Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Breaking change]: Removal of inbox BinaryFormatter #39585

Closed
1 of 3 tasks
blowdart opened this issue Feb 17, 2024 · 2 comments · Fixed by #42054
Closed
1 of 3 tasks

[Breaking change]: Removal of inbox BinaryFormatter #39585

blowdart opened this issue Feb 17, 2024 · 2 comments · Fixed by #42054
Assignees
@gewarren
Labels
breaking-change Indicates a .NET Core breaking change 🏁 Release: .NET 9 Work items for the .NET 9 release doc-idea Indicates issues that are suggestions for new topics [org][type][category] in-pr This issue will be closed (fixed) by an active pull request. Pri1 High priority, do before Pri2 and Pri3 📌 seQUESTered Identifies that an issue has been imported into Quest.

Comments

@blowdart
Copy link
Contributor

blowdart commented Feb 17, 2024
edited by jeffhandley
Loading

Description

The inbox implementation of BinaryFormatter will change in .NET 9 to throw exceptions on use.

A seperate, OOB package will be produced to allow for continued use of BinaryFormatter via direct call or configuration switches.

Version

.NET 9 Preview 6

Previous behavior

The inbox BinaryFormatter could be constructed and used to serialize and deserialize payloads.

Type of breaking change

  • Binary incompatible: Existing binaries may encounter a breaking change in behavior, such as failure to load or execute, and if so, require recompilation.
  • Source incompatible: When recompiled using the new SDK or component or to target the new runtime, existing source code may require source changes to compile successfully.
  • Behavioral change: Existing binaries may behave differently at run time.

Reason for change

BinaryFormatter is an insecure format and the cause of many security bugs. Removing it from the framework increases overall safety of .NET

Recommended action

Documentation needs to be written to show how to use the new OOB package once it is created, with warnings about its security.

Feature area

System.Runtime.Serialization

Affected APIs

BinaryFormatter

Associated WorkItem - 292109
@blowdart blowdart added doc-idea Indicates issues that are suggestions for new topics [org][type][category] breaking-change Indicates a .NET Core breaking change Pri1 High priority, do before Pri2 and Pri3 labels Feb 17, 2024
@dotnet-bot dotnet-bot added the ⌚ Not Triaged Not triaged label Feb 17, 2024
@gewarren gewarren removed the ⌚ Not Triaged Not triaged label Feb 26, 2024
@blowdart blowdart mentioned this issue Mar 6, 2024
Closed
1 task
@gewarren gewarren added the 🏁 Release: .NET 9 Work items for the .NET 9 release label Jun 12, 2024
@dotnet-bot dotnet-bot added the ⌚ Not Triaged Not triaged label Jun 12, 2024
@gewarren gewarren removed the ⌚ Not Triaged Not triaged label Jul 9, 2024
@dotnet-bot dotnet-bot added the ⌚ Not Triaged Not triaged label Jul 9, 2024
@gewarren gewarren removed the ⌚ Not Triaged Not triaged label Jul 9, 2024
@dotnet-bot dotnet-bot added the ⌚ Not Triaged Not triaged label Jul 9, 2024
@gewarren gewarren removed the ⌚ Not Triaged Not triaged label Jul 9, 2024
@dotnet-bot dotnet-bot added the ⌚ Not Triaged Not triaged label Jul 9, 2024
@gewarren gewarren added the 🗺️ reQUEST Triggers an issue to be imported into Quest. label Aug 1, 2024
@dotnet-bot dotnet-bot removed the ⌚ Not Triaged Not triaged label Aug 1, 2024
@sequestor sequestor bot added 📌 seQUESTered Identifies that an issue has been imported into Quest. and removed 🗺️ reQUEST Triggers an issue to be imported into Quest. labels Aug 1, 2024
@gewarren
Copy link
Contributor

gewarren commented Aug 5, 2024

@blowdart @jeffhandley Just wanted to get clarification on which .NET 9 preview/RC/GA this will actually take hold?

@jeffhandley
Copy link
Member

It was actually included in Preview 6, but we didn't complete the migration guide or the task of refreshing this issue with the appropriate content yet. We're actively working on both of those efforts this week. We will post a comment here with the content the engineering team can provide for the breaking change doc.

@gewarren gewarren moved this from 🔖 Ready to 🏗 In progress in dotnet/docs August 2024 Sprint Aug 6, 2024
@gewarren gewarren mentioned this issue Aug 6, 2024
Merged
@dotnet-policy-service dotnet-policy-service bot added the in-pr This issue will be closed (fixed) by an active pull request. label Aug 6, 2024
@gewarren gewarren moved this from 🏗 In progress to 👀 In review in dotnet/docs August 2024 Sprint Aug 6, 2024
@github-project-automation github-project-automation bot moved this from 👀 In review to ✅ Done in dotnet/docs August 2024 Sprint Aug 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gewarren gewarren

Labels
breaking-change Indicates a .NET Core breaking change 🏁 Release: .NET 9 Work items for the .NET 9 release doc-idea Indicates issues that are suggestions for new topics [org][type][category] in-pr This issue will be closed (fixed) by an active pull request. Pri1 High priority, do before Pri2 and Pri3 📌 seQUESTered Identifies that an issue has been imported into Quest.
Projects
dotnet/docs .NET 9 documentation plan
Status: Done
dotnet/docs August 2024 Sprint
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

BinaryFormatter removal gewarren/docs
4 participants
@blowdart @jeffhandley @dotnet-bot @gewarren