Java Weekly, Issue 634

1. Spring and Java

>> Post-Quantum Hybrid Key Exchange for TLS 1.3 [inside.java]

JDK 27 now pairs quantum-resistant ML-KEM with classic elliptic-curve key exchange in TLS 1.3, guarding against “harvest now, decrypt later” attacks. No code changes needed which is always good 🙂

Also worth reading:

• >> Building Modular Monoliths With Kotlin and Spring [jetbrains.com]
• >> Enabling AI Agents to Use a Real Debugger Instead of Logging [foojay.io]
• >> GlassFish 8.0 Delivers Compatibility with Jakarta EE 11, Enhanced Security and Improved Data Access [infoq.com]
• >> Writing JDK8-Compatible Libraries with Java Platform Module System Support [4comprehension.com]
• >> How to Customize JaCoCo Report Styling in Your Java Project [foojay.io]
• >> A2A Java SDK 1.0.0.Alpha2 Released [quarkus.io]
• >> Announcing TamboUI [melix.github.io]
• >> Functional Optics for Modern Java – Part 6 [scottlogic.com]

Webinars and presentations:

• >> Foojay Podcast #90: Highlights of the Java Features Between LTS 21 and 25 [foojay.io]
• >> A Bootiful Podcast: Java Champion and hilarious friend, Richard Fichtner [spring.io]
• >> Episode 45 “Announcement – The New Inside Java Podcast” [inside.java]

Time to upgrade:

• >> Spring Framework 7.0.5 Available Now [spring.io]
• >> Spring for Apache Pulsar 1.2.15 and 2.0.3 are now available [spring.io]
• >> Spring Data 2025.1.3 and 2025.0.9 released [spring.io]
• >> WildFly 39.0.1 is released! [wildfly.org]
• >> Quarkus 3.31.4 [github.com/quarkusio]
• >> Eclipse Vert.x 5.0.8 and 4.5.25 [github.com/eclipse-vertx]
• >> Apache Camel 4.18.0 [github.com/apache]

2. Technical & Musings

>> The Power of ‘No’ in Internet Standards [mnot.net]

The real power in Internet standards isn’t in what gets standardized — it’s in which companies decline to implement. A interesting look at how that has impacted the Web’s ambition negatively.

Also worth reading:

• >> Harness Engineering [martinfowler.com]
• >> The Final Bottleneck [lucumr.pocoo.org]
• >> Bliki: Agentic Email [martinfowler.com]
• >> The Shai-Hulud Cyber Worm and more thoughts on supply chain attacks [foojay.io]
• >> Scaling LLM Post-Training at Netflix [netflixtechblog.com]
• >> Automating RDS Postgres to Aurora Postgres Migration [netflixtechblog.com]
• >> A chat with Byron Cook on automated reasoning and trust in AI systems [allthingsdistributed.com]
• >> Deep Dive AAuth (Agent Auth) – Identity and Access Management for AI Agents [christianposta.com]
• >> How I cheated on transactions. Or how to make tradeoffs based on my Cloudflare D1 support [event-driven.io]

3. Pick of the Week

>> Get specific! [sive.rs]