Will dropping Serialization support from Java kill RMI in EAP 6.X (and earlier)

Latest response

Good day!

Our company use a "traditional" J2EE type system where we have multiple application types connecting to the EAP server system, andspecifically the main client in our system being a traditional Swing desktop program that relies heavily on RMI. This is used in a distributed fashion among several offices and locations country-wide, RMI bean calls running over VPN quite seamlessly. This has worked for many years now and although we have started the process of migrating the system architecture to a different web- application -based approach it won't be happening overnight due to the sheer size of the system.

The proposed dropping of Serialization from Java (see for instance https://www.bleepingcomputer.com/news/security/oracle-plans-to-drop-java-serialization-support-the-source-of-most-security-bugs/ ) seems to me to mean that RMI will die a horrible death right there and then. Is this correct? Any idea if the Wildfly / EAP community plan to continue to support Serialization in EAP 6.X (and earlier, if anyone still used the older versions).

Responses

Hi Jan,

I'll precede my comments with a warning that they do not constitute a Red Hat product commitment; you should contact your Red Hat account manager/customer success manager for any concerns that require such assurances.

Usually these big changes are introduced in future releases of Java EE (now called Jakarta EE). Releases of JBoss EAP are certified and supported with specific JDK release streams (you can see the JBoss EAP 6 supported configs here), so any changes to a supported Java EE specification will be supported in JBoss EAP.

In my opinion, it would be very unlikely that serialization will be removed from existing and past versions of Java EE (e.g. Java EE 6, 7, or 8). As far as I know, plans to remove serialization from Java have only been flagged at the moment, and the change to remove it will most likely be implemented in a future JEE version.

I hope this helps!

Thank you for the information, Lucas. Very much appreciated.