Foojay.io | Friends of OpenJDK and Java Programming

Is your Java application actually secure, or does it just look that way? In this episode of the Foojay Podcast, Frank is joined by Steve Poole and Dave Welles, both from HeroDevs, to dig deep into the state of Java security in 2025 and beyond.
Steve introduces the concept of zombie dependencies: end-of-life libraries that appear safely dormant but are quietly accumulating vulnerabilities waiting to bite you. Dave, a co-chair of the CVE Automation Working Group, explains what a CVE actually is, how the identification and disclosure process works in practice, and why AI tools like Mythos are dramatically accelerating the pace at which new vulnerabilities are found — on both sides of the wall.
Together they cover how CVEs in the Java runtime are handled through coordinated disclosure, why Maven Central is safer than most ecosystems but not a silver bullet, and what insurance companies are starting to demand from organizations that haven't cleaned up their dependency trees. They also discuss practical steps any Java developer can take today, from generating an SBOM and running Snyk or Trivy, to adopting OpenRewrite and Renovate in your pipelines, and why vibe coding with AI tools may be quietly making your security posture worse if you are not reviewing the dependency choices being made for you.
A candid, occasionally alarming, and ultimately optimistic conversation about a problem the Java community is well-positioned to lead on.

Steve Poole
LinkedIn
Foojay Author profile
Crossing the River Styx: Spring Boot 3.5 and the Zombie Dependency Problem
Why Java Developers Over-Trust AI Suggestions

Dave Welch
LinkedIn

Content
00:00 Introduction of topics and guests
04:00 What are Zombie dependencies?
05:36 What are CVEs?
11:39 How Mythos and other AI tools are influencing the CVE reporting process
16:53 How CVEs in the Java runtime are handled
21:30 How the industry is looking at the increased security threats
30:17 Developers need to make better decisions "the first time" and use the right tools
31:42 Keep your OS, JVM, and dependencies up-to-date! Insurance companies will force you...
44:48 How "safe" is Maven Central compared to other repository systems
50:48 What you can do as a Java developer to make your apps safer
59:01 Should we be scared for the following years and be careful with vibe coding?
01:04:27 Conclusion

Foojay.io, the website for the Friends of OpenJDK, is turning six years old. To celebrate, Frank Delporte headed to JCON in Cologne, Germany, and sat down with twelve members of the Java community to talk about what Foojay means to them, what they learn from each other, and how the community is evolving.
Foojay is more than a blog. It is a Mastodon server, a Slack community, the Disco API, a book on sustainability, a podcast, and now an education catalog. Six years in, it is still growing, still community-driven, and still very much a place where anyone who works with Java is welcome.
00:00 Introduction
02:16 Sharat Chandar
https://www.linkedin.com/in/sharatchander/
Java community and history
What you can learn from conferences and articles
05:37 Markus Westergren
https://www.linkedin.com/in/markuswestergren/
https://foojay.io/sustainability-for-java-developers/
https://foojay.io/today/join-slack-com-t-foojay-signup/
Book "Sustainability for Java Developers"
How to "sustain yourself" in this strange-AI-changing-world
09:46 Iryna Dohndorf
https://www.linkedin.com/in/iryna-dohndorf/
https://foojay.io/today/author/iryna-dohndorf/
Mentoring about sustainability as a developer + groundness + robustness skills
High performance without crushing your soul
13:59 René Schwietzke
https://www.linkedin.com/in/reneschwietzke/
https://foojay.io/today/the-curious-case-of-different-runtimes-with-different-training-data-jit/
Diving deep into the runtime, JITWatch
About the broad mix of topics handled on Foojay
18:28 Gerrit Grunwald
https://www.linkedin.com/in/gerritgrunwald/
https://foojay.io/today/author/gerrit-grunwald/
https://foojay.io/today/disco-api-helping-you-to-find-any-openjdk-distribution/
https://sdkman.io/
The Disco API, the source with all the available OpenJDK distributions, is used by SDKMAN, Gradle, and many other tools
About the many distributions that are available, even ones that are mainly (and only) used in Asia
27:45 Catherine Edelveis
https://foojay.io/today/author/catherine-edelveis/
https://www.youtube.com/watch?v=Ytdo8OGEYFI
https://foojay.io/today/which-java-runtime-should-you-use-in-production-comparing-openjdk-distributions/
Reducing Docker sizes improves security and performance
Many distributors provide builds of OpenJDK
31:16 Jago de Vreede
https://foojay.io/today/author/jago-de-vreede/
About the Java community and the place of Foojay in it. What is good, what are we missing?
SDKMAN, creating an UI for it, and using the many OpenJDK distributions
35:05 Annelore Egger
https://www.linkedin.com/in/anneloredev/
https://foojay.io/?s=egger
Java community, conference volunteering, mentoring
How to become a conference speaker
Learn by teaching
38:03 Buhake Sindi
https://www.linkedin.com/in/buhake-sindi/
https://foojay.io/today/author/buhake-sindi/
https://github.com/langchain4j/langchain4j-cdi
Jakarta EE, LangChain4J CDI, Agent to Agent
Impact of AI on developer life and sustainability
44:03 François Martin
https://www.linkedin.com/in/fran%C3%A7oismartin/
https://foojay.io/today/author/francois-martin/
https://foojay.io/today/eliminating-flaky-tests-to-end-world-hunger/
https://foojay.io/today/five-ways-to-use-gradle-enterprise-to-identify-and-manage-flaky-tests/
Learn from mentoring, for example, how to earn from opensource
Foojay author, just published an article about Flaky tests
48:18 Dominika Tasarz-Sochacka
https://www.linkedin.com/in/dominikatasarz/
https://foojay.io/today/author/dominika-tasarz/
https://foojay.io/today/join-slack-com-t-foojay-signup/
https://foojay.io/today/how-to-submit-your-next-article-on-foojay-io/
The future of Foojay, how can we get the community even more involved
What you can learn from the community
51:18 Geertjan Wielenga
https://www.linkedin.com/in/geertjanwielenga/
https://education.foojay.social/
Java communities are everywhere
How Foojay started and grew
How can contributing to the community influence your career
58:15 Conclusion

In this episode of the Foojay Podcast, we're bringing you something special: a full batch of hallway-track conversations recorded live at VoxxedDays Amsterdam.
Fifteen guests, one conference, and one theme that kept coming back, whether we planned it or not: Java has grown up quietly, steadily, and in ways that still surprise people who haven't looked lately. We talked about migrating between versions, new features in the latest Java releases, authorization done right, AI-assisted coding, cryptography, containers, open-source contributions, GDPR data experiments, and, yes, the things people hate about Java but secretly love.
I spoke with Ko Turk, who organized this very conference, Johannes Bechberger, Lutske de Leeuw, Aicha Laafia, Marit van Dijk, Adele Carpenter, Patrick Baumgartner, Sohan Maheshwar, Jeroen Egelmeers, Erwin Manders, Alexander Shopov, Maarten Verburg, Arjan Tijms, Joost Kaan, and Stephan Janssen.
That's a lot of people. That's a lot of opinions. And somehow, they mostly agree: update your JDK, read your code, and please talk to your actual users.

Content

00:00 Introduction
00:30 Ko Turk
https://www.linkedin.com/in/ko-turk-b271b929/
Organizer of VoxxedDays Amsterdam
Migrating between Java versions
02:25 Johannes Bechberger
https://www.linkedin.com/in/johannes-bechberger/
Java is boring, and that's why it's brilliant
Java 26 test it, but not in production
JFR improvements in the latest versions
06:28 Lutske de Leeuw
https://www.linkedin.com/in/lutske/
Volunteer at the conference
Java is boring, and that's why it's brilliant
Java 5 till 26 evolutions
10:35 Aicha Laafia
https://www.linkedin.com/in/aicha-laafia-0266a6126/
Lambda stream gatherers in Java 25
Simpler and more fun code
Update your JDK!
16:16 Marit van Dijk
https://www.linkedin.com/in/maritvandijk/
Fun in coding, write Java the playful way
Java evolutions and how writing code has evolved
Importance of code reading with AI-assisted coding
22:04 Adele Carpenter
https://www.linkedin.com/in/adele-carpenter-a988623a/
The things I hate about Java, but actually love it
27:37 Patrick Baumgartner
https://www.linkedin.com/in/patbaumgartner/
Organizing VoxxedDays Zurich
Spring Boot optimization
Using Buildpacks to create better containers
35:02 Sohan Maheshwar
https://www.linkedin.com/in/sohanmaheshwar/
Authorization, the good way
JWT is a bad idea
38:34 Jeroen Egelmeers
https://www.linkedin.com/in/jegelmeers/
https://craftingaiprompts.org/documentation/se-framework/craft-framework
AI, prompt engineering, agentic programming
The CRAFT Framework: Orchestrating Agentic Flow
The importance of interacting with your end-users
43:32 Erwin Manders
https://www.linkedin.com/in/erwinman/
Cryptography, digital signatures, and securing data and messages
Comparing Kotlin and Java
45:12 Alexander Shopov
https://www.linkedin.com/in/alshopov/
Developer at Uber
Comparing different languages: Java, Python, Go
How Java is modernizing by learning from other languages
49:18 Maarten Verburg
https://www.linkedin.com/in/maartenverburg/
Using your own GDPR data for fun experiments
Comparing early Java with the current status
Java Streams the most important change
52:35 Arjan Tijms
https://www.linkedin.com/in/arjantijms/
https://omnifish.ee/
Jakarta Faces, Security, Authentication and Authorization, EE,...
Jakarta specs are used in Spring
How Java evolved and is still evolving
How can you contribute to opensource
59:55 Joost Kaan
https://www.linkedin.com/in/joost-kaan/
What you can learn at a conference, besides the expected language-related talks
AI influences on the developer work
Contributing to the Java community, AI user group
01:03:52 Stephan Janssen
https://www.linkedin.com/in/stephanjanssen/
https://geniebuilder.ai/
The importance of the "Hallway Track" where you can chat with like-minded people
Using AI-assisted spec-driven coding
Talking to your end-user becomes more important than ever
01:09:00 Conclusion

Welcome to another episode of the Foojay Podcast! In this episode, we're talking about Java 26, released on March 17 in the year 26. Again, right on schedule with Java's six-month release cadence.
Now, Java 26 is not a Long Term Support (LTS) release; that was Java 25. But don't let that fool you into thinking there's nothing interesting here. This release brings ten JDK Enhancement Proposals (JEPs). They cover everything from performance improvements to long-overdue cleanups. Of those ten JEPS, five are new features, and we also get five preview/incubator features.
Guests
Simon Ritter
https://www.linkedin.com/in/siritter/
Loïc Mathieu
https://www.linkedin.com/in/lo%C3%AFc-mathieu-475b144/
Content
00:00 Introduction of topic and guests
01:35 Differences between Long and Short Term Support
05:10 Which Java versions are used by companies
https://foojay.io/today/foojay-podcast-90-highlights-of-the-java-features-between-lts-21-and-25/
07:54 Internal changes and improvements in release 26, highlighting UUIDv7 support
https://foojay.io/today/java-26-whats-new/
12:02 JEP 500: Prepare to Make Final Mean Final
13:24 JEP 526: Lazy Constants (Second Preview)
16:12 JEP 517: HTTP/3 for the HTTP Client API
https://en.wikipedia.org/wiki/HTTP/3
https://en.wikipedia.org/wiki/QUIC
18:48 JEP 504: Remove the Applet API
20:52 JEP 524: PEM Encodings of Cryptographic Objects (Second Preview)
21:59 JEP 516: Ahead-of-Time Object Caching with Any GC
https://openjdk.org/projects/leyden/
https://docs.azul.com/prime/analyzing-tuning-warmup
https://foojay.io/today/faster-java-warmup-crac-versus-readynow/
25:30 JEP 522: G1 GC: Improve Throughput by Reducing Synchronization
Trash Talk - Exploring the JVM memory management by Gerrit Grunwald
28:04 JEP 525: Structured Concurrency (Sixth Preview)
https://openjdk.org/projects/loom/
31:09 JEP 529: Vector API (Eleventh Incubator)
https://openjdk.org/projects/panama/
https://openjdk.org/projects/valhalla/
34:59 When do JEPs get selected to be included in a release
https://openjdk.org/projects/jdk/26/
https://openjdk.org/projects/jdk/27/
38:03 JEP 530: Primitive Types in Patterns, instanceof, and switch (Fourth Preview)
https://openjdk.org/projects/amber/
Java Puzzlers talk by Simon
42:14 Do we need "Carrier Classes"?
Amber mailing list: Data Oriented Programming, Beyond Records
JVM Weekly newsletter by Artur Skowroński
44:38 What changes does Java need for the AI world?
JEP DRAFT 8361105: Code reflection (Incubator)
https://openjdk.org/projects/babylon/
https://www.tornadovm.org/
47:53 Remarkable numeric facts about releases
48:30 Conclusion

In this Foojay Podcast, we're celebrating a major milestone in Java development history: 25 years of IntelliJ IDEA.
Think about it: IntelliJ IDEA launched in 2000, and since then, it has become the go-to IDE for millions of Java developers worldwide. From its revolutionary code completion and refactoring tools to AI-powered features and the recent unified Community and Ultimate release, IntelliJ has shaped how we write Java, and keeps reinventing itself to stay ahead.
For this episode, I'm joined by three people from the JetBrains team who know this story inside and out. Marit van Dijk, developer advocate and contributor to the Foojay community. Anton Arhipov, also a developer advocate at JetBrains. And Dmitry Jemerov, who has been part of the IntelliJ IDEA story for a very long time.

Guests
Marit van Dijk
https://foojay.io/today/author/marit-van-dijk/
https://www.linkedin.com/in/maritvandijk/
https://mastodon.social/@maritvandijk
Anton Arhipov
https://www.linkedin.com/in/antonarhipov/
Dmitry Jemerov
https://www.linkedin.com/in/dmitry-jemerov-3a59b43a5/
Links
Website
Documentation
Blog
YouTube
LinkedIn
Bluesky
Twitter
Foojay Podcast #81: Maven 4 – The Future of Java Build Automation
Video: IntelliJ IDEA: The Documentary | [OFFICIAL TRAILER] | Coming March 5th
Introducing Mellum: JetBrains’ New LLM Built for Developers 
Mellum: Explore code-intelligent large language models for IDEs, AI assistants, research, and education
Birthday game website
Game plugin in IntelliJ IDEA
You’re Invited to IntelliJ IDEA Conf 2025!
The Unified IntelliJ IDEA: More Free Features, a Better Experience, Smoother Flow
Video: Troubleshooting Spring Boot Applications with the Spring Debugger
Spring Debugger plugin
Plugin for IntelliJ IDEA (and other IDEs) created by Frank: Recent Projects Organized

Content
00:00 Introduction of topic and guests
01:36 Now JetBrains started
02:31 Licensed software in an open-source world
06:37 Other JetBrains IDEs
07:46 Why Kotlin was created
08:50 The challenge of maintaining all the tools
10:36 How the guests joined JetBrains
14:03 IntelliJ versus IntelliJ IDEA, history of the name
15:10 Most important ongoing changes in IDEs
17:55 Unified distribution of IntelliJ IDEA and the history of the open-source version
21:28 The number of people at JetBrains
23:31 the "business model" behind Kotlin
24:39 The impact of AI, LLM, Chat interfaces,...
35:49 Upcoming evolutions in IntelliJ IDEA
38:07 About shortcuts and the many features and plugins in IntelliJ IDEA
46:36 Announcements: IntelliJ IDEA Conf 2026 and Documentary Trailer
48:35 The IntelliJ IDEA Birthday Game
49:24 Conclusions