#maven

#maven

If you've encountered SSL certificate errors while trying to download Maven dependencies from GitHub Packages, you're not alone. The error typically looks something like this: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target This happens because Java maintains its own truststore (cacerts file) that contains trusted SSL certificates. If GitHub's certificate isn't in your Java truststore, your build tool (Maven/Gradle) will refuse to connect.

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." "This means the PostHog project has compromised releases in both the JavaScript/npm and Java/Maven ecosystems, driven by the same Shai Hulud v2 payload,"

Voices, an open-source text-to-speech project, was designed for applications running on Java 17 or newer. The library requires no external APIs or manually installed software. Audio files can be generated for various languages based on dictionaries or OpenVoice. Henry Coles, creator of Voices and Pitest and head of mutation testing at Arcmutate, introduced Voices on Bluesky in September 2025 and the latest version, released in late October 2025, is 0.0.8.