Since the last few editions have been quite thematic, I’ve gathered many interesting links in January that didn’t make it into previous issues. Many aren’t extensive enough for a full section, but they still seem compelling enough to share.

And to wrap things up, I’m adding a few release updates.

Spring AI has been integrated with mcp.run, a platform providing tools for building AI applications and agents.

mcp.run functions as an "App Store" for MCP servers, offering portable and secure code for AI applications and agents. It allows developers to easily connect their code with AI agents, models, and applications. With mcp.run, users can browse, install, and manage servlets, making it easier to integrate with external AI applications.

The Java community has become very fond of MCP. Remember how just a week ago I was describing Quarkus's experiments with Model Context Protocol? Max Rydahl Andersen presented the Model Context Protocol Servers project. The project offers three servers: JDBC for interaction with JDBC-compatible databases, Filesystem for file system access, and JavaFX for creating graphics on JavaFX canvas. These servers are implemented in Java using Quarkus and can be run using JBang, which eliminates the need to install additional tools, and during development they were tested with MCP clients such as Claude Desktop, mcp-cli, and Goose.

Quarkusio has also introduced a predictable release schedule for LTS versions to improve stability and transparency for users. Starting with Quarkus 3.15 LTS, minor updates will be published every two months, including only bug fixes, dependency updates, and CVE patches—without introducing new features. In case of critical security vulnerabilities, emergency releases outside the regular schedule are possible.

Previously, LTS minor versions were released regularly but without a fixed schedule. This new cadence improves the update process and simplifies planning within the Quarkus ecosystem while maintaining a fast release pace for regular versions.

Staying on the topic of Quarkus - Red Hat has made the book "Quarkus in Action" by Martin Štefanko and Jan Martiška available for free. The book guides readers through a sample car rental application and covers Quarkus' unique features, such as Dev Mode, Dev UI, continuous testing, and integrations with frameworks and libraries, including Reactive Messaging, gRPC, and GraphQL. Additionally, the authors explain how to deploy applications on Kubernetes and Red Hat OpenShift easily.

In case you were wondering — Cui Bono.

The article Attacks on Maven proxy repositories by Michael Stepankin, published on GitHub’s blog, analyzes vulnerabilities in popular Maven repository managers such as Sonatype Nexus and JFrog Artifactory. The author explains how specially crafted artifacts can be used to attack these systems, leading to remote code execution (RCE) without authentication and poisoning of local artifacts.

The article includes proof-of-concept exploits. These attacks rely on specially crafted artifacts that enable unauthenticated RCE, potentially giving attackers full control over the repository server. They can also swap existing packages with malicious versions, exposing users to compromised code.

So far, there haven’t been any real-world exploits, and hopefully, thanks to Michael’s publication, there won’t be any 😉.

Azul has released its State of Java 2025 report, confirming that Java remains a key language for enterprise applications. Nearly 70% of respondents indicated that more than half of their applications are built in Java or run on the JVM (though to be fair, we are asking Java developers, so surprising results would be… unexpected). Additionally, 50% of organizations use Java in AI-related projects (which, in this case, I found quite surprising).

Interestingly, 19% of respondents still use Java 6 or 7, while 49% use the latest LTS versions, such as Java 17 or 21. Moreover, most respondents admitted that over 20% of their cloud computing capacity remains unused, indicating a potential for cost optimization through better resource management.

Scala Center is preparing for Google Summer of Code 2025 (GSoC) and is looking for project proposals for this year's edition.

GSoC is a global mentorship program that connects beginner developers with mentors from various open-source communities. It offers them the opportunity to contribute to software development.

Potential mentors are currently being sought to create a list of project proposals. This is a great opportunity for open-source project maintainers to engage new contributors in their Scala projects and introduce them to the open-source ecosystem. Applications are open until February 7, 2025.

Release Radar

JetBrains Junie (Preview)

JetBrains has introduced "Junie," an AI-powered programming agent, currently available in private preview for Mac and Linux users.

Unlike the existing AI coding assistants in IntelliJ IDEA, Junie is designed to autonomously perform tasks based on developer instructions, such as implementing CRUD operations with a user interface. At this stage, Junie supports Kotlin, Java, and Python and is compatible with IntelliJ IDEA Ultimate and PyCharm versions 23.3 and later. Its capabilities include developing new features, fixing bugs, updating documentation, adding tests, and even suggesting changes after failed tests. This move aligns with the industry trend toward AI agents like GitHub Copilot Workspace and AWS Q Developer.

It’s fascinating to wonder if we’ll ever reach the day when assistants in teams are indistinguishable from developers.

TomEE 10

For those unfamiliar (which is understandable, as it’s quite a niche topic nowadays), Apache TomEE (pronounced "Tommy") is an extended version of Tomcat. Unlike standard Tomcat, which only supports servlets and JSP, TomEE integrates additional Jakarta EE (formerly Java EE) components like CDI, JPA, and EJB, making it a lightweight yet fully functional application server.

Apache TomEE 10 introduces full support for Jakarta EE 10 and MicroProfile 6 and requires Java 17 or later. One of the key new features is the implementation of the @OpenIdAuthenticationDefinition annotation from Jakarta Security, simplifying integration with OpenID Connect identity providers.

Struts 7.0

Does anyone still use Apache Struts? I remember working with it back in the Struts 2 or 3 days when it seemed like a potential alternative to Spring. It’s a classic MVC framework for Java web applications that, unlike modern solutions like Spring and Quarkus, relies on a traditional servlet-and-JSP-based approach, focusing primarily on the presentation layer.

Apache Struts 7.0, released in December 2024, introduces significant improvements, mainly support for Jakarta EE 9+.

This release comes with an interesting backstory. In December 2024, a critical vulnerability (CVE-2024-53677) was discovered in its file upload mechanism, allowing attackers to execute remote code. While patches were quickly released, the vulnerability has already been actively exploited by cybercriminals. Version 7.0, of course, is free of this issue.

JobRunr 7.4

JobRunr is a Java library for scheduling and processing background jobs. It enables developers to easily create asynchronous, delayed, and recurring tasks using Java 8 lambdas. JobRunr supports both short- and long-running processes, ensuring reliable execution in the background. I consider it the standard for this type of solution.

Version 7.4.0 introduces support for JDK 24, Spring Boot 3.4, and Kotlin 2.1, while dropping support for Kotlin 1.8. Enhancements include delaying the startup of the BackgroundJobServer until the Spring Boot application is fully initialized. SQL syntax consistency in migration scripts has been improved, and logging has been enhanced by adding the job identifier (jobSignature) to the MDC (Mapped Diagnostic Context)—a mechanism that allows storing and retrieving metadata such as user IDs, HTTP request IDs, or transaction numbers without explicitly passing them through the entire application code.

PS: I "borrowed" the title The Rest of the Story from Planet Money, which they took from Paul Harvey, the legendary American radio broadcaster. I’ve always liked it 😃.