A consumer went dark under an upload spike. The biggest number in the thread dump was a real bug, but not the cause. The fault: a shared MySQL's pegged CPU.
A security alert on one malicious file led us to scan the whole bucket. We found 47 files spanning 15 months — XSS probes, redirect hubs, obfuscated phishing pages. The cloud provider's scanner caught one.
A production deadlock revealed that Spring holds database connections long after commit — and that switching from REQUIRES_NEW to REQUIRED doesn't fix the problem, it makes it worse