Eclipse Serializer is a serialization written from the ground up that works fundamentally differently from Java serialization and other encodings. Eclipse Serializer strictly separates data from code and transfers data only. Through deserialization, no code is executed at all. Thus, injecting and executing malicious code is impossible. Due to this highly-secure design, Eclipse Serializer protects against fatal deserialization attacks and eliminates the biggest security flaw of Java. This makes Eclipse Serializer a highly secure alternative to other serialization.
The content of this open source project is received and distributed under the license(s) listed above. Some source code and binaries may be distributed under different terms. Specific license information is provided in file headers and in NOTICE files distributed with the project's binaries.