rng70-or opened a new pull request, #24047:
URL: https://github.com/apache/flink/pull/24047
<!--
*Thank you very much for contributing to Apache Flink - we are happy that
you want to help us improve Flink. To help the community review your
contribution in the best possible way, please go through the checklist below,
which will get the contribution into a shape in which it can be best reviewed.*
*Please understand that we do not do this to make contributions to Flink a
hassle. In order to uphold a high standard of quality for code contributions,
while at the same time managing a large number of contributions, we need
contributors to prepare the contributions well, and give reviewers enough
contextual information for the review. Please also understand that
contributions that do not follow this guide will take longer to review and thus
typically be picked up with lower priority by the community.*
## Contribution Checklist
- Make sure that the pull request corresponds to a [JIRA
issue](https://issues.apache.org/jira/projects/FLINK/issues). Exceptions are
made for typos in JavaDoc or documentation files, which need no JIRA issue.
- Name the pull request in the form "[FLINK-XXXX] [component] Title of the
pull request", where *FLINK-XXXX* should be replaced by the actual issue
number. Skip *component* if you are unsure about which is the best component.
Typo fixes that have no associated JIRA issue should be named following
this pattern: `[hotfix] [docs] Fix typo in event time introduction` or
`[hotfix] [javadocs] Expand JavaDoc for PuncuatedWatermarkGenerator`.
- Fill out the template below to describe the changes contributed by the
pull request. That will give reviewers the context they need to do the review.
- Make sure that the change passes the automated tests, i.e., `mvn clean
verify` passes. You can set up Azure Pipelines CI to do that following [this
guide](https://cwiki.apache.org/confluence/display/FLINK/Azure+Pipelines#AzurePipelines-Tutorial:SettingupAzurePipelinesforaforkoftheFlinkrepository).
- Each pull request should address only one issue, not mix up code from
multiple issues.
- Each commit in the pull request has a meaningful commit message
(including the JIRA id)
- Once all items of the checklist are addressed, remove the above text and
this checklist, leaving only the filled out template below.
**(The sections below can be removed for hotfixes of typos)**
-->
## What is the purpose of the change
In several files there are some classes that are serializable but they do
not contain any serialVersionUID field. The compiler generates one by default
in such scenarios, but the generated id is dependent on compiler implementation
and may cause unwanted problems during deserialization.
## The Role of serialVersionUID:
The primary role of serialVersionUID is to provide version control during
deserialization. When deserialize an object, the JVM checks whether the
serialVersionUID of the serialized data matches the serialVersionUID of the
class in the current classpath. If they match, the deserialization proceeds
without issues. However, if they do not match, programmers encounter
InvalidClassException.
As, serialVersionUID servers the purpose of version control of class during
serialization-deserialization, without a serialVersionUID, we risk breaking
backward compatibility when making changes to classes, which can lead to
unexpected issues and errors during deserialization.
## Does this pull request potentially affect one of the following parts:
- The serializers: (yes)
## Documentation
- Does this pull request introduce a new feature? (no)
## Sponsorship and Support:
This work is done by the security researchers from OpenRefactory and is
supported by the [Open Source Security Foundation
(OpenSSF)](https://openssf.org/): [Project
Alpha-Omega](https://alpha-omega.dev/). Alpha-Omega is a project partnering
with open source software project maintainers to systematically find new,
as-yet-undiscovered vulnerabilities in open source code - and get them fixed –
to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by
OpenRefactory and then manually triaging the results.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
