...
This compliant solution creates a defensive copy of the mutable date object in the readObject() method. Note the use of field-by-field input and validation of incoming fields (see guideline void SER04-J. Validate deserialized objects for additional information). Additionally, note that this compliant solution is insufficient to protect sensitive data (see guideline SER03-J. Do not serialize sensitive data for additional information).
...