mirror of
https://github.com/github/codeql.git
synced 2026-02-23 18:33:42 +01:00
e21cbe82a9
Where possible update Java documentation links to Java 11. Additionally update some other links to use HTTPS.
43 lines
1.2 KiB
XML
43 lines
1.2 KiB
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
|
|
|
|
<overview>
|
|
<p>
|
|
A serializable class that uses the <code>serialVersionUID</code> field to act as an object version number must declare the field
|
|
to be <code>final</code>, <code>static</code>, and of type <code>long</code> for it to be used by the Java serialization framework.
|
|
</p>
|
|
|
|
</overview>
|
|
<recommendation>
|
|
<p>
|
|
Make sure that the <code>serialVersionUID</code> field in a serialized class is final, static, and of type <code>long</code>.
|
|
</p>
|
|
|
|
</recommendation>
|
|
<example>
|
|
|
|
<p>In the following example, <code>WrongNote</code> defines <code>serialVersionUID</code> using the wrong
|
|
type, so that it is not used by the Java serialization framework. However, <code>Note</code> defines it correctly
|
|
so that it is used by the framework.</p>
|
|
|
|
<sample src="IncorrectSerialVersionUID.java" />
|
|
|
|
</example>
|
|
<references>
|
|
|
|
|
|
<li>
|
|
Java API Specification:
|
|
<a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/io/Serializable.html">Serializable</a>.
|
|
</li>
|
|
<li>
|
|
JavaWorld: <a href="https://www.infoworld.com/article/2071731/ensure-proper-version-control-for-serialized-objects.html">Ensure proper version control for serialized objects</a>.
|
|
</li>
|
|
|
|
|
|
</references>
|
|
</qhelp>
|