By Jamie, who attended the event
Hello everyone! Jamie here, and I’m thrilled to share what went on at our first Java Oxford event of 2025. We kicked things off at CoreFiling with a room full of keen Java enthusiasts, two amazing speakers, and some fantastic post-talk discussions. It really set the tone for an exciting year ahead. Here’s my recap of the highlights.
Talk #1: Handling a Remote Code Execution Vulnerability – The Good, The Bad, and The Ugly
First up was Mark Thomas, who took us through two real-world vulnerabilities that made waves recently: CVE-2024-50379CVE- 2024-50379 and CVE-2024-56337CVE- 2024-56337. Both involved a race condition in Apache Tomcat that allowed attackers to execute remote code – definitely the stuff of security nightmares!
Real-World Lessons in RCE Response
- Timely Patches: Mark showed that you can fix an exploit and still wake up to reports of it not quite being fixed. A reminder to always keep an eye on fresh CVE reports and be prepared for patch follow-ups.
- Holistic Monitoring: Even after you’ve patched, stay vigilant for suspicious behaviour in logs and network activity; attackers love finding tiny cracks left behind.
- Secure Config by Default: Part of the vulnerability exploited a rarely enabled setting in Tomcat, which emphasises the importance of running with minimal privileges and features switched on. If you don’t need it, turn it off!
“Don’t treat the final patch as the final word. Keep an eye on updates and be prepared to take further action!” – Mark Thomas
Further Reading & Resources:
- Official Apache Tomcat Security Advisories (for the latest CVEs & patch versions)
- OWASP: Security Patching Best Practices
It was a cracking deep dive into responding to security crises under real-world conditions – definitely an eye-opener if you handle production servers!
Talk #2: GraphQL in Spring – And What We Learned About JPA Performance
Next, we had David North, who introduced us to using GraphQL with Spring Boot. While GraphQL can give clients the power to request only what they need, it can also introduce hidden performance pitfalls.
Insights on GraphQL & JPA
- Avoiding the N+1 Problem: David explained how GraphQL’s flexible querying sometimes triggers multiple database calls when fetching nested data. Using techniques like batching and DataLoaders can reduce repetitive queries.
- Efficient Queries: Careful mapping with JOIN FETCH or pre-fetching in JPA helps mitigate performance bottlenecks – crucial in larger, production-scale systems.
- Real-World Pitfalls: From misconfigured lazy-loading to excessive data fetching, David gave us a cautionary tale on how not to fall into the dreaded slow-query trap.
Handy Links:
- GraphQL Java Documentation (for setup & best practices)
- Spring Data JPA Reference (for performance tuning and fetch strategies)
It was exactly the sort of practical talk you appreciate when juggling new tech—full of gotchas, real fixes, and code snippets to learn from.
Looking Ahead – 2025 Event Calendar
We’re running six Java Oxford events throughout 2025—all completely free and aimed at fostering a welcoming community. Our next event is in April, so keep an eye out for details and be sure to sign up here.
Want to Speak?
If you’ve got a Java-related insight or story—be it about security, frameworks, architecture, or career experiences—we’d love to feature you. Submit your talk idea and let’s chat.
Keep in Touch
For more on Java Oxford and other tech events we organise, follow Humand Talent on LinkedIn and Eventbrite. Big thanks again to CoreFiling for hosting us and to both Mark and David for two excellent talks!
See you all at the next one!
#JavaOxford #JavaCommunity #TechMeetup #CyberSecurity #GraphQL #SpringBoot #JPA #CoreFiling #HumandEvents
