eSecurityPlanet covered our Devoxx 2025 container security survey and the problems teams keep running into in practice: slow remediation, human error, bloated base images, and reactive updates.
www.esecurityplanet.com/threats/why-...
JDK 26 is where some long-running #Java stories move forward: final fields get stricter, HTTP client gets HTTP/3, G1 gets faster, and applets finally leave for good. Dmitry Chuyko put all JEPs into one readable overview: bell-sw.com/blog/an-over...
π± New video: Spring Developer Roadmap 2026. @asm0dey.site goes past Spring Boot features into the stuff that decides whether your system holds up in prod: real SQL, architecture trade-offs, messaging vs RPC, security, Docker and Kubernetes, and observability.
youtu.be/nuldl1m3pqA
β‘ Weβre live now with @edelveis.dev and @rabauer.bsky.social building a Spring Boot/Vaadin/OpenAI app in VS Code with GitHub Copilot, with strict CI gates turned on, so the code has to be good for real:
www.youtube.com/watch?v=ukcQ...
If you prefer a deeper walkthrough with code examples and trade-offs, @edelveis.dev covers the full picture in the video here: youtu.be/fiThkd__HEU
Important detail: these tools arenβt mutually exclusive. Plenty of teams mix them: JPA/Hibernate for the core domain, and jOOQ (or plain JDBC) for the handful of queries where you want explicit SQL and predictable performance.
A practical rule of thumb: if your domain revolves around entity lifecycle and lots of basic CRUD, JPA/Hibernate can be a good default. If your workload is read-heavy and SQL is the main artifact, jOOQ tends to feel more honest and easier to maintain.
Thatβs where jOOQ fits nicely. It keeps SQL as the source of truth, and with schema-based code generation you get compile-time checks, then it runs the queries via JDBC under the hood.
Where things get messy is query complexity. Simple CRUD is fine, but as soon as you need reporting-style SQL (CTEs, window functions, tricky joins), ORMs can start fighting you: youβre debugging generated SQL and fetch plans instead of writing the query you actually want.
Hibernate is the most common JPA provider, and itβs also a toolkit of its own: it implements the JPA spec, then adds extra mapping options, fetch strategies, and APIs on top. So βwe use JPAβ in practice often means βJPA + Hibernate under the hood.β
Next layer up: JPA is a specification for objectβrelational mapping, not a concrete library. You annotate entities and work through an EntityManager, while the actual behavior comes from the provider you plug in (most commonly Hibernate).
Start at the bottom: JDBC is the low-level API that actually talks to relational databases (Connection > Statement > ResultSet). Everything else eventually ends up here, and you get full control over SQL, but you also own the mapping and resource handling.
Every Java app that talks to a relational database ultimately speaks SQL. The real choice is how directly you want to write that SQL and do the mapping: raw SQL + manual mapping (JDBC), object mapping via ORM (JPA/Hibernate), or SQL with the DSL API with type safety (jOOQ).
𧡠THREAD: JDBC, JPA, Hibernate, jOOQ. The same words show up in every #Java persistence discussion, and theyβre easy to mix up. This is a quick map of where each one sits in the stack and when it makes sense. Save it for the next architecture review π
In #Java26, JEP 522 cuts G1 GC sync overhead. A second card table makes write barriers cheaper, giving 5β15% throughput gains for reference-heavy workloads and slightly better pause times. No code changes. Just faster G1. π
Tomorrow: live vibe coding battle. @edelveis.dev + @rabauer.bsky.social build a Spring Boot + Vaadin + Spring AI app in VS Code with Copilot.
Strict CI gates on: PMD, SpotBugs, JaCoCo, Trivy, OWASP ZAP.
π www.youtube.com/watch?v=ukcQ...
Liquibase vs Flyway. Pick your fighter.
@asm0dey.site and @antonarhipov.bsky.social are doing the side-by-side at @devnexus.bsky.social on Wed, Mar 4: formats, rollbacks, versioning, runtime, cost.
Details: devnexus.com/events/the-u...
Next comes the real app checklist: open details in a dialog, let admins edit safely, keep the UI in sync with live data.
Follow-up article covers dialogs, forms with validation and binders, and real-time updates.
bell-sw.com/blog/how-to-...
Most Java UIs start as a quick internal screen. Then it becomes login, roles, a grid, and filtering...
This Vaadin walkthrough builds the baseline with Spring Boot: security, layouts, a Grid backed by a CallbackDataProvider, plus filter and search that stays readable.
bell-sw.com/blog/how-to-...
π₯ Weβre live now, come join the conversation! @edelveis.dev + @yourjavaguy.bsky.social on what actually makes #Java communities grow and stay healthy: www.youtube.com/live/2zaWyaH...
In #Java26, JEP 504 finally removes the Applet API. java.applet.Applet, javax.swing.JApplet, etc. are gone. If you still extend Applet/JApplet, youβll need an older JDK or a real desktop UI (AWT/Swing/JavaFX). Minimal repro that breaks on 26 π
This Thu: live chat on the human side of Java. @edelveis.dev + @yourjavaguy.bsky.social on how dev communities grow, stay healthy, and help people beyond the code.
Feb 26, 18:00 CET / 09:00 PT
π www.youtube.com/live/2zaWyaH...
The interesting part is what comes next: teams call security a priority, but day-to-day constraints win. Youβll see what ends up in base images, how rebuilds slip, and how βweβll patch it laterβ becomes the norm.
Get the full report: bell-sw.com/state-of-con...
23% of 427 DevOps pros we surveyed at Devoxx 2025 reported a container security incident in the past year.
A thorough, workload-driven Java GC guide from JEE.gr. Clear guidance on picking the right collector, plus good context on G1 vs Generational ZGC and how container limits change the outcome:
jee.gr/the-ultimate...
If you want to see how this looks in practice, BellSoft Hardened Images are here, including whatβs covered and the available variants: bell-sw.com/bellsoft-har...
Thatβs how BellSoft Hardened Images are built: each image ships with a complete SBOM, and image signing lets you verify integrity and authenticity across registries, so βwhatβs insideβ and βis it the right artifactβ are answered by default, not on request.
Once you start treating SBOMs and signing as routine parts of the pipeline, the next step is having them available at the base image level, not stitched on later.
π For the practical side, weβve also published a step-by-step guide to generating SBOMs for Java artifacts and container images using common open-source tooling, with concrete Maven/Gradle workflows you can plug into CI: bell-sw.com/blog/how-to-...
π If you need a clear SBOM baseline, this walkthrough covers what an SBOM is, what it typically includes (component names/versions, suppliers, dependency relationships), and how teams use it for vulnerability and compliance work: bell-sw.com/blog/what-is...
