[
https://issues.apache.org/jira/browse/MNG-8495?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17910449#comment-17910449
]
Guillaume Nodet commented on MNG-8495:
--------------------------------------
Unfortunately, some plugins do use this fact.
> Remove all serialVersionUID fields
> ----------------------------------
>
> Key: MNG-8495
> URL: https://issues.apache.org/jira/browse/MNG-8495
> Project: Maven
> Issue Type: Wish
> Reporter: Elliotte Rusty Harold
> Priority: Critical
>
> 1. Maven has never used object serialization.
> 2. I don't know of any other system that uses object serialization to
> serialize Maven objects.
> 3. It occupies multiple lines of vertical screen real estate that would be
> better spent on real code.
> 4. We never test for this.
> 5. Java object serialization is an insecure and fundamentally broken
> technology from the 1990s and will be removed from future JDKs:
> https://www.securityinfowatch.com/cybersecurity/information-security/article/12420169/oracle-plans-to-end-java-serialization-but-thats-not-the-end-of-the-story
> https://www.youtube.com/watch?v=dOgfWXw9VrI&t=1957s
> https://www.youtube.com/watch?v=n6K_8s3Sx4s
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
