Serialization issues
- '@Serial' annotation could be used
Reports methods and fields in the Serializable and Externalizable classes that are suitable to be annotated with the java.io.Serial annotation.
- '@Serial' annotation used on wrong member
Reports methods and fields in the Serializable and Externalizable classes that are not suitable to be annotated with the java.io.Serial annotation.
- 'Comparator' class not declared 'Serializable'
Reports classes that implement java.lang.Comparator, but do not implement java.io.Serializable.
- 'Externalizable' class without 'public' no-arg constructor
Reports Externalizable classes without a public no-argument constructor.
- 'Serializable' object implicitly stores non-'Serializable' object
Reports any references to local non-Serializable variables outside Serializable lambdas, local and anonymous classes.
- 'readObject()' or 'writeObject()' not declared 'private'
Reports Serializable classes where the readObject or writeObject methods are not declared private.
- 'readResolve()' or 'writeReplace()' not declared 'protected'
Reports classes that implement java.io.Serializable where the readResolve() or writeReplace() methods are not declared protected.
- 'record' contains ignored members
Reports serialization methods or fields defined in a record class.
- 'serialPersistentFields' field not declared 'private static final ObjectStreamField[]'
Reports Serializable classes whose serialPersistentFields field is not declared as private static final ObjectStreamField[].
- 'serialVersionUID' field not declared 'private static final long'
Reports Serializable classes whose serialVersionUID field is not declared private static final long.
- Externalizable class with 'readObject()' or 'writeObject()'
Reports Externalizable classes that define readObject() or writeObject() methods.
- Instance field may not be initialized by 'readObject()'
Reports fields that are not guaranteed to be initialized after the object is deserialized by the readObject() method.
- Non-serializable class with 'readObject()' or 'writeObject()'
Reports non-Serializable classes that define readObject() or writeObject() methods.
- Non-serializable class with 'serialVersionUID'
Reports non-Serializable classes that define a serialVersionUID field.
- Non-serializable field in a 'Serializable' class
Reports non-serializable fields in classes that implement java.io.Serializable.
- Non-serializable object bound to 'HttpSession'
Reports objects of classes not implementing java.io.Serializable used as arguments to javax.servlet.http.HttpSession.setAttribute() or javax.servlet.http.HttpSession.putValue().
- Non-serializable object passed to 'ObjectOutputStream'
Reports non-Serializable objects used as arguments to java.io.ObjectOutputStream.write().
- Serializable class with unconstructable ancestor
Reports Serializable classes whose closest non-serializable ancestor doesn't have a no-argument constructor.
- Serializable class without 'readObject()' and 'writeObject()'
Reports Serializable classes that do not implement readObject() and writeObject() methods.
- Serializable non-'static' inner class with non-Serializable outer class
Reports non-static inner classes that implement Serializable and are declared inside a class that doesn't implement Serializable.
- Serializable non-static inner class without 'serialVersionUID'
Reports non-static inner classes that implement java.io.Serializable, but do not define a serialVersionUID field.
- Transient field in non-serializable class
Reports transient fields in classes that do not implement java.io.Serializable.
- Transient field is not initialized on deserialization
Reports transient fields that are initialized during normal object construction, but whose class does not have a readObject method.