jbossorg
diff --git a/‎src/content/posts-aggregator/1.json
+4-4 b/‎src/content/posts-aggregator/1.json
+4-4
diff --git a/‎src/content/posts-aggregator/10.json
+4-4 b/‎src/content/posts-aggregator/10.json
+4-4
diff --git a/‎src/content/posts-aggregator/11.json
+4-4 b/‎src/content/posts-aggregator/11.json
+4-4
@@ -1,13 +1,13 @@
 {
-  "title": "Sender-constraining access tokens with Quarkus OIDC",
-  "link": "https://quarkus.io/blog/sender-constraining-tokens/",
+  "title": "Quarkus 3.19.4 - Maintenance release",
+  "link": "https://quarkus.io/blog/quarkus-3-19-4-released/",
   "author": [
     {
-      "name": "Sergey Beryozkin",
+      "name": "Guillaume Smet",
       "avatar": null
     }
   ],
   "date": "2025-03-19T00:00:00.000Z",
   "feed_title": "Quarkus",
-  "content": "INTRODUCTION  Single-page application (SPA) runs in the browser and uses to log-in users, without depending on Quarkus OIDC. When the authentication is complete, SPA sends the access token to access Quarkus on behalf of the authenticated user.  Have a look at the simple diagram showing how this process works, copied to this post from the :    As illustrated in the picture above, the OIDC provider authenticates the current user, SPA receives ID and access tokens and uses the access token to access the Quarkus endpoint.  The security challenge that the OAuth2 experts have been trying to address is how to prove that the client such as SPA which is sending the token actually owns this token ? There is nothing in the HTTP Authorization: Bearer <token> header that proves that SPA did not leak the token.  Two specifications for sender-constraining access tokens have emerged over the years, and .   MUTUAL TLS CLIENT AUTHENTICATION AND CERTIFICATE-BOUND ACCESS TOKENS  specification describes how access tokens can be cryptographically bound to the MTLS client certificate.  By proving that the access token is bound to the client certificate, the Quarkus application can get a high degree of confidence that the current access token is constrained to, owned by the client which authenticated to Quarkus over MTLS.    Implementing the cryptographic binding is not complex in this case. The current access token is expected to contain a confirmation with the SHA-256 certificate thumbprint and it must match the thumbprint of the current MTLS client certificate. If the token is in JWT format, then it must include a confirmation claim. If the token is binary then the confirmation must be included in the remote token introspection response.  Such a binding can only be successful if the OpenId Connect provider has access to the same client certificate which is used during the MTLS authentication to Quarkus.  The downside of using the MTLS token binding is that correctly configuring the OpenId Connect provider, ensuring that browsers can request an X509 certiticate authentication when SPA redirects the user to authenticate to the OIDC provider is complex.  If you are a Keycloak user, check the in the Advanced Configuration section of the and the community blog post.  As far as Quarkus is concerned, you only need to set a single OIDC configuration property, quarkus.oidc.token.binding.certificate=true, in addition to the Vert.x HTTP MTLS configuration, to enforce the MTLS token binding.  See the documentation for more details.   DEMONSTRATING PROOF-OF-POSSESSION (DPOP)  specification describes how access tokens can be cryptographically bound to special JWT tokens called DPoP proofs.    The SPA client generates a private and public key pair, and creates a DPoP proof token to complete the access token acquisition from the OIDC provider. It then forwards this DPoP token to Quarkus with a new DPoP proof. The access token must be bound to the DPoP proof by containing a public JSON Web Key (JWK) key thumbprint which matches the thumbprint of the public JWK key contained in the DPoP proof.  This binding can only be successful if the client uses the same public and private key pair for creating the DPoP proof to request the access token in the previous step and creating another DPoP proof for submitting it alongside the DPoP access token to Quarkus.  Quarkus OIDC will also enforce . Support for custom is also planned.  Adoption of DPoP, compared to that of the MTLS token binding, is expected to progress faster, because DPoP is an application-level protocol, with no expectation that the transport-level MTLS authentication takes place. However, correctly creating DPoP proofs at the SPA level is not straightforward and requires care.  If you are a Keycloak user, then enabling an experimental dpop feature is sufficient to get started. Also check the in the Advanced Configuration section of the and the community blog post.  As far as Quarkus is concerned, you only need to set a single OIDC configuration property, quarkus.oidc.token.authorization-scheme=dpop to accept DPoP tokens and enforce their binding to the accompanying DPoP proofs.  See the documentation for more details.   FINANCIAL-GRADE API (FAPI)  is a general high-security API profile built on top of OAuth2.  Both and specifications are included in the Financial-Grade API 2.0 .   CONCLUSION  In this article, we have discussed two important OAuth2 specifications for sender-constraining access tokens, and .  Both of these token security elevation technologies can be easily supported in Quarkus OIDC, by using a single configuration property only, without having to write a lot of custom code and configuration.  Please experiment with and in Quarkus and let us know what you think."
+  "content": "We released Quarkus 3.19.4, the third (we skipped 3.19.0) maintenance release for our 3.19 release train.  Next week, we will release both:   * Quarkus 3.20 LTS, our next LTS release with 1-year maintenance - it is based    on 3.19   * Quarkus 3.21, a regular release including new features   UPDATE  To update to Quarkus 3.19, we recommend updating to the latest version of the Quarkus CLI and run:  quarkus update  Note that quarkus update can update your applications from any version of Quarkus (including 2.x) to Quarkus 3.19.  For more information about the adjustments you need to make to your applications, please refer to the .   FULL CHANGELOG  You can get the full changelog of on GitHub.   COME JOIN US  We value your feedback a lot so please report bugs, ask for improvements… Let’s build something great together!  If you are a Quarkus user or just curious, don’t be shy and join our welcoming community:   * provide feedback on ;   * craft some code and ;   * discuss with us on and on the ;   * ask your questions on ."
 }
@@ -1,13 +1,13 @@
 {
-  "title": "Quarkus Newsletter #54 - March",
-  "link": "https://quarkus.io/blog/quarkus-newsletter-54/",
+  "title": "Quarkus 3.19.3 - Maintenance release",
+  "link": "https://quarkus.io/blog/quarkus-3-19-3-released/",
   "author": [
     {
-      "name": "James Cobb",
+      "name": "Guillaume Smet",
       "avatar": null
     }
   ],
   "date": "2025-03-12T00:00:00.000Z",
   "feed_title": "Quarkus",
-  "content": "Make sure you read Mario Fusco’s two-part blog about Agentic AI with Quarkus, where he discusses common workflows and agentic AI patterns and architectures, with practical examples using Quarkus and LangChain4j. Learn about the power of intelligent applications by combining the robustness of Java, the efficiency of Quarkus, and the advanced capabilities of RAG in a great article by Daniel Oh. Emil Lefkof gives a real-world example of how LangChain4j and AI can be leveraged to automatically extract structured metadata from PDF documents. Leveraging the combination of LangChain4j and Google Gemini AI proves to be a powerful approach for automating document analysis workflows. \"Performance & Productivity: Rethinking Java Dependencies for the Cloud Era\" by Markus Eisele discusses how Quarkus extensions are curated, lightweight, and optimized for microservices and serverless.  You will also see the latest Quarkus Insights episodes, top tweets/discussions and upcoming Quarkus attended events.  Check out !  Want to get newsletters in your inbox? using the on page form."
+  "content": "We released Quarkus 3.19.3, the second (we skipped 3.19.0) maintenance release for our 3.19 release train.  We also released two candidate releases:   * Quarkus 3.20.0.CR1 LTS - it is going to be our next LTS, it is based on 3.19   * Quarkus 3.21.0.CR1 - a regular minor release with new features   UPDATE  To update to Quarkus 3.19, we recommend updating to the latest version of the Quarkus CLI and run:  quarkus update  Note that quarkus update can update your applications from any version of Quarkus (including 2.x) to Quarkus 3.19.  For more information about the adjustments you need to make to your applications, please refer to the .   FULL CHANGELOG  You can get the full changelog of on GitHub.   COME JOIN US  We value your feedback a lot so please report bugs, ask for improvements… Let’s build something great together!  If you are a Quarkus user or just curious, don’t be shy and join our welcoming community:   * provide feedback on ;   * craft some code and ;   * discuss with us on and on the ;   * ask your questions on ."
 }
@@ -1,13 +1,13 @@
 {
-  "title": "Running SQLite in Pure Java with Quarkus",
-  "link": "https://quarkus.io/blog/sqlite4j-pure-java-sqlite/",
+  "title": "Quarkus Newsletter #54 - March",
+  "link": "https://quarkus.io/blog/quarkus-newsletter-54/",
   "author": [
     {
-      "name": "Andrea Peruffo",
+      "name": "James Cobb",
       "avatar": null
     }
   ],
   "date": "2025-03-12T00:00:00.000Z",
   "feed_title": "Quarkus",
-  "content": "What if you could run a C-based database in pure Java, with zero configuration, and even compile it to a native image effortlessly? With the new Quarkiverse extension , you can do exactly that.  Traditionally, embedded databases in Java require reimplementing their C counterparts, often leading to differences in behavior, missing optimizations, and delayed bug fixes. However, provides a JDBC driver that leverages the original SQLite C implementation while running safely inside a sandbox.   HANDS-ON EXAMPLE  To see in action, you can start with any existing Quarkus application or one of the . If you prefer a ready-made example, check out , which integrates SQLite within a Quarkus application using Hibernate ORM.  By simply changing the JDBC driver dependency, you can embed a fully functional SQLite database inside your application while retaining all the benefits of the native SQLite implementation.  To get started, add the extension dependency to your pom.xml:  <dependency>     <groupId>io.quarkiverse.jdbc</groupId>     <artifactId>quarkus-jdbc-sqlite4j</artifactId> </dependency>  Then, configure your Quarkus application to use SQLite with standard JDBC settings:  quarkus.datasource.db-kind=sqlite quarkus.datasource.jdbc.url=jdbc:sqlite:sample.db quarkus.datasource.jdbc.min-size=1  You can now use your datasource as you normally would with Hibernate and Panache. Note that we keep a minimum connection pool size > 0 to avoid redundant copies from disk to memory of the database.   RUNNING IN A SECURE SANDBOX  Under the hood, SQLite runs in a fully in-memory sandboxed environment, ensuring security and isolation.    When a connection to a local file is opened, the following occurs:   1. The database file is copied from disk to an in-memory Virtual FileSystem.   2. A connection is established to the in-memory database.  While this approach is highly secure, many users need to persist database changes. One recommended solution is to periodically back up the in-memory database to disk. This can be achieved through a scheduled job that:   1. Backs up the in-memory database to a new file.   2. Copies the backup to the host file system.   3. Atomically replaces the old database file with the new backup.  This setup ensures a seamless experience while maintaining SQLite’s sandboxed security. You can adapt this approach to fit your specific needs.  Here’s a sample implementation:  @ApplicationScoped public class SQLiteBackup {     @ConfigProperty(name = \"quarkus.datasource.jdbc.url\")     String jdbcUrl;      @Inject     AgroalDataSource dataSource;      // Execute a backup every 10 seconds     @Scheduled(delay=10, delayUnit=TimeUnit.SECONDS, every=\"10s\")     void scheduled() { backup(); }      // Execute a backup during shutdown     public void onShutdown(@Observes ShutdownEvent event) { backup(); }      void backup() {         String dbFile = jdbcUrl.substring(\"jdbc:sqlite:\".length());          var originalDbFilePath = Paths.get(dbFile);         var backupDbFilePath = originalDbFilePath                                     .toAbsolutePath()                                     .getParent()                                     .resolve(originalDbFilePath.getFileName() + \"_backup\");          try (var conn = dataSource.getConnection();                 var stmt = conn.createStatement()) {             // Execute the backup             stmt.executeUpdate(\"backup to \" + backupDbFilePath);             // Atomically replace the DB file with its backup             Files.move(backupDbFilePath, originalDbFilePath,                 StandardCopyOption.ATOMIC_MOVE,                 StandardCopyOption.REPLACE_EXISTING);         } catch (IOException | SQLException e) {             throw new RuntimeException(\"Failed to back up the database\", e);         }     } }   TECHNICAL DEEP DIVE  compiles the official SQLite C to WebAssembly (Wasm), which is then translated into Java bytecode using the . This enables SQLite to run in a pure Java environment while maintaining its full functionality.     SECURITY AND ISOLATION  One of the key benefits of this approach is security. Running SQLite inside a Wasm sandbox ensures memory safety and isolates it from the host system, making it an excellent choice for applications that require embedded databases while avoiding the risks of native code execution.   CONCLUSION  With the new extension, you get the best of both worlds: the power and reliability of SQLite combined with the safety and portability of Java. This extension seamlessly integrates SQLite into Quarkus applications while maintaining a lightweight and secure architecture. Best of all, everything compiles effortlessly with native-image.  Ready to try it out? Give a spin in your projects and experience the benefits of running SQLite in pure Java with Quarkus!   PRIOR ART   *    * "
+  "content": "Make sure you read Mario Fusco’s two-part blog about Agentic AI with Quarkus, where he discusses common workflows and agentic AI patterns and architectures, with practical examples using Quarkus and LangChain4j. Learn about the power of intelligent applications by combining the robustness of Java, the efficiency of Quarkus, and the advanced capabilities of RAG in a great article by Daniel Oh. Emil Lefkof gives a real-world example of how LangChain4j and AI can be leveraged to automatically extract structured metadata from PDF documents. Leveraging the combination of LangChain4j and Google Gemini AI proves to be a powerful approach for automating document analysis workflows. \"Performance & Productivity: Rethinking Java Dependencies for the Cloud Era\" by Markus Eisele discusses how Quarkus extensions are curated, lightweight, and optimized for microservices and serverless.  You will also see the latest Quarkus Insights episodes, top tweets/discussions and upcoming Quarkus attended events.  Check out !  Want to get newsletters in your inbox? using the on page form."
 }
Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,13 @@`
`1`	`1`	`{`
`2`		`- "title": "Sender-constraining access tokens with Quarkus OIDC",`
`3`		`- "link": "https://quarkus.io/blog/sender-constraining-tokens/",`
	`2`	`+ "title": "Quarkus 3.19.4 - Maintenance release",`
	`3`	`+ "link": "https://quarkus.io/blog/quarkus-3-19-4-released/",`
`4`	`4`	`"author": [`
`5`	`5`	`{`
`6`		`- "name": "Sergey Beryozkin",`
	`6`	`+ "name": "Guillaume Smet",`
`7`	`7`	`"avatar": null`
`8`	`8`	`}`
`9`	`9`	`],`
`10`	`10`	`"date": "2025-03-19T00:00:00.000Z",`
`11`	`11`	`"feed_title": "Quarkus",`
`12`		- "content": "INTRODUCTION Single-page application (SPA) runs in the browser and uses to log-in users, without depending on Quarkus OIDC. When the authentication is complete, SPA sends the access token to access Quarkus on behalf of the authenticated user. Have a look at the simple diagram showing how this process works, copied to this post from the : As illustrated in the picture above, the OIDC provider authenticates the current user, SPA receives ID and access tokens and uses the access token to access the Quarkus endpoint. The security challenge that the OAuth2 experts have been trying to address is how to prove that the client such as SPA which is sending the token actually owns this token ? There is nothing in the HTTP Authorization: Bearer <token> header that proves that SPA did not leak the token. Two specifications for sender-constraining access tokens have emerged over the years, and . MUTUAL TLS CLIENT AUTHENTICATION AND CERTIFICATE-BOUND ACCESS TOKENS specification describes how access tokens can be cryptographically bound to the MTLS client certificate. By proving that the access token is bound to the client certificate, the Quarkus application can get a high degree of confidence that the current access token is constrained to, owned by the client which authenticated to Quarkus over MTLS. Implementing the cryptographic binding is not complex in this case. The current access token is expected to contain a confirmation with the SHA-256 certificate thumbprint and it must match the thumbprint of the current MTLS client certificate. If the token is in JWT format, then it must include a confirmation claim. If the token is binary then the confirmation must be included in the remote token introspection response. Such a binding can only be successful if the OpenId Connect provider has access to the same client certificate which is used during the MTLS authentication to Quarkus. The downside of using the MTLS token binding is that correctly configuring the OpenId Connect provider, ensuring that browsers can request an X509 certiticate authentication when SPA redirects the user to authenticate to the OIDC provider is complex. If you are a Keycloak user, check the in the Advanced Configuration section of the and the community blog post. As far as Quarkus is concerned, you only need to set a single OIDC configuration property, quarkus.oidc.token.binding.certificate=true, in addition to the Vert.x HTTP MTLS configuration, to enforce the MTLS token binding. See the documentation for more details. DEMONSTRATING PROOF-OF-POSSESSION (DPOP) specification describes how access tokens can be cryptographically bound to special JWT tokens called DPoP proofs. The SPA client generates a private and public key pair, and creates a DPoP proof token to complete the access token acquisition from the OIDC provider. It then forwards this DPoP token to Quarkus with a new DPoP proof. The access token must be bound to the DPoP proof by containing a public JSON Web Key (JWK) key thumbprint which matches the thumbprint of the public JWK key contained in the DPoP proof. This binding can only be successful if the client uses the same public and private key pair for creating the DPoP proof to request the access token in the previous step and creating another DPoP proof for submitting it alongside the DPoP access token to Quarkus. Quarkus OIDC will also enforce . Support for custom is also planned. Adoption of DPoP, compared to that of the MTLS token binding, is expected to progress faster, because DPoP is an application-level protocol, with no expectation that the transport-level MTLS authentication takes place. However, correctly creating DPoP proofs at the SPA level is not straightforward and requires care. If you are a Keycloak user, then enabling an experimental dpop feature is sufficient to get started. Also check the in the Advanced Configuration section of the and the community blog post. As far as Quarkus is concerned, you only need to set a single OIDC configuration property, quarkus.oidc.token.authorization-scheme=dpop to accept DPoP tokens and enforce their binding to the accompanying DPoP proofs. See the documentation for more details. FINANCIAL-GRADE API (FAPI) is a general high-security API profile built on top of OAuth2. Both and specifications are included in the Financial-Grade API 2.0 . CONCLUSION In this article, we have discussed two important OAuth2 specifications for sender-constraining access tokens, and . Both of these token security elevation technologies can be easily supported in Quarkus OIDC, by using a single configuration property only, without having to write a lot of custom code and configuration. Please experiment with and in Quarkus and let us know what you think."
	`12`	+ "content": "We released Quarkus 3.19.4, the third (we skipped 3.19.0) maintenance release for our 3.19 release train. Next week, we will release both: * Quarkus 3.20 LTS, our next LTS release with 1-year maintenance - it is based on 3.19 * Quarkus 3.21, a regular release including new features UPDATE To update to Quarkus 3.19, we recommend updating to the latest version of the Quarkus CLI and run: quarkus update Note that quarkus update can update your applications from any version of Quarkus (including 2.x) to Quarkus 3.19. For more information about the adjustments you need to make to your applications, please refer to the . FULL CHANGELOG You can get the full changelog of on GitHub. COME JOIN US We value your feedback a lot so please report bugs, ask for improvements… Let’s build something great together! If you are a Quarkus user or just curious, don’t be shy and join our welcoming community: * provide feedback on ; * craft some code and ; * discuss with us on and on the ; * ask your questions on ."
`13`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,13 @@`
`1`	`1`	`{`
`2`		`- "title": "Quarkus Newsletter #54 - March",`
`3`		`- "link": "https://quarkus.io/blog/quarkus-newsletter-54/",`
	`2`	`+ "title": "Quarkus 3.19.3 - Maintenance release",`
	`3`	`+ "link": "https://quarkus.io/blog/quarkus-3-19-3-released/",`
`4`	`4`	`"author": [`
`5`	`5`	`{`
`6`		`- "name": "James Cobb",`
	`6`	`+ "name": "Guillaume Smet",`
`7`	`7`	`"avatar": null`
`8`	`8`	`}`
`9`	`9`	`],`
`10`	`10`	`"date": "2025-03-12T00:00:00.000Z",`
`11`	`11`	`"feed_title": "Quarkus",`
`12`		- "content": "Make sure you read Mario Fusco’s two-part blog about Agentic AI with Quarkus, where he discusses common workflows and agentic AI patterns and architectures, with practical examples using Quarkus and LangChain4j. Learn about the power of intelligent applications by combining the robustness of Java, the efficiency of Quarkus, and the advanced capabilities of RAG in a great article by Daniel Oh. Emil Lefkof gives a real-world example of how LangChain4j and AI can be leveraged to automatically extract structured metadata from PDF documents. Leveraging the combination of LangChain4j and Google Gemini AI proves to be a powerful approach for automating document analysis workflows. \"Performance & Productivity: Rethinking Java Dependencies for the Cloud Era\" by Markus Eisele discusses how Quarkus extensions are curated, lightweight, and optimized for microservices and serverless. You will also see the latest Quarkus Insights episodes, top tweets/discussions and upcoming Quarkus attended events. Check out ! Want to get newsletters in your inbox? using the on page form."
	`12`	+ "content": "We released Quarkus 3.19.3, the second (we skipped 3.19.0) maintenance release for our 3.19 release train. We also released two candidate releases: * Quarkus 3.20.0.CR1 LTS - it is going to be our next LTS, it is based on 3.19 * Quarkus 3.21.0.CR1 - a regular minor release with new features UPDATE To update to Quarkus 3.19, we recommend updating to the latest version of the Quarkus CLI and run: quarkus update Note that quarkus update can update your applications from any version of Quarkus (including 2.x) to Quarkus 3.19. For more information about the adjustments you need to make to your applications, please refer to the . FULL CHANGELOG You can get the full changelog of on GitHub. COME JOIN US We value your feedback a lot so please report bugs, ask for improvements… Let’s build something great together! If you are a Quarkus user or just curious, don’t be shy and join our welcoming community: * provide feedback on ; * craft some code and ; * discuss with us on and on the ; * ask your questions on ."
`13`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,13 @@`
`1`	`1`	`{`
`2`		`- "title": "Running SQLite in Pure Java with Quarkus",`
`3`		`- "link": "https://quarkus.io/blog/sqlite4j-pure-java-sqlite/",`
	`2`	`+ "title": "Quarkus Newsletter #54 - March",`
	`3`	`+ "link": "https://quarkus.io/blog/quarkus-newsletter-54/",`
`4`	`4`	`"author": [`
`5`	`5`	`{`
`6`		`- "name": "Andrea Peruffo",`
	`6`	`+ "name": "James Cobb",`
`7`	`7`	`"avatar": null`
`8`	`8`	`}`
`9`	`9`	`],`
`10`	`10`	`"date": "2025-03-12T00:00:00.000Z",`
`11`	`11`	`"feed_title": "Quarkus",`
`12`		- "content": "What if you could run a C-based database in pure Java, with zero configuration, and even compile it to a native image effortlessly? With the new Quarkiverse extension , you can do exactly that. Traditionally, embedded databases in Java require reimplementing their C counterparts, often leading to differences in behavior, missing optimizations, and delayed bug fixes. However, provides a JDBC driver that leverages the original SQLite C implementation while running safely inside a sandbox. HANDS-ON EXAMPLE To see in action, you can start with any existing Quarkus application or one of the . If you prefer a ready-made example, check out , which integrates SQLite within a Quarkus application using Hibernate ORM. By simply changing the JDBC driver dependency, you can embed a fully functional SQLite database inside your application while retaining all the benefits of the native SQLite implementation. To get started, add the extension dependency to your pom.xml: <dependency> <groupId>io.quarkiverse.jdbc</groupId> <artifactId>quarkus-jdbc-sqlite4j</artifactId> </dependency> Then, configure your Quarkus application to use SQLite with standard JDBC settings: quarkus.datasource.db-kind=sqlite quarkus.datasource.jdbc.url=jdbc:sqlite:sample.db quarkus.datasource.jdbc.min-size=1 You can now use your datasource as you normally would with Hibernate and Panache. Note that we keep a minimum connection pool size > 0 to avoid redundant copies from disk to memory of the database. RUNNING IN A SECURE SANDBOX Under the hood, SQLite runs in a fully in-memory sandboxed environment, ensuring security and isolation. When a connection to a local file is opened, the following occurs: 1. The database file is copied from disk to an in-memory Virtual FileSystem. 2. A connection is established to the in-memory database. While this approach is highly secure, many users need to persist database changes. One recommended solution is to periodically back up the in-memory database to disk. This can be achieved through a scheduled job that: 1. Backs up the in-memory database to a new file. 2. Copies the backup to the host file system. 3. Atomically replaces the old database file with the new backup. This setup ensures a seamless experience while maintaining SQLite’s sandboxed security. You can adapt this approach to fit your specific needs. Here’s a sample implementation: @ApplicationScoped public class SQLiteBackup { @ConfigProperty(name = \"quarkus.datasource.jdbc.url\") String jdbcUrl; @Inject AgroalDataSource dataSource; // Execute a backup every 10 seconds @Scheduled(delay=10, delayUnit=TimeUnit.SECONDS, every=\"10s\") void scheduled() { backup(); } // Execute a backup during shutdown public void onShutdown(@Observes ShutdownEvent event) { backup(); } void backup() { String dbFile = jdbcUrl.substring(\"jdbc:sqlite:\".length()); var originalDbFilePath = Paths.get(dbFile); var backupDbFilePath = originalDbFilePath .toAbsolutePath() .getParent() .resolve(originalDbFilePath.getFileName() + \"_backup\"); try (var conn = dataSource.getConnection(); var stmt = conn.createStatement()) { // Execute the backup stmt.executeUpdate(\"backup to \" + backupDbFilePath); // Atomically replace the DB file with its backup Files.move(backupDbFilePath, originalDbFilePath, StandardCopyOption.ATOMIC_MOVE, StandardCopyOption.REPLACE_EXISTING); } catch (IOException \| SQLException e) { throw new RuntimeException(\"Failed to back up the database\", e); } } } TECHNICAL DEEP DIVE compiles the official SQLite C to WebAssembly (Wasm), which is then translated into Java bytecode using the . This enables SQLite to run in a pure Java environment while maintaining its full functionality. SECURITY AND ISOLATION One of the key benefits of this approach is security. Running SQLite inside a Wasm sandbox ensures memory safety and isolates it from the host system, making it an excellent choice for applications that require embedded databases while avoiding the risks of native code execution. CONCLUSION With the new extension, you get the best of both worlds: the power and reliability of SQLite combined with the safety and portability of Java. This extension seamlessly integrates SQLite into Quarkus applications while maintaining a lightweight and secure architecture. Best of all, everything compiles effortlessly with native-image. Ready to try it out? Give a spin in your projects and experience the benefits of running SQLite in pure Java with Quarkus! PRIOR ART * * "
	`12`	+ "content": "Make sure you read Mario Fusco’s two-part blog about Agentic AI with Quarkus, where he discusses common workflows and agentic AI patterns and architectures, with practical examples using Quarkus and LangChain4j. Learn about the power of intelligent applications by combining the robustness of Java, the efficiency of Quarkus, and the advanced capabilities of RAG in a great article by Daniel Oh. Emil Lefkof gives a real-world example of how LangChain4j and AI can be leveraged to automatically extract structured metadata from PDF documents. Leveraging the combination of LangChain4j and Google Gemini AI proves to be a powerful approach for automating document analysis workflows. \"Performance & Productivity: Rethinking Java Dependencies for the Cloud Era\" by Markus Eisele discusses how Quarkus extensions are curated, lightweight, and optimized for microservices and serverless. You will also see the latest Quarkus Insights episodes, top tweets/discussions and upcoming Quarkus attended events. Check out ! Want to get newsletters in your inbox? using the on page form."
`13`	`13`	`}`