Coffee Mug logo

The Code Brew's Weekly Newsletter - Week 10

Welcome back to The Code Brew! 🚀 Security Warning: This week's top story is a critical .NET vulnerability. Read Andrew Lock's post on it now. The other huge theme is AI Agents, with major announcements from GitHub (Agent HQ) and Microsoft (.NET Custom Agents). In the .NET world, Wolverine 5 has officially landed. And for serverless fans, Vercel now supports the Bun runtime! Dive in.

This Week’s Favourites

Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315 - Andrew Lock Blog

Double Dispatch in DDD - Code Opinion

Agentic AI and Security - Martin Fowler Blog

Dotnet, C#, Azure

Wolverine 5 and Modular Monoliths - Jeremy D. Miller Blog

Wolverine Does More to Simplify Server Side Code - Jeremy D. Miller Blog

Introducing Custom Agents for .NET Developers: C# Expert & WinForms Expert - Microsoft Dotnet Blog

Using SignalR with Wolverine 5.0 - Jeremy D. Miller Blog

LinkedIn: “Are you still using new Random() everywhere?” - Steven Giesel blog

Microsoft Entra ID Governance — Automating Privileged Identity Management in Azure Landing Zones… - Cloudtips blog

Testing HttpClient in .NET without Moq or NSubstitute - Roxeem Blog

A Pragmatic Guide to Server-Sent Events (SSE) in ASP.NET Core - Roxeem Blog

Misc

Measuring what matters: How offline evaluation of GitHub MCP Server works - Github Blog

Anonymous credentials: rate-limiting bots and agents without compromising privacy - Cloudflare blog

Measuring characteristics of TCP connections at Internet scale - Cloudflare blog

Vercel achieves TISAX AL2 compliance to serve automotive partners - Vercel blog

Getting Creative With Small Screens - CSS Tricks Blog

The best agentic IDEs heading into 2026 - Builder.io Blog

State of the post-quantum Internet in 2025 - Cloudflare blog

v2.12.9 - NitroJS GitHub Release

Introducing Agent HQ: Any agent, any way you work - Github Blog

Springs and Bounces in Native CSS - Josh Comeau blog

Bun runtime on Vercel Functions - Vercel blog

How Cloudflare’s client-side security made the npm supply chain attack a non-event - Cloudflare blog

Empirical test-after development - Ploeh Blog

How We (Almost) Found Chromium’s Bug via Crash Reports to Report URI - Troy Hunt Blog

The tricky science of Internet measurement - Cloudflare blog

Pure CSS Tabs With Details, Grid, and Subgrid - CSS Tricks Blog

Vercel Ship AI 2025 recap - Vercel blog

Post-Training Generative Recommenders with Advantage-Weighted Supervised Finetuning - Netflix Tech Blog

Weekly Update 475 - Troy Hunt Blog

CSS Animations That Leverage the Parent-Child Relationship - CSS Tricks Blog

How to find, install, and manage MCP servers with the GitHub MCP Registry - Github Blog

Manage Next.js Server Actions in the Vercel Firewall - Vercel blog

Securing agentic commerce: helping AI Agents transact with Visa and Mastercard - Cloudflare blog

Transaction pooling for Postgres with pgcat - Phil Eaton Blog

AI Chat now available on Vercel docs - Vercel blog

The Interview Question That Changed How I Think About System Design - Milan Jovanovic Blog

YouTube Videos

User Source of Authority Change to Entra ID #entraid - John Savill Youtube

Changing the User Source of Authority from AD to Entra ID - John Savill Youtube

StringBuilder is awesome in .NET - Nick Chapsas Youtube

.NET Libraries Are Beyond Saving - Nick Chapsas Youtube

Optimizing C# Aggressively - Nick Chapsas Youtube

Understanding Shared Capacity Reservations - John Savill Youtube

Azure Capacity Reservation Sharing #azure - John Savill Youtube

Azure Update - 24th October 2025 - John Savill Youtube