IEEE

LiteCobra: Enhancing Java Deserialization Vulnerability Detection with Call Graph Pruning

Abstract: Java deserialization vulnerabilities have become a critical security threat, challenging to detect and even harder to exploit due to deserialization's flexible and customizable nature.
GitHub

Support for Serialization and De-serialization of Metrics and Logs using Spring Data

Is your feature request related to a problem? Please describe. The current metric (potentially also log) types of OTel Java Instrumentation do not support serialization / de-serialization and ...
GitHub

JSON Deserialization fails on entity creation with odata v4 client

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.42.jar:10.1.42] Describe the Bug We have a CAP Java service using local ...
CSOonline

Big hole in big data: Critical deserialization bug in Apache Parquet allows RCE

A flaw in code for handling Parquet, Apache’s open-source columnar data file format, allows attackers to run arbitrary code on vulnerable instances. The vulnerability, tracked as CVE-2025-30065, is a ...
InfoWorld

How to handle type erasure in advanced Java generics

Type erasure in Java generics programming can cause a variety of problems in your code. Fortunately, there are ways to work around them. Generics programming in Java enhances type safety and code ...
Scientific Research Publishing

Richardson, C. (2018) Microservices Patterns: With Examples in Java. Manning Publications.

ABSTRACT: Microservices have revolutionized traditional software architecture. While monolithic designs continue to be common, particularly in legacy applications, there is a growing trend towards the ...
CSOonline

Attackers hide malicious code in Hugging Face AI model Pickle files

The popular Python Pickle serialization format, which is common for distributing AI models, offers ways for attackers to inject malicious code that will be executed on computers when loading models ...