Object serialization is the process of saving an object's state as a sequence of bytes; deserialization is the process of rebuilding the object from those bytes. The primary application of serialization is in Java Remote Method Invocation (RMI) wherein objects are packed (marshalled), exchanged between distributed virtual machines, and unpacked (unmarshalled). It also finds extensive use in Java Beans.
Once a serializable class has been exported, future refactoring of its code often becomes problematic. Specifically, existing serialized forms (encoded representations) become part of the object's published API and must be supported for an indefinite period. This can be troublesome from a security perspective; not only does it promote dead code, it also commits the provider to potentially eternally maintenance of maintain a compatible codebase.
Classes that implement Serializable and fail to override its functionality are said to be using the default serialized form. In the event of future changes to the class, byte streams produced by users of old versions of the class will be incompatible with the new implementation. Programs must maintain serialization compatibility during class evolution. An acceptable approach is the use of a custom serialized form, which relieves the implementer of the necessity to maintain the original serialized form and the corresponding version of the class in addition to the newly evolved version.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b75765b3bf321b2b-3308b3ec-4a2f417b-a7698d0c-644f6d5abba9a98b2bf488a2"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 589 | http://cwe.mitre.org/data/definitions/589.html] "Call to Non-ubiquitous API" | ]]></ac:plain-text-body></ac:structured-macro> |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1adfe150412a7e1f-6efe3260-413b445f-9b148587-6a380e7779f5a7f9a80e1b99"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a42277d191f19a33-c1283699-4a91438d-bdf6b3f4-280b3b2a34c978db332cfff3"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | "Serialization specification", "1.5 Defining Serializable Fields for a Class" and "1.7 Accessing Serializable Fields of a Class" | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ac21a89e86f7f207-b8d97ce9-477e4544-96ce8ef3-ab7143d1b4e066afe13ff0f8"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 74: "Implement serialization judiciously" | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b56694f6904ac9d3-39e659d5-4aaf47c8-9ddeb2b1-dc76137542fdd6a27634bad7"><ac:plain-text-body><![CDATA[ | [[Harold 2006 | AA. Bibliography#Harold 06]] | 13.7.5. serialPersistentFields | ]]></ac:plain-text-body></ac:structured-macro> |
...