4-21 - Insecure serialized data detected

possible reason

The current server may be under attack or Dubbo’s built-in class checking logic has not scanned the class you defined.

Troubleshooting and resolution steps

  1. If the source of the request is an attack source, please perform security hardening in time.
  2. If the request source is expected, please declare the class name you are using in the security/serialize.allowlist resource file, and Dubbo will automatically load it into the security list.


Currently Dubbo can work in monitoring mode and restricted mode. The monitoring mode only prints logs and does not intercept; the restricted model will intercept.

Last modified January 11, 2023: Add 4-21 (#1836) (b9ea1efcaeb)