Bleeping Computer

Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs

Serializing and deserializing data is not a problem by itself, or when the source of the data is known to be safe. These operations become dangerous when an app works with user-supplied data. For the ...
CSOonline

Java deserialization vulnerabilities explained and how to defend against them

Java provides a means to conveniently serialize data to maintain its integrity as it's sent over a network. Attackers can exploit vulnerabilities in the deserialization process if there aren't ...