Skip to content

[Breaking change]: obsoletion of SerializationFormat.Binary #28726

New issue
New issue
Closed
#28734
Closed
[Breaking change]: obsoletion of SerializationFormat.Binary#28726
#28734
Assignees
gewarren
Labels
🏁 Release: .NET 7Work items for the .NET 7 releasebinary incompatibleExisting binaries may encounter a breaking change in behavior.breaking-changeIndicates a .NET Core breaking changesource incompatibleSource code may encounter a breaking change in behavior when targeting the new version.
@roji

Description

@roji
roji
opened on Mar 18, 2022

Description

SerializationFormat.Binary is obsolete in .NET 7 for DataTable/DataSet, because it relies on BinaryFormatter which is insecure (see dotnet/runtime#39289), and code using it will start to get an exception unless a special AppContext switch is used. The plan is to remove the code entirely in .NET 8, at which point the AppContext switch will stop working as well (dotnet/runtime#65140).

Version

.NET 7 Preview 2

Previous behavior

DataTable and DataSet could be serialized and deserialized with their RemotingFormat property set to SerializationFormat.Binary, which used BinaryFormatter under the hood.

New behavior

Attempting to serialize or deserialize DataTable and DataSet with their RemotingFormat property set to SerializationFormat.Binary now throws.

A new AppContext switch has been introduced (Switch.System.Data.AllowUnsafeSerializationFormatBinary) which allows opt back into allowing SerializationFormat.Binary again, so that code can work as before. We plan to remove the switch in .NET 8.

Type of breaking change

  • Binary incompatible: Existing binaries may encounter a breaking change in behavior, such as failure to load/execute or different run-time behavior.
  • Source incompatible: Source code may encounter a breaking change in behavior when targeting the new runtime/component/SDK, such as compile errors or different run-time behavior.

Reason for change

SerializationFormat.Binary is implemented via BinaryFormatter, which is insecure and being obsoleted across the entire .NET stack.

Recommended action

Code currently using SerializationFormat.Binary should switch to using SerializationFormat.Xml, or use another method of serialization.

Feature area

Core .NET libraries

Affected APIs

  • The SerializationFormat.Binary enum member is now obsolete.
  • DataSet.RemotingFormat and DataTable.RemotingFormat: These now throw when set to SerializationFormat.Binary (unless the Switch.System.Data.AllowUnsafeSerializationFormatBinary AppContext switch is specified).
  • The deserialization constructors for DataTable and DataSet (1, 2) now throw if given binary data (unless the Switch.System.Data.AllowUnsafeSerializationFormatBinary AppContext switch is specified).

Metadata

Metadata

Assignees

Labels

🏁 Release: .NET 7Work items for the .NET 7 releasebinary incompatibleExisting binaries may encounter a breaking change in behavior.breaking-changeIndicates a .NET Core breaking changesource incompatibleSource code may encounter a breaking change in behavior when targeting the new version.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions