According to a recent LinkedIn post from HeroDevs, the company is drawing attention to continuing security risks in legacy versions of the Apache Struts framework. The post suggests that a large majority of current Struts downloads still involve end‑of‑life releases that no longer receive official security patches, even as new CVEs continue to emerge.
Claim 30% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The company’s LinkedIn post highlights examples of recent vulnerabilities, including remote code execution via file upload paths, disk exhaustion attacks, and XXE flaws identified through AI‑driven research. The message frames these issues as part of a recurring pattern where widely deployed frameworks accumulate unpatched vulnerabilities while migration off legacy technology remains slow and resource‑intensive for many teams.
As described in the post, HeroDevs is positioning its Never‑Ending Support (NES) offering for Struts as a way to provide patched drop‑in replacements for end‑of‑life versions, allowing organizations to maintain security and compliance during protracted migration efforts. For investors, this emphasis on extended support for critical but aging infrastructure may indicate a focus on a niche with persistent demand, particularly among enterprises facing regulatory or security pressures.
If HeroDevs can convert concern over legacy Struts exposure into recurring revenue for NES, the product could contribute to a more predictable services and subscription‑driven business model. The post also underscores broader tailwinds in application security and open source risk management, suggesting potential for HeroDevs to expand similar offerings across other end‑of‑life frameworks as organizations look for interim solutions rather than immediate, costly rewrites.