[jira] [Updated] (MNG-8495) Remove all serialVersionUID fields

Mon, 06 Jan 2025 06:57:06 -0800 


     [ 
https://issues.apache.org/jira/browse/MNG-8495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Elliotte Rusty Harold updated MNG-8495:
---------------------------------------
    Description: 
1. Maven has never used object serialization.
2. I don't know of any other system that uses object serialization to serialize 
Maven objects.
3. It occupies multiple lines of vertical screen real estate that would be 
better spent on real code.
4. We never test for this.
5. Java object serialization is an insecure and fundamentally broken technology 
from the 1990s and will be removed from future JDKs:

https://www.securityinfowatch.com/cybersecurity/information-security/article/12420169/oracle-plans-to-end-java-serialization-but-thats-not-the-end-of-the-story
https://www.youtube.com/watch?v=dOgfWXw9VrI&t=1957s
https://www.youtube.com/watch?v=n6K_8s3Sx4s

 

  was:
1. Maven has never used object serialization.
2. I don't know of any other system that uses object serialization to serialize 
Maven objects.
3. It occupies multiple lines of vertical screen real estate that would be 
better spent on real code.
4. We never test for this.
5. Java object serialization is an insecure and fundamentally broken technology 
from the 1990s and will be removed from future JDKs:

https://www.youtube.com/watch?v=dOgfWXw9VrI&t=1957s
https://www.youtube.com/watch?v=n6K_8s3Sx4s

 


> Remove all serialVersionUID fields
> ----------------------------------
>
>                 Key: MNG-8495
>                 URL: https://issues.apache.org/jira/browse/MNG-8495
>             Project: Maven
>          Issue Type: Wish
>            Reporter: Elliotte Rusty Harold
>            Priority: Critical
>
> 1. Maven has never used object serialization.
> 2. I don't know of any other system that uses object serialization to 
> serialize Maven objects.
> 3. It occupies multiple lines of vertical screen real estate that would be 
> better spent on real code.
> 4. We never test for this.
> 5. Java object serialization is an insecure and fundamentally broken 
> technology from the 1990s and will be removed from future JDKs:
> https://www.securityinfowatch.com/cybersecurity/information-security/article/12420169/oracle-plans-to-end-java-serialization-but-thats-not-the-end-of-the-story
> https://www.youtube.com/watch?v=dOgfWXw9VrI&t=1957s
> https://www.youtube.com/watch?v=n6K_8s3Sx4s
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to