0 views collected around this technical thread.
This article explores Jackson's ObjectMapper in Spring Boot 3, covering basic serialization/deserialization, converting between objects, JSON strings, JsonNode, and collections, custom serializers/deserializers, handling unknown fields, and performance tuning with the Afterburner module and JMH benchmarks.
This article introduces an open‑source Java JSON framework that uses recursive parsing and reflection to serialize and deserialize objects without third‑party libraries, supports generic and array types, and provides extensible features such as custom annotations, JsonPath, and HTML‑safe output.
This article introduces Python's built‑in json module, explaining how to serialize Python objects to JSON strings and files, deserialize JSON back to Python, and demonstrates common tasks such as pretty‑printing, handling Unicode, working with lists and nested structures, custom encoders, and network responses.
This article explains the fundamentals of Java object serialization, compares legacy and modern formats, outlines how to choose the right method, and details common issues such as static fields, transient modifiers, serialVersionUID mismatches, inheritance quirks, and custom serialization techniques with clear code examples.
Python's pickle module provides a simple way to serialize and deserialize complex objects such as lists, dictionaries, and class instances, allowing them to be saved to or loaded from files or byte streams, with examples of pickling, unpickling, using dumps/loads, protocol versions, and security considerations.
This article explains the fundamentals of Java serialization and deserialization, compares various serialization formats, demonstrates code examples, highlights common issues such as static, transient fields and serialVersionUID mismatches, and shows how to implement custom serialization with the Externalizable interface.
The article explains serialization and deserialization fundamentals, highlights pitfalls such as ambiguous binary streams and platform‑dependent field sizes, then compares Java’s native ObjectOutputStream, JSON libraries, Hessian binary RPC, and Google’s Protobuf, guiding readers to select the appropriate format based on performance, payload size, and type‑safety needs.
This article explains the fundamentals of JSON serialization and deserialization in Flutter, compares manual and automated approaches, introduces the json_serializable library and its annotations, demonstrates generic handling, custom converters, and tooling to streamline model generation for robust mobile app development.
This tutorial explores Jackson's rich annotation set in Spring Boot 3.2.5, demonstrating how to serialize and deserialize JSON with built‑in annotations like @JsonAnyGetter, @JsonGetter, @JsonPropertyOrder, and @JsonIgnore, how to create custom annotations, and how to disable annotation processing for fine‑grained control.
In Spring Boot you can customize JSON request and response handling by annotating fields with @JsonSerialize/@JsonDeserialize, registering a global ObjectMapper module, adding a PropertyEditor via @ControllerAdvice, creating a custom HttpMessageConverter, or using AOP interception, selecting the approach that matches your project’s complexity.
This article demonstrates how to create custom JSON encoders, serialize and deserialize custom classes, handle circular references, and use various json.dumps parameters such as default, object_pairs_hook, allow_nan, indent, separators, and ensure_ascii to control JSON output in Python.
This article explains how to use Python's built‑in json module for serializing and deserializing data, demonstrates sending JSON payloads with the requests library, and covers advanced techniques such as data‑driven testing, JsonPath/JMESPath extraction, JSON Schema validation, and dynamic request body construction for API automation.
Apache ActiveMQ versions prior to 5.18.3 are vulnerable to a deserialization flaw that allows remote code execution via crafted OpenWire messages on port 61616, affecting various activemq-client and activemq-openwire-legacy artifacts, and can be mitigated by upgrading to 5.15.16, 5.16.7, 5.17.6, 5.18.3 or later.
This article analyzes a ThinkPHP 6.0 deserialization exploit chain that leverages LeagueFlysystem's cached storage classes, detailing the sequence from __destruct to write, showing how controllable parameters enable arbitrary file writes and providing a proof‑of‑concept demonstration.
The paper presents ODDFuzz, a structure‑aware directed greybox fuzzing framework that combines lightweight static taint analysis with targeted fuzzing to efficiently discover previously unknown Java deserialization (ODD) vulnerabilities, achieving higher recall and precision than existing tools and uncovering six new CVE‑rated bugs in popular Java frameworks.
The ThinkPHP framework suffers from a deserialization vulnerability (CVE‑2022‑45982) affecting versions 6.0.0‑6.0.13 and 6.1.0‑6.1.1, where unsanitized user input passed to unserialize() can allow attackers to execute arbitrary system commands, and no official patch has been released yet.
This article examines the reasons for using serialization, compares three serialization protocols (JDK built‑in, Fastjson, and Hessian) with performance metrics, and provides a detailed Hessian serialization implementation, including class definitions, test results, hex analysis, and troubleshooting of common issues.
This article explains Java object serialization and deserialization, why implementing Serializable and defining a serialVersionUID are necessary for persistence and network transfer, and demonstrates the impact of transient and static fields with complete code examples.
The article explains that Fastjson sometimes throws a syntax‑error exception when deserializing a JSON list of StewardTipCategory objects because the JVM returns overloaded constructors in nondeterministic order, causing Fastjson to pick the wrong constructor; removing or renaming the ambiguous constructor fixes the issue.
This article explains how Java's generic type erasure affects Fastjson deserialization, demonstrates common mistakes, and shows the correct way to deserialize generic fields using Fastjson's TypeReference, while also revealing the inner workings of TypeReference through reflection and anonymous classes.