Java Serialisation - The Gift That Keeps on Taking (Part 3)

By Steve Poole on July 02, 2022 Cybersecurity

7 minute read time

Part 3 of our issues with Java serialisation shares a deep dive into gadget chains and denial of service attacks.

What’s New With Java? A Discussion With the London Java Community

3 minute read time

What's new with Java? Musings from the recent London Java Community event, Including insight on Java 11 and Java 17 migration, Static Java, UI technology.

Java Serialisation - The Gift That Keeps on Taking (Part 2)

By Steve Poole on March 30, 2022 open source security

8 minute read time

Part two of our Java serialization series: the unexpected consequences of design and how the data stream can be compromised.

Java Serialisation - The Gift That Keeps on Taking (Part 1)

By Steve Poole on March 11, 2022 java

6 minute read time

Log4Shell impels us to review the reasons Java needs serialisation, how to use it safely, and what other options exist. Here in part 1, we examine design.

New Sonatype Scan Gradle Plugin

By Guillermo Varela on February 28, 2020 Gradle

3 minute read time

The newest free plugin in the Sontaype toolbox is a Gradle plugin to scan, evaluate, and audit Gradle project dependencies. It is available now on GitHub.

Continuous Integration in Pipeline as Code Environment with Jenkins, JaCoCo, Nexus and SonarQube

By Rahul Vishwakarma on January 17, 2018 github

5 minute read time

The setup for a Continuous integration pipeline... this is for mavenized Spring boot build with JaCoCo coverage reports and Sonar metrics.

All Things Maven: A Discussion with Brian Fox

By Derek Weeks on November 08, 2017 Central

21 second read time

In this episode, you will hear the history of Maven Central, war stories, how Minecraft DDoSed the service, and plans for the future of Maven and Java 9.Special

Struts2 Exploited Again.  Did Anyone Bother to Tell You?

By Brian Fox on March 10, 2017 oss

5 minute read time

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you


Improving Build Time of Java Builds on OpenShift

By Jorge Morales on March 08, 2017 java

14 minute read time

I will guide you through the process of speeding up Java Maven based builds, and will explain other options that can be taken to the ones that I’ll be showing.