS
thehackernews.com/2026/05/dr…
1
231