+1 from me. On Tue, Sep 3, 2024 at 12:51 PM Gary D. Gregory <[email protected]> wrote:
> Hi All, > > Considering the long history of problematic Serializable implementations > throughout the Java ecosystem, not just in Commons, I propose that no > BeanUtils types implement Serializable in the upcoming new major version > 2.0. > > Instead, we would document that if you want to serialize objects, you > should implement a serialization proxy as suggested in Effective Java by > Joshua Bloch. > > The alternative would be to write a large amounts of tests to insure no > security issues occur on top of fixing all read/write security bugs like > BEANUTILS-556 [1]. > > WDYT? > > [1] https://issues.apache.org/jira/browse/BEANUTILS-556 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- ============================== Melloware [email protected] http://melloware.com ==============================
