In December of last year, we reported CVE-2022-1471 to you. This unsafe deserialization problem could easily lead to arbitrary code execution under the right circumstances.  In the deep-dive blog post “Unsafe deserialization vulnerability in SnakeYaml (CVE-2022-1471)”, I explained the problems in this library and how it could be executed. The gist of the problem was that by default SnakeYaml parsed the incoming …

Checkpointing and restoring the JVM makes applications run faster because all the startup work is done before deployment. This means that in serverless cloud applications, the end-user of the application perceives no delay when the application starts. You can try it out now with your own apps on Open Liberty with Eclipse OpenJ9. But if you want to know more, …

In this tutorial, we are going to take a look at contributing to Open Source Software, specifically how to do a pull request (PR). We will look at forking and cloning the project, making the changes, committing and pushing these changes, creating the pull request, the review and hopefully merge of your PR. The same process may apply when making …

We all have some hobby, be it sports, fishing, playing games or building compilers. One of my hobbies is regularly searching the JDK for new Java classes with executable main methods. How come? Many years ago, during my forays through the JDK sources, I first encountered a class with a main-method I didn’t know about. That was in 2007 (oh …

Foojay.io is a community platform dedicated to the needs of Java developers (and beyond, e.g., Kotlin) who use OpenJDK and related technologies. It serves as a central hub for sharing knowledge, resources, and tools related to Java and OpenJDK. The platform offers a wide range of content, including articles, tutorials, and insights from industry experts and Java enthusiasts. Whether you’re …

Things you can do right now to learn new and valuable things that can improve your code.  There are many common mistakes I’ve seen repeated over the years while trying to make observability initiatives successful. However, the most critical and fundamental of these organizational stumbles is the irresistible infatuation with technology and toolings themselves.  It should not come as a surprise. …

We reached the final installment of our Manifold series but not the end of its remarkable capabilities. Throughout this series, we have delved into various aspects of Manifold, highlighting its unique features and showcasing how it enhances Java development. In this article, we will cover some of the remaining features of Manifold, including its support for GraphQL, integration with JavaScript, …

A couple of years ago, Reactive Programming was all the rage, but it had one big issue: reactive stopped as soon as you accessed a SQL database. You had a nice reactive chain up to the database, defeating the whole purpose. Given the prevalence of SQL databases in existing and new apps, one couldn’t enjoy the full benefits of Reactive …

My goal is to write a blog post every two weeks, it’s great to stick to a schedule and force yourself to publish pieces even if they are not perfect. This doesn’t mean that these blog posts are terrible, just that they could need a bit more polish or could cover a bit more of the topic. But I know …

Season 2 of the Foojay Podcast has come to an end. Since September of ’22, 22 episodes where published here on Foojay. In this article, we want to share some of the experiences of creating such podcasts, but also more generally, how you can share your work in a video with a small (or bigger) budget… Audio There is one …