HeroDevs

It’s about the people… it always has been. And a little bit about the swag ;) HeroDevs @ ng-conf

We are so proud of our Hero, Marco Ippolito, for making significant contributions to the Node.js project! 🎉

🚨 Attention Vue Developers! First Vue 2 CVE Discovered Since 2018🚨 A new medium-risk XSS vulnerability (CVE-2024-6783) has been identified within the Vue 2 template compiler, which is present in the “full build” of Vue 2. The full build allows user code to compile string templates to Vue components and render functions dynamically within the browser, where they are then executed. 🔐 Affected Package: vue-template-compiler 🔐 Vulnerable Versions: >= 2.0.0 < 3.0.0 🔐 Proof of Concept: https://lnkd.in/gq6t6GRJ Actions to take: 🛡 Migrate to Vue 3 for enhanced security. 🛡 Apply a Custom Patch to secure your current setup. 🛡 Get Expert Help from HeroDevs for continuous security and compliance with our secure drop-in replacement for Vue 2. Don't let your applications be at risk. Ensure your systems are secure and compliant by taking prompt action. For more details and mitigation steps, visit our website or reach out to our team at HeroDevs. Stay safe and secure! #VueJS #WebSecurity #CyberSecurity #HeroDevs #SpringNES #SoftwareUpdate #SecurityAlert

❗❗❗Are you ready for Spring Framework 5.3's end-of-life in August? ❗❗❗ (Yes, this August 31, 2024.) If not, NO WORRIES. We are here to provide security support with our new secure drop-in replacement, 🍃Spring Never-Ending Support🍃 - allowing you to upgrade on your own timeline. What you can expect: 🛡️Continuous security updates 🛡️Seamless Java environment compatibility 🛡️Compliance with FedRAMP, PCI, HIPAA, SOC2/ISO27001 🛡️Expert support from Spring contributors 🛡️Migration timelines that fit your business needs Extend the life of your systems, ensure security and compliance, so you can make a security plan that's right for you. Contact HeroDevs for a smooth transition and secure your applications today! #SpringFramework #CyberSecurity #LegacySupport #HeroDevs #SpringNES

🚨 Important Security Alert for PHP Developers! 🚨 A recently identified OS command injection vulnerability, tagged as CVE-2024-4577, affects PHP versions 5.x, 6.x, 7.x, and 8.x. This flaw is particularly risky when PHP is used with Apache and PHP-CGI on Windows systems. The vulnerability arises from the "Best-Fit" behavior of certain Windows code pages, which can misinterpret command line characters passed to Win32 API functions. This allows malicious users to execute arbitrary PHP code, expose source code, or perform other unauthorized actions. Ensure your systems are secure by applying the latest patches right away. For detailed insights and assistance, contact HeroDevs. #CyberSecurity #PHPSecurity #SoftwareUpdate #TechAlert #HeroDevs

Update for Drupal 7 Users: With the Drupal 7 end-of-life on the horizon, HeroDevs proudly announces our role as the inaugural partner for the Extended Security Support Program with the Drupal Association. Our Drupal 7 Never-Ending Support (NES) provides essential security, compliance, and compatibility updates for users who can't migrate before January. Seamlessly integrate our solution to keep your site secure while you plan your next move. #Drupal7 #WebSecurity #HeroDevs #EOLSupport #DrupalCommunity

CVE ALERT: HeroDevs has recently released patches for three medium-risk vulnerabilities affecting Bootstrap 3 and 4.  These vulnerabilities were discovered by security researchers and disclosed through HeroDevs 🚨 CVE-2024-6484: A cross-site scripting (XSS) vulnerability in the Bootstrap 3 Carousel component. 🚨CVE-2024-6485: An XSS vulnerability in the Bootstrap 3 Button component. 🚨CVE-2024-6531: An XSS vulnerability in the Bootstrap 4 Carousel component. To protect your applications from these vulnerabilities, consider the following steps: 🔧 Upgrade: Migrate to the latest version of Bootstrap. 🤝 Partner with HeroDevs: Use HeroDevs for post-end-of-life security support to ensure your Bootstrap applications remain secure, compliant, and compatible. More details here: https://bit.ly/3Lpb46M

🚀 Exciting news for the Drupal community! The Drupal Association has officially named HeroDevs as the first partner for Drupal 7 Extended Security Support. This partnership is a significant milestone, ensuring the continuity and security of Drupal 7 sites beyond the official end-of-life date. 👏 Kudos to HeroDevs for stepping up to support the community with their expertise and dedication. This collaboration highlights the ongoing commitment to maintaining a secure and robust web environment for all Drupal users. 🛡️ Keep your Drupal 7 sites safe and secure with the extended support from HeroDevs! Find the link in the comments to learn more about this groundbreaking partnership. #Drupal #HeroDevs #DrupalAssociation #WebSecurity #ExtendedSupport #OpenSource

In light of the recent Polyfill.io supply chain attack that compromised over 100,000 websites, we wanted to explain how our Never-Ending Support keeps your deprecated open-source projects safe from attacks like these. Our HeroDevs experts apply their extensive knowledge to implement comprehensive protection measures, ensuring your projects remain safe and you can focus on innovation without worry. Let's get into how: 🔒 Our independent infrastructure and thorough external AND internal security audits ensure our clients’ software remains safe. 🔒 We don’t rely on third-party CDNs, minimizing risk. 🔒 Our experts find and fix vulnerabilities BEFORE they are public. 🔒 Our partnership with open-source communities guarantees ecosystem sustainability and security. Learn more about Never-Ending Support for End-of-Life Open Source Software: https://lnkd.in/guJHvAsM #cybersecurity #opensource

Major Announcement! HeroDevs is now a CVE Numbering Authority (CNA), marking a huge accomplishment for our company and our efforts to create a more secure and sustainable web. This designation enables us to collaborate with security researchers and the open-source community to enhance security awareness by responsibly vetting, documenting, and disclosing vulnerabilities. As a CNA partner, HeroDevs will assign CVE IDs to security issues in our software and those identified by our researchers in open-source projects. This achievement underscores our commitment to sustainability and proactive protection of the web. We are dedicated to securing deprecated and unsupported software, ensuring a safer digital environment for everyone. #CyberSecurity #OpenSource #CNA #HeroDevs