[Breaking change]: BinaryFormatter disabled across almost all project types by default

[GrabYourPitchforks]

Description

Beginning with .NET 8 Preview 4, the BinaryFormatter.Serialize and BinaryFormatter.Deserialize methods will throw NotSupportedException across nearly all project types, including console applications.

A compatibility switch exists for applications which need to reenable BinaryFormatter behavior. See below for details.

Version

.NET 8 Preview 4

Previous behavior

In .NET 7, the BinaryFormatter.Serialize and BinaryFormatter.Deserialize methods were marked obsolete as error. However, if an application suppressed the obsoletion, the methods could still be called and would still function properly in most project types (excluding aspnet, wasm, and MAUI). For example, the APIs would function properly within a console app.

New behavior

In .NET 8 Preview 4, these methods will throw NotSupportedException at runtime across all project types except WinForms and WPF. The APIs continue to remain obsolete-as-error across all project types, including WinForms and WPF.

Type of breaking change

• [ ] Binary incompatible: Existing binaries may encounter a breaking change in behavior, such as failure to load or execute, and if so, require recompilation.
• [ ] Source incompatible: When recompiled using the new SDK or component or to target the new runtime, existing source code may require source changes to compile successfully.
• [X] Behavioral change: Existing binaries may behave differently at run time.

Reason for change

This is the next stage of the BinaryFormatter obsoletion plan, preparing for BinaryFormatter's eventual removal from .NET. See earlier breaking change notifications for additional context:

• .NET 5 BinaryFormatter breaking changes
• .NET 7 BinaryFormatter breaking changes

Recommended action

The best course of action is to migrate away from BinaryFormatter due to its security and reliability flaws.

However, should you need to continue using BinaryFormatter, please review the Recommended action section of the .NET 7 breaking change notification. That document provides a compatibility switch that can be set in your application's project file to reenable BinaryFormatter functionality. That compatibility switch continues to be honored in .NET 8.

Feature area

Serialization

Affected APIs

• System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream, object)
• System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream)

---

Associated WorkItem - 91247

[IS4Code]

Not only is .NET Core still missing things present in .NET Framework, but now others are being removed. Lol.