...
Despite the security manager checks, the data is not considered sensitive, as a sensitive serializable class would violate SER03-J. Prevent serialization of Do not serialize unencrypted, sensitive data.
...
Refer to rule SEC03-J. Protect sensitive operations with security manager checks to learn about implementing the performSecurityManagerCheck() method. As with rule void SER04-J. Validate deserialized objects, it is important to protect against the finalizer attack.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3b2bdfcb49c933d3-c1020492-4a234341-b2e39ddd-1850d4dbf84770b5874b4fc6"><ac:plain-text-body><![CDATA[ | [[Long 2005 | AA. Bibliography#Long 05]] | Section 2.4, Serialization | ]]></ac:plain-text-body></ac:structured-macro> |
...
SER03-J. Prevent serialization of Do not serialize unencrypted, sensitive data 13. Serialization (SER)