Serializable API is very powerful, and very dangerous. Any
consumption of a serialized object that cannot be explicitly trusted will likely
result in a critical remote code execution bug that will give an attacker
control of the application. (See
Effective Java 3rd Edition §85)
Consider using less powerful serialization methods, such as JSON or XML.
Suppress false positives by adding the suppression annotation
@SuppressWarnings("BanSerializableRead") to the enclosing element.