search

dotnet / docs

This repository contains .NET Documentation.
https://learn.microsoft.com/dotnet
Creative Commons Attribution 4.0 International
4.24k stars 5.89k forks source link

Indirect usage of BinaryFormatter via WinForms ImageList causes compiler warnings #40044

Open SoftCircuits opened 6 months ago

SoftCircuits commented 6 months ago

Type of issue

Missing information

Description

After updating my WinForms application to .NET 8, I'm now getting MSB3825 compiler warnings saying that BinaryFormatter is deprecated and will be removed in a future version.

This article recommends that I "migrate away from BinaryFormatter due to its security and reliability flaws."

But this isn't helpful. I never opted into using BinaryFormatter. I added other WinForm components, and apparently they are using this type. In my case, it appears that an ImageList control is using it.

So does this mean I need to stop using ImageList? How can I migrate away from something that is being used behind the scenes by WinForms? None of this information helps me to resolve the issue.

Page URL

https://learn.microsoft.com/en-us/dotnet/core/compatibility/serialization/8.0/binaryformatter-disabled

Content source URL

https://github.com/dotnet/docs/blob/main/docs/core/compatibility/serialization/8.0/binaryformatter-disabled.md

Document Version Independent Id

5048d220-6e5c-3130-b1db-ead1efbf7c36

Article author

@gewarren

Metadata

gewarren commented 6 months ago

@merriemcgaw Could you advise on this issue?

merriemcgaw commented 6 months ago

@JeremyKuhne @lonitra I'll let you two advise. @gewarren - I think we'll want some official guidance in the docs specific to WinForms.

JeremyKuhne commented 6 months ago

ImageList will be handled for you in .NET 9 (the code has been added for this already). Other "built-in" types (int[], string, etc.) that utilize the Binary Format (that the BinaryFormatter reads/writes) are handled implicitly for you in WinForms scenarios without utilizing the BinaryFormatter (as of .NET 8).

Please feel free to open issues in https://github.com/dotnet/winforms regarding specific Windows Forms BinaryFormatter concerns.

Note that there will always be a way to get BinaryFormatter support for your code. It isn't safe for untrusted input and should not be used unless strictly necessary (which sometimes it is).

jeffhandley commented 6 months ago

@JeremyKuhne -- I've renamed this issue to describe the issue better. I'm tempted to transfer this issue over to dotnet/winforms so we can track it against the 9.0.0 milestone there. What do you think?