Spring Security 6.3 Adds Passive JDK Serialization/Deserialization for Seamless Upgrades
In the early versions of Spring Security, a deliberate decision was made to avoid providing any guarantee of compatibility for serialized classes via JDK serialization between different versions of the project. This decision primarily took into account the context of RMI, with the recommendation...