JEP 187: Serialization 2.0

Florian Weimer fweimer at
Wed Jan 22 13:57:20 UTC 2014

On 01/14/2014 01:26 AM, mark.reinhold at wrote:
> Posted:

There's another aspect of the current approach to serialization that is 
not mentioned: the type information does not come from the calling 
context, but exclusively from the input stream.  This means that all 
serializable classes can be instantiated, and not just those the context 
is prepared to deal with.  I don't know if this is worth changing, but I 
do think it's something to consider.

Florian Weimer / Red Hat Product Security Team

More information about the core-libs-dev mailing list