A significant change in the .NET ecosystem was announced: the BinaryFormatter serialization method will be removed in an upcoming .NET 9 release. This decision, detailed in a recent GitHub issue post, marks the culmination of a phased obsoletion strategy aimed at enhancing security within applications.
BinaryFormatter
BinaryFormatter has been part of .NET since its early days, providing a method for serializing and deserializing objects. However, it has long been criticized for its security vulnerabilities, prompting Microsoft to advise developers to seek alternative serialization methods.
Developers targeting older .NET Framework versions, such as 2.x, 4.x, or .NET Core 3.1, will not be affected by this change, as BinaryFormatter will continue to function as expected in these applications. Nevertheless, the move to remove BinaryFormatter is a clear signal that Microsoft is prioritizing security and modern development practices.
RIP BinaryFormatter in .NET 9. Barry's finally getting his wish 😂. For as much as I joke about it, the removal from the runtime truly is for a good cause. https://t.co/TroCmlQL2q
— Jeremy Sinclair #ฺNET (@sinclairinat0r) February 9, 2024
The removal of BinaryFormatter aligns with Microsoft’s broader efforts to guide developers toward safer and more secure coding practices. As the .NET community prepares for this transition, developers are encouraged to evaluate their applications’ backward compatibility needs and explore alternative serialization options that offer better security and performance.
Microsoft advises using alternatives, as many other in-box serializers can handle untrusted data safely. These options include:
- XmlSerializer and DataContractSerializer to serialize object graphs into and from XML. Try not to confuse
DataContractSerializerwith NetDataContractSerializer. - BinaryReader and BinaryWriter for XML and JSON.
- The System.Text.Json APIs to serialize object graphs into JSON.
This change is expected to have a significant impact on the .NET development landscape, and Microsoft is likely to provide further guidance and tools to assist developers in migrating away from BinaryFormatter. As the .NET platform continues to evolve, staying informed and adaptable will be crucial for developers looking to maintain and modernize their applications.
Related Posts
- Here are the epic .NET (dotnet) announcements made at Microsoft Build 2024, including .NET Aspire, AI, and more
- Microsoft Launches preview of Arm-based Azure VMs featuring new, efficient Cobalt 100 processor
- New Microsoft PowerToys update to v0.81 brings Advanced Paste, bug fixes, and coming sometime soon to Dev Home
- NVIDIA GeForce NOW brings Black Myth: Wukong and FINAL FANTASY XVI (16) demo to the cloud
- The always entertaining CES 2024 starts in Las Vegas, and other TLDR stories from MSFT News Now
Discover more from Microsoft News Now
Subscribe to get the latest posts sent to your email.
