...
Failure to provide a consistent serialization mechanism across releases can limit the extensibility of classes. If classes are extended, compatibility issues may result.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
SER00-J | Low | Probable | High | P2 | L3 |
Automated Detection
Automated detection of classes that use the default serialized form is straightforward.
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| JAVA.CLASS.SER.UIDM | Missing Serial Version Field (Java) | ||||||
Parasoft Jtest |
| CERT.SER00.DUID | Create a 'serialVersionUID' for all 'Serializable' classes | ||||||
SonarQube |
| S2057 | "Serializable" classes should have a "serialVersionUID" |
Related Guidelines
Bibliography
[API |
2014] |
Item 74, "Implement Serialization Judiciously" | |
Section 13.7.5, " | |
[Sun 2006] | Java Object Serialization Specification |
...
...