Bleeping Computer

Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs

Serializing and deserializing data is not a problem by itself, or when the source of the data is known to be safe. These operations become dangerous when an app works with user-supplied data. For the ...
InfoWorld

Basic and advanced Java serialization

Serialization is the process of converting a Java object into a sequence of bytes so they can be written to disk, sent over a network, or stored outside of memory. Later, the Java virtual machine (JVM ...