src/java.base/share/classes/java/io/package-info.java

rev 49438 : 8197595: Serialization javadoc should link to security best practices
Reviewed-by: lancea, sean, ahgross

*** 29,51 ****
   *
   * Unless otherwise noted, passing a null argument to a constructor or
   * method in any class or interface in this package will cause a
   * {@code NullPointerException} to be thrown.
   *
!  * <h2>Package Specification</h2>
   * <ul>
   *   <li><a href="{@docRoot}/../specs/serialization/index.html">
   *       Java Object Serialization Specification </a>
!  * </ul>
!  *
!  * <h2>Related Documentation</h2>
!  *
!  * For overviews, tutorials, examples, guides, and tool documentation,
!  * please see:
!  * <ul>
   *     <li>{@extLink serialver_tool_reference The serialver tool}</li>
-  *     <li>{@extLink serialization_guide Serialization Documentation}</li>
   * </ul>
   *
   * @since 1.0
   */
  package java.io;
--- 29,49 ----
   *
   * Unless otherwise noted, passing a null argument to a constructor or
   * method in any class or interface in this package will cause a
   * {@code NullPointerException} to be thrown.
   *
!  * <h2>Object Serialization</h2>
!  * <p><strong>Warning: Deserialization of untrusted data is inherently dangerous
!  * and should be avoided. Untrusted data should be carefully validated according to the
!  * "Serialization and Deserialization" section of the
!  * {@extLink secure_coding_guidelines_javase Secure Coding Guidelines for Java SE}.
!  * </strong></p>
   * <ul>
   *   <li><a href="{@docRoot}/../specs/serialization/index.html">
   *       Java Object Serialization Specification </a>
!  *   <li>{@extLink serialization_filter_guide Serial Filtering} best practices</li>
   *   <li>{@extLink serialver_tool_reference The serialver tool}</li>
   * </ul>
   *
   * @since 1.0
   */
  package java.io;