InfoQ Homepage serialization Content on InfoQ
News
RSS Feed-
Object Deserialisation Filters Backported from Java 9
JEP 290, which allows filtering of incoming data when deserialising an object, and was initially targeted to Java 9, has been backported to Java 6, 7, and 8. The feature provides a mechanism to filter incoming data in an object input stream as it is being processed, and can help prevent deserialisation vulnerabilities like the one that affected Apache Commons and other libraries a while back.
-
SuperPack, a New Serialization Format with a Smaller Payload
Shape Security has open sourced a new schemaless binary serialization format called SuperPack.
-
Microsoft Open Sources Cross-platform Serialization Library – Bond
Last month, without any official announcement, Microsoft open sourced Bond - a performant serialization system developed and deployed across dozens of mission-critical, high-scale infrastructure projects internally at Microsoft.
-
Json.NET Updates: Merge, Dependency Injection, F# and JSONPath Support
Json.NET 6.0 received 4 releases this year, the latest last week. Over these releases, several new features have been added, including several F# specific features, support for JSONPath querying, ability to integrate with Dependency Injection frameworks, ability to Merge JSON objects and more.