✨
You're invited: Upstream is June 7, 2022
✨
For maintainers
Log in
Product
Overview
Scope of support
Pricing
SCHEDULE DEMO
Resources
All Resources
Log4Shell
Guides & Reports
Webinars
Surveys
Documentation
Videos
Blog
Partnerships
Podcasts
Events
LOG4SHELL RESOURCES
About
About Tidelift
Press
Contact Us
JOIN THE TIDELIFT TEAM
Blog
SCHEDULE DEMO
Featured
Tidelift advisory | Spring Framework critical vulnerability: what you need to know and do
In this advisory, we will address the core facts regarding the recently disclosed security vulnerability in the Spring Framework, which has been ...
by
Jeremy Katz
on March 31, 2022
Filter by Topic
Managed open source
(57)
Lifters
(52)
Maintainers
(45)
Events
(32)
Data
(27)
Dependencies
(25)
Developers
(24)
NPM
(24)
Open Source Software
(24)
Subscription
(24)
Sustainability
(22)
the Tidelift Subscription
(22)
JavaScript
(21)
Licensing
(21)
open source licenses
(20)
Lifter Interview
(19)
Packages
(18)
Python
(17)
Package Managers
(14)
Survey
(13)
Vue
(13)
Libraries.io
(12)
Pay the Maintainers
(12)
Security
(12)
Upstream
(12)
2020 managed open source survey
(10)
Java
(10)
Log4Shell
(10)
Maven
(10)
Open source supply chain solutions
(10)
Package Management
(10)
Teamwork
(10)
Tidelift catalogs
(10)
2019 managed open source survey
(8)
Free trial
(8)
Log4j vulnerability
(8)
PyPI
(8)
log4j
(8)
AWS
(7)
Apache Log4j2 <=2.14.1
(7)
PHP
(7)
Product updates
(7)
jfrog
(7)
open source supply chain
(7)
Intro to managed open source
(6)
Metrics
(6)
webinar
(6)
Interface
(5)
Ruby
(5)
VueConf
(5)
VueJS
(5)
Vuetify
(5)
remote work
(5)
rubygems
(5)
2021 maintainer survey
(4)
AWS:reinvent
(4)
Financial services
(4)
GitHub
(4)
Linux
(4)
Packagist
(4)
The 2021 Tidelift open source maintainer survey
(4)
White House executive order 14028
(4)
podcast
(4)
remote team
(4)
sBOMs
(4)
software supply chain
(4)
Application Development
(3)
Bloomberg
(3)
COVID-19
(3)
Changelog
(3)
Dependency hell
(3)
FinTech
(3)
Forrester
(3)
Gartner
(3)
Good docs
(3)
Google
(3)
Government
(3)
Hacker
(3)
How to
(3)
IDC
(3)
Maintenance
(3)
MongoDB
(3)
Mongoose
(3)
Open Source Initiative
(3)
Package manager
(3)
Project Lombok
(3)
Pupdates
(3)
Python Software Foundation
(3)
React
(3)
The Python Software Foundation
(3)
Tidelift-managed catalogs
(3)
copyleft licenses
(3)
dependency health
(3)
devops
(3)
ethical open source licenses
(3)
open source support
(3)
recession
(3)
supply chain attacks
(3)
urllib3
(3)
2020 survey
(2)
451 Research
(2)
Artifactory
(2)
Babel
(2)
Enterprise
(2)
GNU Public License
(2)
GitLab Commit
(2)
Golang
(2)
Gulp JS
(2)
Hippocratic (aka Do No Harm) License
(2)
Hiring
(2)
Laravel
(2)
Maintainer Week
(2)
Material-UI
(2)
NumFocus
(2)
NumPy
(2)
NuxtJS
(2)
PSF
(2)
Productivity
(2)
PyCon
(2)
Red Hat
(2)
Server Side Public License
(2)
SolarWinds
(2)
Tidelift advisory
(2)
Vulnerabilities
(2)
Webpack
(2)
ajv
(2)
catalogs
(2)
commercial assurance
(2)
composer
(2)
cooking with tidelift and jfrog
(2)
copyleft
(2)
critical vulnerability
(2)
diversity
(2)
documentation
(2)
eslint
(2)
known-good open source
(2)
managing open source
(2)
nodejs
(2)
pandas
(2)
security vulnerability
(2)
software bills of materials
(2)
swampup
(2)
2021 survey
(1)
2FA
(1)
996.icu
(1)
996.icu license
(1)
AGPL
(1)
AGPL v3
(1)
APIs
(1)
Active Admin
(1)
Apache License
(1)
Beautiful Soup
(1)
Blue Oak Model License
(1)
Browserify
(1)
Bundler
(1)
Byte Buddy
(1)
CHIME
(1)
CLI
(1)
CVE
(1)
CVE-2022-22965
(1)
Carbon
(1)
Careers
(1)
Commercial Open Source Software
(1)
Community
(1)
Community health files
(1)
CommunityBridge
(1)
Contributing to open source
(1)
Cryptographic Autonomy License
(1)
DXY.cn
(1)
Dependency analyzer
(1)
DevOps Enterprise Summit
(1)
Digital Ocean
(1)
Digital transformation
(1)
Django
(1)
DjangoCon
(1)
ECMAScript 5
(1)
ED&I
(1)
Elastic
(1)
Evil Martians
(1)
Fannie Mae
(1)
Fidelity Investments
(1)
Free Software Foundation
(1)
GPL
(1)
GPL v3
(1)
Girls Who Code
(1)
GitHub Marketplace
(1)
GitHub Satellite
(1)
Global Maintainer Summit
(1)
Hacktoberfest
(1)
Jade
(1)
Legal
(1)
Lerna project
(1)
License Zero
(1)
Lifter help
(1)
Lighthouse PHP
(1)
Locale.ai
(1)
MITRE
(1)
Maintainerati
(1)
Microsoft
(1)
Mockito
(1)
Nuxt
(1)
OSCON
(1)
OSI
(1)
OSPO
(1)
OSPOCON
(1)
OSS
(1)
Open Source Leadership Summit
(1)
OpenJS Collaborator Summit
(1)
Oracle
(1)
Path-to-RegExp
(1)
Penciljs
(1)
Pillow
(1)
Pug JS
(1)
Pupdate
(1)
Pylint
(1)
Pyparsing
(1)
QCon
(1)
Ramda Adjunct
(1)
React-Native
(1)
Research
(1)
Ruby Together
(1)
Rust
(1)
SSPL
(1)
SciPy
(1)
SerenityJS
(1)
Slack
(1)
Slim Framework
(1)
Spring
(1)
Spring MVC
(1)
Spring WebFlux
(1)
Spring framework
(1)
StandardJS
(1)
Stratus Digital Systems
(1)
Sudo Show
(1)
SugarCRM
(1)
Symfony
(1)
TC39
(1)
TFiR
(1)
Tools
(1)
Two Factor Authentication
(1)
USGS
(1)
Underscore
(1)
University of Michigan
(1)
Upstream thinking
(1)
Vue 3
(1)
Vue vs React
(1)
What is a package manager
(1)
White House executive order
(1)
agile
(1)
ama
(1)
analyst firm
(1)
anti-carbon license
(1)
array flatten
(1)
artifacts
(1)
autoprefixer
(1)
backbone
(1)
backend framework
(1)
burnout
(1)
byebug
(1)
case study
(1)
code health
(1)
command line integration
(1)
coordinated security vulnerability disclosure
(1)
coronavirus
(1)
curl
(1)
cybersecurity
(1)
data science
(1)
decentralized internet
(1)
demo
(1)
docs advocacy
(1)
es5-shim
(1)
event
(1)
finos
(1)
formidable
(1)
google monorepo
(1)
grape
(1)
halfnium microsoft exchange
(1)
inclusion
(1)
json
(1)
keynote
(1)
lock files
(1)
mental health
(1)
no-negotiation policy
(1)
nuget
(1)
o'reilly
(1)
observability
(1)
open source scanning tools
(1)
open source software support
(1)
open source strategy forum
(1)
open source summit
(1)
opencore
(1)
package health
(1)
package invalidation
(1)
package manifests
(1)
package selection
(1)
package signing
(1)
php html parser
(1)
phpstan
(1)
pluralize
(1)
polyfills
(1)
postcss
(1)
react-native-camera
(1)
reactivity
(1)
redmonk
(1)
requests
(1)
rights ratchet
(1)
ruby grape
(1)
software architects
(1)
software engineers
(1)
supply-chain compromises
(1)
swift
(1)
tech books
(1)
the Apache Foundation
(1)
the Flarum Foundation
(1)
the Linux Foundation
(1)
the Polyform Project
(1)
third_party_prefix
(1)
unfunded mandates
(1)
vue 2
(1)
vue catalog
(1)
vuesax
(1)
websockets
(1)
wordpress
(1)
working at Tidelift
(1)
zero-day fire drill
(1)
See All
