The maintenance of Hibernate projects focuses on the latest series. When a series reaches end-of-life, it is no longer maintained and thus will no longer receive fixes for bugs or even vulnerabilities.
Application developers temporarily unable to upgrade from end-of-life versions of Hibernate projects but still requiring fixes for security vulnerabilities should look for commercial, end-of-life support.
Commercial Offerings
Hibernate end-of-life support offerings are part of the Commonhaus Foundation Open Source Sustainability Initiative.
The Commonhaus Foundation Open Source Sustainability Initiative (OSSI) recognizes organizations that take responsibility for the security and stability of open source software beyond its end-of-life (EOL). For organizations that depend on EOL software but cannot yet upgrade, OSSI partners provide continued security support and compatibility fixes.
IBM’s offering dedicated to end-of-life versions of Hibernate ORM.
Red Hat’s Jakarta EE application server based on WildFly.
The Extended Life Cycle Support subscription generally covers end-of-life versions of Hibernate projects.
HeroDev’s offering dedicated to end-of-life’d versions of Hibernate ORM.
