...
Another acceptable approach is to define the serialPersistentFields array field and ensure that sensitive fields are omitted from the array. (See guideline rule SER00-J. Maintain serialization compatibility during class evolution.)
...
Search for vulnerabilities resulting from the violation of this guideline rule on the CERT website.
Bibliography
...