Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Breaking change]: obsoletion of SerializationFormat.Binary #28726

Closed
2 tasks done
roji opened this issue Mar 18, 2022 · 0 comments · Fixed by #28734
Closed
2 tasks done

[Breaking change]: obsoletion of SerializationFormat.Binary #28726

roji opened this issue Mar 18, 2022 · 0 comments · Fixed by #28734
Assignees
@gewarren
Labels
binary incompatible Existing binaries may encounter a breaking change in behavior. breaking-change Indicates a .NET Core breaking change 🏁 Release: .NET 7 Work items for the .NET 7 release doc-idea Indicates issues that are suggestions for new topics [org][type][category] Pri1 High priority, do before Pri2 and Pri3 source incompatible Source code may encounter a breaking change in behavior when targeting the new version.

Comments

@roji
Copy link
Member

roji commented Mar 18, 2022

Description

SerializationFormat.Binary is obsolete in .NET 7 for DataTable/DataSet, because it relies on BinaryFormatter which is insecure (see dotnet/runtime#39289), and code using it will start to get an exception unless a special AppContext switch is used. The plan is to remove the code entirely in .NET 8, at which point the AppContext switch will stop working as well (dotnet/runtime#65140).

Version

.NET 7 Preview 2

Previous behavior

DataTable and DataSet could be serialized and deserialized with their RemotingFormat property set to SerializationFormat.Binary, which used BinaryFormatter under the hood.

New behavior

Attempting to serialize or deserialize DataTable and DataSet with their RemotingFormat property set to SerializationFormat.Binary now throws.

A new AppContext switch has been introduced (Switch.System.Data.AllowUnsafeSerializationFormatBinary) which allows opt back into allowing SerializationFormat.Binary again, so that code can work as before. We plan to remove the switch in .NET 8.

Type of breaking change

  • Binary incompatible: Existing binaries may encounter a breaking change in behavior, such as failure to load/execute or different run-time behavior.
  • Source incompatible: Source code may encounter a breaking change in behavior when targeting the new runtime/component/SDK, such as compile errors or different run-time behavior.

Reason for change

SerializationFormat.Binary is implemented via BinaryFormatter, which is insecure and being obsoleted across the entire .NET stack.

Recommended action

Code currently using SerializationFormat.Binary should switch to using SerializationFormat.Xml, or use another method of serialization.

Feature area

Core .NET libraries

Affected APIs

  • The SerializationFormat.Binary enum member is now obsolete.
  • DataSet.RemotingFormat and DataTable.RemotingFormat: These now throw when set to SerializationFormat.Binary (unless the Switch.System.Data.AllowUnsafeSerializationFormatBinary AppContext switch is specified).
  • The deserialization constructors for DataTable and DataSet (1, 2) now throw if given binary data (unless the Switch.System.Data.AllowUnsafeSerializationFormatBinary AppContext switch is specified).
@roji roji added doc-idea Indicates issues that are suggestions for new topics [org][type][category] breaking-change Indicates a .NET Core breaking change Pri1 High priority, do before Pri2 and Pri3 labels Mar 18, 2022
@dotnet-bot dotnet-bot added ⌚ Not Triaged Not triaged 🏁 Release: .NET 7 Work items for the .NET 7 release binary incompatible Existing binaries may encounter a breaking change in behavior. source incompatible Source code may encounter a breaking change in behavior when targeting the new version. labels Mar 18, 2022
@roji roji mentioned this issue Mar 18, 2022
Closed
This was referenced Mar 19, 2022
Merged
Merged
@dotnet-bot dotnet-bot removed the ⌚ Not Triaged Not triaged label Mar 21, 2022
@ericstj ericstj mentioned this issue Sep 15, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gewarren gewarren

Labels
binary incompatible Existing binaries may encounter a breaking change in behavior. breaking-change Indicates a .NET Core breaking change 🏁 Release: .NET 7 Work items for the .NET 7 release doc-idea Indicates issues that are suggestions for new topics [org][type][category] Pri1 High priority, do before Pri2 and Pri3 source incompatible Source code may encounter a breaking change in behavior when targeting the new version.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add syslib0038 and syslib0039 gewarren/docs
3 participants
@roji @dotnet-bot @gewarren