Oracle plans to dump risky Java serialization

A “horrible mistake” from 1997, the Java object serialization capability for encoding objects has serious security issues