Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs
Oracle plans to drop support for data serialization/deserialization from the main body of the Java language, according to Mark Reinhold, chief architect of the Java platform group at Oracle.
Serialization is the process of taking a data object and converting it into a stream of bytes (binary format), so it can be transported across a network or saved inside a database, only to be deserialized later and used in its original form.
Because of its convenience, a large number of high-level programming languages support the feature but nowhere has it been more of a headache than in Java, where it's been at the heart of a constant stream of security flaws.