ErrorMessage.java imports java.io.serialize, but does not appear to be necessary. Could that be removed? My team was reviewing it as part of a review of the Java Deserialization vulnerability.
We've made a workaround to remove it in our project and satisfy our security team, but still use the rest of the spring-rest-exception-handler code. Just wondering if that change could be integrated the library.
ErrorMessage.java imports java.io.serialize, but does not appear to be necessary. Could that be removed? My team was reviewing it as part of a review of the Java Deserialization vulnerability.
We've made a workaround to remove it in our project and satisfy our security team, but still use the rest of the spring-rest-exception-handler code. Just wondering if that change could be integrated the library.