Polymorphic serialization for .NET
We've expanded our deserialization safety check to block dangerous types from being deserialized; we recommend this method as a best practice to prevent deserialization of untrusted data. You can now create a custom deserialize layer type filter programmatically:
var typeFilter = TypeFilterBuilder.Create()
.Include<AllowedClassA>()
.Include<AllowedClassB>()
.Build();
var options = SerializerOptions.Default
.WithTypeFilter(typeFilter);
var serializer = new Serializer(options);
For complete documentation, please read the readme on filtering types for secure deserialization.
We've added a deserialization safety check to block dangerous types from being deserialized.
This is done to add a layer of security from possible code injection and code execution attack.
Currently it is an all or nothing feature that can be turned on and off by using the new DisallowUnsafeTypes
flag inside SerializerOptions
(defaults to true).
The unsafe types that are currently blocked are:
Possible breaking changes
The change to the object serializer field ordering might cause a deserialization failure of persisted objects that are serialized using the Hyperion serializer.
Please report any serialization problem that occurs after an upgrade to this version at the issue tracker
This list of changes was auto generated.
We've expanded our deserialization safety check to block dangerous types from being deserialized; we recommend this method as a best practice to prevent deserialization of untrusted data. You can now create a custom deserialize layer type filter programmatically:
var typeFilter = TypeFilterBuilder.Create()
.Include<AllowedClassA>()
.Include<AllowedClassB>()
.Build();
var options = SerializerOptions.Default
.WithTypeFilter(typeFilter);
var serializer = new Serializer(options);
For complete documentation, please read the readme on filtering types for secure deserialization.
We've added a deserialization safety check to block dangerous types from being deserialized.
This is done to add a layer of security from possible code injection and code execution attack.
Currently it is an all or nothing feature that can be turned on and off by using the new DisallowUnsafeTypes
flag inside SerializerOptions
(defaults to true).
The unsafe types that are currently blocked are:
Possible breaking changes
The change to the object serializer field ordering might cause a deserialization failure of persisted objects that are serialized using the Hyperion serializer.
Please report any serialization problem that occurs after an upgrade to this version at the issue tracker
This list of changes was auto generated.
We've expanded our deserialization safety check to block dangerous types from being deserialized; we recommend this method as a best practice to prevent deserialization of untrusted data. You can now create a custom deserialize layer type filter programmatically:
var typeFilter = TypeFilterBuilder.Create()
.Include<AllowedClassA>()
.Include<AllowedClassB>()
.Build();
var options = SerializerOptions.Default
.WithTypeFilter(typeFilter);
var serializer = new Serializer(options);
For complete documentation, please read the readme on filtering types for secure deserialization.
We've added a deserialization safety check to block dangerous types from being deserialized.
This is done to add a layer of security from possible code injection and code execution attack.
Currently it is an all or nothing feature that can be turned on and off by using the new DisallowUnsafeTypes
flag inside SerializerOptions
(defaults to true).
The unsafe types that are currently blocked are:
Possible breaking changes
The change to the object serializer field ordering might cause a deserialization failure of persisted objects that are serialized using the Hyperion serializer.
Please report any serialization problem that occurs after an upgrade to this version at the issue tracker
This list of changes was auto generated.
We've added a deserialization safety check to block dangerous types from being deserialized.
This is done to add a layer of security from possible code injection and code execution attack.
Currently it is an all or nothing feature that can be turned on and off by using the new DisallowUnsafeTypes
flag inside SerializerOptions
(defaults to true).
The unsafe types that are currently blocked are:
Possible breaking changes
The change to the object serializer field ordering might cause a deserialization failure of persisted objects that are serialized using the Hyperion serializer.
Please report any serialization problem that occurs after an upgrade to this version at the issue tracker
This list of changes was auto generated.
We've added a deserialization safety check to block dangerous types from being deserialized.
This is done to add a layer of security from possible code injection and code execution attack.
Currently it is an all or nothing feature that can be turned on and off by using the new DisallowUnsafeTypes
flag inside SerializerOptions
(defaults to true).
The unsafe types that are currently blocked are:
common.props
(#253)This list of changes was auto generated.
Possible breaking changes
The change to the object serializer field ordering might cause a deserialization failure of persisted objects that are serialized using the Hyperion serializer.
Please report any serialization problem that occurs after an upgrade to this version at the issue tracker
This list of changes was auto generated.
This list of changes was auto generated.
This list of changes was auto generated.
You can now address any cross platform package serialization differences by providing a list of package name transformation lambda function into the SerializerOptions
constructor. The package name will be passed into the lambda function before it is deserialized, and the result of the string transformation is used for deserialization instead of the original package name.
This short example shows how to address the change from System.Drawing
in .NET Framework to System.Drawing.Primitives
in .NET Core:
Serializer serializer;
#if NETFX
serializer = new Serializer(new SerializerOptions(
packageNameOverrides: new List<Func<string, string>> {
str => str.Contains("System.Drawing.Primitives") ? str.Replace(".Primitives", "") : str
}));
#elif NETCOREAPP
serializer = new Serializer();
#endif
Note that only one package name transformation is allowed, any transform lambda function after the first applied transformation is ignored.
This list of changes was auto generated.
This list of changes was auto generated.