Tagged articles

59 articles

Page 1 of 1

Nov 16, 2025 · Frontend Development

Boost JavaScript Deserialization: Overcome JSON.parse Limits and Performance Bottlenecks

This article explains how JSON.parse and JSON.stringify work, outlines their performance, type, and security limitations, and presents practical strategies such as reviver functions, streaming parsers, binary formats, Web Workers, and incremental loading to achieve faster and safer JavaScript deserialization.

Binary FormatDeserializationJSON

0 likes · 6 min read

Boost JavaScript Deserialization: Overcome JSON.parse Limits and Performance Bottlenecks

Spring Full-Stack Practical Cases

Oct 28, 2025 · Backend Development

Mastering Enum JSON Serialization in Spring Boot 3: Practical Guide

This article explains how to control enum serialization and deserialization in Spring Boot 3, covering default output, @JsonFormat, @JsonValue, custom serializers and deserializers, as well as @JsonProperty, @JsonCreator, and practical code examples.

DeserializationJSONJava

0 likes · 8 min read

Mastering Enum JSON Serialization in Spring Boot 3: Practical Guide

DeWu Technology

Oct 15, 2025 · Backend Development

Unlock Fastjson: Inside Its High‑Performance Serialization Engine

This article dissects Alibaba's Fastjson library, explaining its architecture, core modules, project structure, serialization and deserialization processes, ASM‑based performance optimizations, AutoType security mechanisms, and streaming API, while providing code examples and practical insights for Java developers.

DeserializationJavafastjson

0 likes · 29 min read

Unlock Fastjson: Inside Its High‑Performance Serialization Engine

JavaScript

Oct 13, 2025 · Frontend Development

When JSON.parse Slows You Down: Faster Deserialization Strategies

This article explains how JSON.parse and JSON.stringify work, outlines their performance, type, and security limitations, and presents advanced techniques such as reviver functions, streaming parsers, binary formats, Web Workers, and incremental loading to achieve faster and safer JavaScript deserialization.

DeserializationJSONJavaScript

0 likes · 6 min read

When JSON.parse Slows You Down: Faster Deserialization Strategies

Java Tech Enthusiast

Jul 7, 2025 · Backend Development

Master Dynamic JSON Fields in Java with @JsonAnyGetter and @JsonAnySetter

This article explains how to handle unknown or dynamic JSON properties in Java using Jackson's @JsonAnySetter to collect them into a Map and @JsonAnyGetter to serialize them back, complete with practical code examples and best‑practice tips.

DeserializationJSONJackson

0 likes · 7 min read

Master Dynamic JSON Fields in Java with @JsonAnyGetter and @JsonAnySetter

Java Backend Technology

Jul 7, 2025 · Backend Development

Master Dynamic JSON Fields in Java with @JsonAnyGetter and @JsonAnySetter

This article explains how Jackson's @JsonAnySetter and @JsonAnyGetter annotations let Java classes gracefully handle unknown JSON properties by collecting them into a map during deserialization and emitting them as regular fields during serialization, complete with practical code examples and usage tips.

DeserializationDynamicPropertiesJSON

0 likes · 7 min read

macrozheng

Jul 1, 2025 · Backend Development

Master Dynamic JSON Fields in Java with @JsonAnyGetter & @JsonAnySetter

This article explains how to handle JSON objects with unknown or changing fields in Java by using Jackson's @JsonAnySetter to collect them during deserialization and @JsonAnyGetter to serialize them back, complete with code examples, pitfalls, and a concise analogy.

DeserializationDynamicPropertiesJSON

0 likes · 8 min read

Master Dynamic JSON Fields in Java with @JsonAnyGetter & @JsonAnySetter

Spring Full-Stack Practical Cases

May 31, 2025 · Backend Development

Mastering Jackson ObjectMapper in Spring Boot 3: Real-World Cases & Performance Tips

This article explores Jackson's ObjectMapper in Spring Boot 3, covering basic serialization/deserialization, converting between objects, JSON strings, JsonNode, and collections, custom serializers/deserializers, handling unknown fields, and performance tuning with the Afterburner module and JMH benchmarks.

DeserializationJSONJackson

0 likes · 12 min read

Mastering Jackson ObjectMapper in Spring Boot 3: Real-World Cases & Performance Tips

Architecture Digest

May 25, 2025 · Backend Development

Mastering Dynamic JSON Fields with Jackson’s @JsonAnyGetter and @JsonAnySetter

When a JSON payload contains unpredictable fields, Jackson’s @JsonAnySetter and @JsonAnyGetter let you capture those dynamic properties into a Map during deserialization and seamlessly emit them during serialization, eliminating the need for rigid POJOs.

DeserializationDynamicPropertiesJSON

0 likes · 8 min read

Mastering Dynamic JSON Fields with Jackson’s @JsonAnyGetter and @JsonAnySetter

Java Captain

May 16, 2025 · Backend Development

Open-Source Java JSON Framework with Reflection-Based Serialization and Deserialization

This article introduces an open‑source Java JSON framework that uses recursive parsing and reflection to serialize and deserialize objects without third‑party libraries, supports generic and array types, and provides extensible features such as custom annotations, JsonPath, and HTML‑safe output.

DeserializationJSONJava

0 likes · 14 min read

Open-Source Java JSON Framework with Reflection-Based Serialization and Deserialization

Test Development Learning Exchange

May 10, 2025 · Fundamentals

Using Python's json Module: Serialization, Deserialization, and Common Operations

This article introduces Python's built‑in json module, explaining how to serialize Python objects to JSON strings and files, deserialize JSON back to Python, and demonstrates common tasks such as pretty‑printing, handling Unicode, working with lists and nested structures, custom encoders, and network responses.

DeserializationJSONPython

0 likes · 8 min read

Using Python's json Module: Serialization, Deserialization, and Common Operations

macrozheng

Apr 28, 2025 · Backend Development

Master Java Serialization: Common Pitfalls and Best Practices

This article explains the fundamentals of Java object serialization, compares legacy and modern formats, outlines how to choose the right method, and details common issues such as static fields, transient modifiers, serialVersionUID mismatches, inheritance quirks, and custom serialization techniques with clear code examples.

BackendDeserializationExternalizable

0 likes · 15 min read

Master Java Serialization: Common Pitfalls and Best Practices

Test Development Learning Exchange

Mar 21, 2025 · Fundamentals

Understanding Python's pickle Module: Serialization and Deserialization

Python's pickle module provides a simple way to serialize and deserialize complex objects such as lists, dictionaries, and class instances, allowing them to be saved to or loaded from files or byte streams, with examples of pickling, unpickling, using dumps/loads, protocol versions, and security considerations.

Data PersistenceDeserializationPickle

0 likes · 4 min read

Understanding Python's pickle Module: Serialization and Deserialization

Java Tech Enthusiast

Dec 15, 2024 · Fundamentals

Java Serialization and Deserialization: Concepts and Practices

The article explains serialization and deserialization fundamentals, highlights pitfalls such as ambiguous binary streams and platform‑dependent field sizes, then compares Java’s native ObjectOutputStream, JSON libraries, Hessian binary RPC, and Google’s Protobuf, guiding readers to select the appropriate format based on performance, payload size, and type‑safety needs.

DeserializationHessianJSON

0 likes · 8 min read

Java Serialization and Deserialization: Concepts and Practices

Test Development Learning Exchange

Oct 31, 2024 · Fundamentals

Master JSON in Python: From Basics to Advanced Custom Encoders

This tutorial walks through Python's built‑in json module, covering import, core concepts, serialization and deserialization of simple and complex structures, file I/O, and how to create custom JSONEncoder and JSONDecoder classes for advanced use cases.

DeserializationJSONPython

0 likes · 11 min read

Master JSON in Python: From Basics to Advanced Custom Encoders

Rare Earth Juejin Tech Community

Sep 24, 2024 · Mobile Development

Best Practices for JSON Serialization and Deserialization in Flutter Using json_serializable

This article explains the fundamentals of JSON serialization and deserialization in Flutter, compares manual and automated approaches, introduces the json_serializable library and its annotations, demonstrates generic handling, custom converters, and tooling to streamline model generation for robust mobile app development.

DARTDeserializationFlutter

0 likes · 23 min read

Best Practices for JSON Serialization and Deserialization in Flutter Using json_serializable

Xuanwu Backend Tech Stack

Sep 8, 2024 · Backend Development

Master Java Serialization & Deserialization: Techniques, Pitfalls, and Security

This article explains Java serialization and deserialization concepts, outlines common use cases such as distributed systems and caching, compares multiple implementation methods including Serializable, Externalizable, JSON, XML, and binary libraries, and provides practical code examples, security tips, and best‑practice guidelines.

DeserializationExternalizableJSON

0 likes · 24 min read

Master Java Serialization & Deserialization: Techniques, Pitfalls, and Security

Spring Full-Stack Practical Cases

Aug 22, 2024 · Backend Development

Master Jackson Annotations in Spring Boot 3.2.5: From @JsonAnyGetter to Custom Annotations

This tutorial explores Jackson's rich annotation set in Spring Boot 3.2.5, demonstrating how to serialize and deserialize JSON with built‑in annotations like @JsonAnyGetter, @JsonGetter, @JsonPropertyOrder, and @JsonIgnore, how to create custom annotations, and how to disable annotation processing for fine‑grained control.

DeserializationJSONJackson

0 likes · 13 min read

Master Jackson Annotations in Spring Boot 3.2.5: From @JsonAnyGetter to Custom Annotations

Java Tech Enthusiast

Aug 14, 2024 · Backend Development

Customizing JSON Serialization and Deserialization in Spring Boot

In Spring Boot you can customize JSON request and response handling by annotating fields with @JsonSerialize/@JsonDeserialize, registering a global ObjectMapper module, adding a PropertyEditor via @ControllerAdvice, creating a custom HttpMessageConverter, or using AOP interception, selecting the approach that matches your project’s complexity.

DeserializationJSONJackson

0 likes · 7 min read

Customizing JSON Serialization and Deserialization in Spring Boot

Test Development Learning Exchange

Aug 9, 2024 · Backend Development

Custom JSON Encoder and Advanced Serialization Techniques in Python

This article demonstrates how to create custom JSON encoders, serialize and deserialize custom classes, handle circular references, and use various json.dumps parameters such as default, object_pairs_hook, allow_nan, indent, separators, and ensure_ascii to control JSON output in Python.

Deserializationcustom-encoder

0 likes · 7 min read

Custom JSON Encoder and Advanced Serialization Techniques in Python

Su San Talks Tech

Jun 28, 2024 · Backend Development

Why FastJSON Throws an Illegal Identifier Error and How Escaping Saves You

The article walks through a puzzling JSON deserialization failure in a Java filter using FastJSON, compares it with Gson and Jackson, discovers that hidden escape characters cause the error, and shows how unescaping the string resolves the issue.

DeserializationGsonJSON

0 likes · 9 min read

Why FastJSON Throws an Illegal Identifier Error and How Escaping Saves You

Test Development Learning Exchange

Feb 19, 2024 · Backend Development

Using Python's json Module for Serialization, Deserialization, and API Testing

This article explains how to use Python's built‑in json module for serializing and deserializing data, demonstrates sending JSON payloads with the requests library, and covers advanced techniques such as data‑driven testing, JsonPath/JMESPath extraction, JSON Schema validation, and dynamic request body construction for API automation.

API testingDeserializationPython

0 likes · 9 min read

Using Python's json Module for Serialization, Deserialization, and API Testing

Laravel Tech Community

Oct 29, 2023 · Information Security

Remote Code Execution Vulnerability in Apache ActiveMQ < 5.18.3 (Deserialization)

Apache ActiveMQ versions prior to 5.18.3 are vulnerable to a deserialization flaw that allows remote code execution via crafted OpenWire messages on port 61616, affecting various activemq-client and activemq-openwire-legacy artifacts, and can be mitigated by upgrading to 5.15.16, 5.16.7, 5.17.6, 5.18.3 or later.

Apache ActiveMQDeserializationMessaging Middleware

0 likes · 3 min read

Remote Code Execution Vulnerability in Apache ActiveMQ < 5.18.3 (Deserialization)

Laravel Tech Community

Sep 20, 2023 · Information Security

Analysis of a ThinkPHP 6.0 Deserialization Exploit Chain via LeagueFlysystem Cached Storage

This article analyzes a ThinkPHP 6.0 deserialization exploit chain that leverages LeagueFlysystem's cached storage classes, detailing the sequence from __destruct to write, showing how controllable parameters enable arbitrary file writes and providing a proof‑of‑concept demonstration.

DeserializationExploitLeagueFlysystem

0 likes · 7 min read

Analysis of a ThinkPHP 6.0 Deserialization Exploit Chain via LeagueFlysystem Cached Storage

AntTech

Apr 19, 2023 · Information Security

ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure‑Aware Directed Greybox Fuzzing

The paper presents ODDFuzz, a structure‑aware directed greybox fuzzing framework that combines lightweight static taint analysis with targeted fuzzing to efficiently discover previously unknown Java deserialization (ODD) vulnerabilities, achieving higher recall and precision than existing tools and uncovering six new CVE‑rated bugs in popular Java frameworks.

DeserializationJavaODDFuzz

0 likes · 19 min read

ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure‑Aware Directed Greybox Fuzzing

Laravel Tech Community

Feb 15, 2023 · Information Security

ThinkPHP Deserialization Vulnerability (CVE-2022-45982)

The ThinkPHP framework suffers from a deserialization vulnerability (CVE‑2022‑45982) affecting versions 6.0.0‑6.0.13 and 6.1.0‑6.1.1, where unsanitized user input passed to unserialize() can allow attackers to execute arbitrary system commands, and no official patch has been released yet.

CVE-2022-45982DeserializationPHP

0 likes · 2 min read

ThinkPHP Deserialization Vulnerability (CVE-2022-45982)

ByteFE

Aug 22, 2022 · Backend Development

Comparison of JDK, Fastjson, and Hessian Serialization Protocols and Practical Hessian Serialization

This article examines the reasons for using serialization, compares three serialization protocols (JDK built‑in, Fastjson, and Hessian) with performance metrics, and provides a detailed Hessian serialization implementation, including class definitions, test results, hex analysis, and troubleshooting of common issues.

DeserializationHessianJava

0 likes · 12 min read

Comparison of JDK, Fastjson, and Hessian Serialization Protocols and Practical Hessian Serialization

IT Architects Alliance

Aug 21, 2022 · Fundamentals

Understanding Java Serialization, Deserialization, and serialVersionUID

This article explains Java object serialization and deserialization, why implementing Serializable and defining a serialVersionUID are necessary for persistence and network transfer, and demonstrates the impact of transient and static fields with complete code examples.

DeserializationexampleserialVersionUID

0 likes · 10 min read

Understanding Java Serialization, Deserialization, and serialVersionUID

DaTaobao Tech

Jun 24, 2022 · Backend Development

Random Fastjson Deserialization Failure Caused by Constructor Order

The article explains that Fastjson sometimes throws a syntax‑error exception when deserializing a JSON list of StewardTipCategory objects because the JVM returns overloaded constructors in nondeterministic order, causing Fastjson to pick the wrong constructor; removing or renaming the ambiguous constructor fixes the issue.

BackendConstructorOrderDebugging

0 likes · 12 min read

Random Fastjson Deserialization Failure Caused by Constructor Order

Java Backend Technology

Apr 29, 2022 · Backend Development

Master FastJSON 2.0: Maven Setup, Core APIs, and Advanced JSONPath Techniques

This guide introduces FastJSON 2.0—a high‑performance JSON/JSONB library for Java—covers Maven configuration, key classes and methods, how to serialize and deserialize Java objects, and demonstrates powerful JSONPath queries for partial data extraction.

DeserializationJavaJsonPath

0 likes · 9 min read

Master FastJSON 2.0: Maven Setup, Core APIs, and Advanced JSONPath Techniques

Programmer DD

Apr 22, 2022 · Backend Development

Master FastJSON 2.0: Maven Setup, Core APIs, and JSONPath Guide

This article introduces FastJSON 2.0, explains how to add the Maven dependency, outlines the main classes and methods for JSON, JSONB, and JSONPath, and provides code examples for serializing and deserializing Java objects as well as partial parsing with JSONPath.

DeserializationJSONJava

0 likes · 10 min read

Master FastJSON 2.0: Maven Setup, Core APIs, and JSONPath Guide

IT Services Circle

Mar 5, 2022 · Backend Development

Understanding Generic Type Erasure and Fastjson Deserialization with TypeReference in Java

This article explains how Java's generic type erasure affects Fastjson deserialization, demonstrates common mistakes, and shows the correct way to deserialize generic fields using Fastjson's TypeReference, while also revealing the inner workings of TypeReference through reflection and anonymous classes.

DeserializationGenericsTypeReference

0 likes · 9 min read

Understanding Generic Type Erasure and Fastjson Deserialization with TypeReference in Java

OPPO Amber Lab

Dec 23, 2021 · Information Security

How Java Deserialization Vulnerabilities Enable Remote Code Execution

This article explains Java's reflection mechanism, details how deserialization flaws in libraries like Apache Commons Collections and Fastjson allow attackers to craft malicious objects that trigger arbitrary command execution, and provides practical proof‑of‑concept steps and mitigation recommendations.

DeserializationExploitJava

0 likes · 7 min read

How Java Deserialization Vulnerabilities Enable Remote Code Execution

MaGe Linux Operations

Dec 14, 2021 · Fundamentals

Master Python’s Pickle: Serialize, Deserialize, and Store Objects Efficiently

This article explains Python’s built‑in pickle module, detailing its four core functions, usage syntax, parameter meanings, and practical code examples for object serialization to binary data, file storage, and deserialization, while also discussing its limitations and alternatives like ZODB.

Data PersistenceDeserializationPickle

0 likes · 8 min read

Master Python’s Pickle: Serialize, Deserialize, and Store Objects Efficiently

Programmer DD

Nov 24, 2021 · Backend Development

Master Jackson Mixins: Serialize/Deserialize Java Objects Without Changing Their Code

This tutorial explains how Java developers can use Jackson Mixins to add custom JSON serialization and deserialization behavior to classes that lack default constructors or getters, without modifying the original classes, and shows how to register Mixins via ObjectMapper or custom modules.

DeserializationJSONJackson

0 likes · 7 min read

Master Jackson Mixins: Serialize/Deserialize Java Objects Without Changing Their Code

Python Programming Learning Circle

Nov 6, 2021 · Fundamentals

Understanding Python's pickle Module: Functions, Usage, and Examples

This article introduces Python's built-in pickle module, explains its four core functions (dumps, loads, dump, load), details their parameters and usage, and provides code examples for serializing and deserializing objects to memory and files, while noting performance limitations and alternatives such as ZODB.

Data PersistenceDeserializationPickle

0 likes · 8 min read

Understanding Python's pickle Module: Functions, Usage, and Examples

Tencent Cloud Developer

Oct 11, 2021 · Backend Development

Comparison of Go JSON Parsing Libraries: Performance, Features, and Usage Guidelines

The article compares Go's built‑in encoding/json with third‑party libraries jsoniter, easyjson, jsonparser, and the author's jsonvalue, outlining each one's features, performance benchmarks, and ideal use cases—standard library for simplicity, easyjson for maximum speed with code generation, jsonparser or jsoniter for selective extraction, and jsonvalue for flexible, case‑insensitive handling.

BenchmarkDeserializationJSON

0 likes · 21 min read

Comparison of Go JSON Parsing Libraries: Performance, Features, and Usage Guidelines

Programmer DD

Aug 24, 2021 · Information Security

Fastjson RCE Chains: JdbcRowSetImpl, TemplatesImpl, and BasicDataSource Exploits

This article analyzes three Fastjson deserialization exploit chains—JdbcRowSetImpl, TemplatesImpl, and BasicDataSource—detailing how crafted JSON payloads trigger JNDI lookups, load remote malicious bytecode, and ultimately achieve remote code execution without requiring special Fastjson features.

DeserializationJNDIJava

0 likes · 13 min read

Fastjson RCE Chains: JdbcRowSetImpl, TemplatesImpl, and BasicDataSource Exploits

Full-Stack Internet Architecture

Apr 14, 2021 · Backend Development

Various Ways to Create Objects in Java: new, newInstance, Reflection, Cloning, and Deserialization

This article explains the multiple techniques for creating objects in Java—including the new operator, Class.newInstance, reflection with Constructor, cloning via Cloneable, and deserialization—while illustrating the underlying bytecode instructions and providing concrete code examples for each method.

DeserializationJavaObject Creation

0 likes · 8 min read

Various Ways to Create Objects in Java: new, newInstance, Reflection, Cloning, and Deserialization

System Architect Go

Mar 8, 2021 · Information Security

Insecure Deserialization

This article explains what insecure deserialization is, why it leads to high‑severity attacks, demonstrates typical PHP, Ruby, and Java examples, and provides practical techniques for identifying, exploiting, and mitigating unsafe deserialization vulnerabilities.

DeserializationExploitJava

0 likes · 27 min read

Programmer DD

Oct 22, 2020 · Information Security

How Fastjson’s AutoType Bypass Enables File Read and SSRF Attacks

This article provides a detailed analysis of the recent Fastjson deserialization vulnerability, explaining how the autoType bypass can be exploited to achieve arbitrary file reads, SSRF, and other attacks by leveraging gadget classes such as AutoCloseable, and walks through the debugging process and code paths involved.

AutoTypeDeserializationJava

0 likes · 10 min read

How Fastjson’s AutoType Bypass Enables File Read and SSRF Attacks

The Dominant Programmer

Sep 20, 2020 · Backend Development

Getting Started with Protocol Buffers: Serialize and Deserialize Objects in Java

This article introduces Protocol Buffers, explains its advantages over XML, and provides a step‑by‑step guide for defining .proto files, compiling them with protoc, configuring a Java Gradle project, and writing code to serialize and deserialize objects using the generated classes.

DeserializationJavaProtobuf

0 likes · 8 min read

Getting Started with Protocol Buffers: Serialize and Deserialize Objects in Java

The Dominant Programmer

Sep 18, 2020 · Fundamentals

Getting Started with Protocol Buffers: Serialize and Deserialize Objects in Java

This guide explains what Protocol Buffers are, compares them with XML, shows how to define a .proto schema, compile it with protoc, add the generated classes to a Java Gradle project, and demonstrates object serialization and deserialization with concrete code examples.

DeserializationGradleJava

0 likes · 8 min read

Java Architecture Diary

Aug 27, 2020 · Information Security

How to Mitigate the Critical Jackson‑databind CVE‑2020‑24616 Vulnerability in Spring Boot

This article explains the high‑severity CVE‑2020‑24616 deserialization flaw in jackson‑databind, identifies affected Jackson and Spring Boot versions, and provides Maven‑based remediation steps such as version pinning, dependency exclusions, and dependencyManagement configuration to prevent remote code execution.

CVE-2020-24616DeserializationJackson

0 likes · 4 min read

How to Mitigate the Critical Jackson‑databind CVE‑2020‑24616 Vulnerability in Spring Boot

OPPO Amber Lab

Jul 22, 2020 · Information Security

Understanding Web Security: Key Vulnerabilities and Penetration Testing Methods

This article explains the fundamentals of web security, outlines typical web architecture, classifies penetration testing approaches, enumerates common vulnerabilities such as SQL injection, XSS, file upload and deserialization, and discusses how attackers combine these flaws to launch advanced exploits.

DeserializationSQL injectionVulnerability Classification

0 likes · 7 min read

Understanding Web Security: Key Vulnerabilities and Penetration Testing Methods

Java Backend Technology

Jul 16, 2020 · Information Security

How Java Deserialization Enables Remote Code Execution – Exploit Chains and Fixes

This article explains the mechanics of Java deserialization vulnerabilities, demonstrates how malicious payloads can trigger Runtime.exec via Commons‑Collections transformers and AnnotationInvocationHandler, showcases full exploit code, discusses Dubbo‑specific issues, and provides practical mitigation strategies.

Commons-CollectionsDeserializationDubbo

0 likes · 17 min read

How Java Deserialization Enables Remote Code Execution – Exploit Chains and Fixes

macrozheng

Jul 13, 2020 · Information Security

Why Fastjson’s AutoType Is a Security Nightmare—and How to Fix It

This article examines Fastjson’s AutoType feature, explains how its design leads to serious deserialization vulnerabilities across multiple versions, demonstrates exploit techniques using crafted @type payloads, and provides practical mitigation steps such as enabling safeMode and upgrading to the latest release.

AutoTypeDeserializationJava

0 likes · 17 min read

Why Fastjson’s AutoType Is a Security Nightmare—and How to Fix It

Full-Stack Internet Architecture

Jul 7, 2020 · Information Security

Understanding Fastjson AutoType and Its Security Implications

This article examines Fastjson's AutoType feature, explains how it works, demonstrates how it can lead to serious deserialization vulnerabilities, reviews the evolution of related security patches across versions, and provides guidance on safe usage and mitigation strategies.

AutoTypeDeserializationJava

0 likes · 17 min read

Understanding Fastjson AutoType and Its Security Implications

Programmer DD

Jun 25, 2020 · Information Security

Critical Apache Dubbo RCE (CVE‑2020‑1948): Threat Details & Fixes

The 2020‑06‑23 security advisory reveals that Apache Dubbo versions 2.5.x, 2.6.0‑2.6.7, and 2.7.0‑2.7.6 contain a high‑severity deserialization vulnerability (CVE‑2020‑1948) allowing remote code execution, outlines its impact, provides affected version details, risk assessment, remediation steps, and references to mapping data and product‑level mitigation.

Apache DubboCVE-2020-1948Deserialization

0 likes · 5 min read

Critical Apache Dubbo RCE (CVE‑2020‑1948): Threat Details & Fixes

Selected Java Interview Questions

May 13, 2020 · Fundamentals

Understanding Java Serialization and serialVersionUID: Concepts, Usage, and Common Pitfalls

This article explains Java serialization and deserialization, the role of the Serializable interface and serialVersionUID, demonstrates how to implement and test them with code examples, and discusses related features such as transient and static fields, providing practical insights for Java developers.

DeserializationJavaserialVersionUID

0 likes · 11 min read

Understanding Java Serialization and serialVersionUID: Concepts, Usage, and Common Pitfalls

Programmer DD

Nov 27, 2019 · Backend Development

Master Fastjson: Fast Java JSON Parsing and Serialization Guide

This article introduces JSON basics, explains the Fastjson library from Alibaba, outlines its key features, and provides practical Java code examples for parsing, serializing, and converting between JSON strings, objects, arrays, maps, lists, and beans using Fastjson’s API.

DeserializationJSONJava

0 likes · 6 min read

Master Fastjson: Fast Java JSON Parsing and Serialization Guide

Selected Java Interview Questions

Nov 12, 2019 · Backend Development

Understanding Java Serialization and Deserialization

This article explains what Java serialization and deserialization are, why they are needed for object persistence and distributed systems, and provides step‑by‑step code examples showing how to implement them using the Serializable interface and ObjectOutputStream.

BackendDeserializationJava

0 likes · 6 min read

Understanding Java Serialization and Deserialization

Programmer DD

Nov 8, 2019 · Information Security

How to Exploit Apache Commons FileUpload Deserialization: Payloads, Code Walkthrough, and Fixes

This article dissects the Apache Commons FileUpload DiskFileItem deserialization flaw, explains how readObject can be abused to write arbitrary files or directories depending on FileUpload and JDK versions, demonstrates payload construction with ysoserial, provides full Java code analysis, and outlines mitigation strategies.

Apache Commons FileUploadDeserializationFile Upload Vulnerability

0 likes · 9 min read

How to Exploit Apache Commons FileUpload Deserialization: Payloads, Code Walkthrough, and Fixes

Programmer DD

Sep 12, 2019 · Backend Development

Master JSON Serialization in Java: A Deep Dive into Gson

This article walks through why developers should replace FastJson with Gson, explains Gson's core features, demonstrates basic and advanced serialization and deserialization—including handling arrays, collections, generic types, custom serializers, and annotations—while providing complete code examples and best‑practice tips.

DeserializationGsonGsonBuilder

0 likes · 20 min read

Master JSON Serialization in Java: A Deep Dive into Gson

JD Tech

Jan 21, 2019 · Information Security

Analysis of a PriorityQueue-Based Java Deserialization Gadget Using ysoserial

This article examines how a specially crafted PriorityQueue object, generated via the ysoserial tool, can be serialized and later trigger malicious code execution during Java deserialization, detailing the construction of the gadget, the transformation chain, and the underlying JVM mechanisms that enable the exploit.

DeserializationExploitGadget

0 likes · 13 min read

Analysis of a PriorityQueue-Based Java Deserialization Gadget Using ysoserial

Java Backend Technology

Apr 8, 2018 · Backend Development

Master Java Serialization & Deserialization: Core Concepts and Implementation

This article explains Java serialization and deserialization fundamentals, why they are needed, the underlying algorithms, the JDK APIs, step‑by‑step code examples, important considerations, and best practices for safely persisting and transmitting object state.

BackendDeserializationJava

0 likes · 10 min read

Master Java Serialization & Deserialization: Core Concepts and Implementation

Java Captain

Sep 26, 2017 · Backend Development

Five Ways to Create Objects in Java and Their Bytecode

This article explains five Java object‑creation techniques—using the new keyword, Class.newInstance, Constructor.newInstance, clone, and deserialization—shows their bytecode differences, provides a complete Employee example, and demonstrates each method with runnable code and output.

DeserializationObject CreationReflection

0 likes · 8 min read

Five Ways to Create Objects in Java and Their Bytecode

Ctrip Technology

Nov 1, 2016 · Information Security

Understanding Serialization, Deserialization Vulnerabilities and Mitigation in Java

The article explains Java serialization and deserialization concepts, provides sample code for serializing a string to a file and restoring it, describes how insecure deserialization leads to remote code execution vulnerabilities illustrated by ActiveMQ, JBoss and Jenkins cases, and outlines mitigation techniques such as class whitelisting, encryption, and using transient fields.

DeserializationJavaMitigation

0 likes · 7 min read

Understanding Serialization, Deserialization Vulnerabilities and Mitigation in Java

Meituan Technology Team

Mar 4, 2015 · Big Data

Serialization and Deserialization: Concepts, Protocols, and Selection Guidelines

The article explains serialization and deserialization fundamentals, compares key protocols (XML/SOAP, JSON, Thrift, Protobuf, Avro) across readability, performance, extensibility and security, presents benchmark results, and offers practical guidelines for choosing the most suitable format for various distributed system scenarios.

DeserializationProtocolsserialization

0 likes · 26 min read

Serialization and Deserialization: Concepts, Protocols, and Selection Guidelines