BinaryFormatter has security flaws and requiring the paid version for JSON serialization is sketchy

[bradlis7]

Microsoft has deprecated BinaryFormatter (https://docs.microsoft.com/en-us/dotnet/standard/serialization/binaryformatter-security-guide), and it seems like bad practice to force users to pay to use another method, such as JSON or XML, to serialize objects.

[Alex-Alachisoft]

Hi @bradlis7, yes, this has been noted down and is being considered for the next releases of NCache Open Source. Also, note that Microsoft has not yet discontinued the use of BinaryFormatter and you can still use Binary Serialization (with a warning) in NCache OpenSource. Moreover, if you wish to use JSON serialization then you can use the NCache Professional or Enterprise editions. Additionally, as mentioned above, when BinaryFormatter is officially discontinued by Microsoft, our engineering board will review the provision support of JSON serialization in the NCache OpenSource edition.

[Rich-Ott]

With the announcement that BinaryFormatter is being removed later this year with .NET 9 (https://github.com/dotnet/announcements/issues/293), is this going to be put up for review?