[XSTR-762] private readResolve() called on superclass

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.3.1, 1.4.7
Fix Version/s: 1.4.8
Component/s: Core
Labels:
None

JDK version and platform:
Oracle 1.7.0_40 for Windows

Description

This behavior is not consistent with java serialization, java serialization only calls readResolve() on superclass if visibility of this method is public or protected.

See: ObjectStreamClass.getInheritableMethod

As a result of this serialized classes may be replaced by superclass instances on deserialization.

Workaround: Implement readresolve() in all subclasses.

Activity

Hide

Permalink

Jörg Schaible added a comment - 30/Oct/14 8:18 AM

Thanks for heads-up. Actually you found a bug present in XStream for more than 10 years

Show

Jörg Schaible added a comment - 30/Oct/14 8:18 AM Thanks for heads-up. Actually you found a bug present in XStream for more than 10 years

Jörg Schaible made changes - 30/Oct/14 8:18 AM

Field	Original Value	New Value
Resolution		Fixed [ 1 ]
Fix Version/s		1.4.x Maintenance [ 19602 ]
Status	Open [ 1 ]	Resolved [ 5 ]

Hide

Permalink

Peter Plosz added a comment - 30/Oct/14 4:15 PM

Thanks for the fix.

Show

Peter Plosz added a comment - 30/Oct/14 4:15 PM Thanks for the fix.

Jörg Schaible made changes - 18/Feb/15 12:28 PM

Fix Version/s	1.4.x Maintenance [ 19602 ]
Fix Version/s		1.4.8 [ 20992 ]

Jörg Schaible made changes - 18/Feb/15 12:29 PM

Status

Resolved [ 5 ]

Closed [ 6 ]

People

Assignee:

Jörg Schaible

Reporter:

Peter Plosz

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

09/Sep/14 3:25 AM

Updated:

18/Feb/15 12:29 PM

Resolved:

30/Oct/14 8:18 AM