search

dotnet / winforms

Windows Forms is a .NET UI framework for building Windows desktop applications.
MIT License
4.31k stars 956 forks source link

Epic- Update BinaryFormatter usage #6267

Open merriemcgaw opened 2 years ago

merriemcgaw commented 2 years ago

Official BinaryFormatter removal announcement: https://github.com/dotnet/runtime/issues/98245

BinaryFormatter is an inherently unsafe serliazer. WinForms used it quite a bit in early versions and now we should remove as much of this as possible.

This is part of the dotnet/planning/issues/27 theme

Related:

weltkante commented 2 years ago

whats the replacement for BinaryFormatter in clipboard/drag'n'drop data exchange? anything been announced yet?

[edit] found it myself, #6269, sorry for the noise, will follow that issue as it evolves.

RussKie commented 2 years ago

At this stage we don't have any formed plans or announcements. Binary formatters are used in multiple scenarios - e.g. the clipboard and resources. We are fully aware this deprecation will likely have far reaching impact, and we need to plan accordingly.

merriemcgaw commented 1 year ago

@JeremyKuhne Is there anything you think should be included in this epic that I haven't already added?

merriemcgaw commented 1 year ago

@JeremyKuhne some of these things may go away entirely with your new PRs. I want to capture your work here for Preview 5 and break out a .NET 9 follow up set of items to track separately.

MagicAndre1981 commented 5 months ago

why is this only Prio 2 if BinaryFormatter gets removed in .NET9? I think this should be critical issue for .net 9 milestone @merriemcgaw

merriemcgaw commented 5 months ago

@MagicAndre1981 It was pri 2 for the .NET 8 release 😄 , thanks for pointing that out - I'll adjust now!

kirsan31 commented 4 months ago

After build our apps with .Net8 we see such warnings for autogenerated typed datasets (actually typed DataTables): image

DS.Designer.cs: warning SYSLIB0051: 'DataSet.DataSet(SerializationInfo, StreamingContext, bool)' is obsolete: 'This API supports obsolete formatter-based serialization. It should not be called or extended by application code.' (https://aka.ms/dotnet-warnings/SYSLIB0051)

DS.Designer.cs: warning SYSLIB0051: 'TypedTableBase.TypedTableBase(SerializationInfo, StreamingContext)' is obsolete: 'This API supports obsolete formatter-based serialization. It should not be called or extended by application code.' (https://aka.ms/dotnet-warnings/SYSLIB0051)

What will happen with all of this in .Net9? We have some of these legacy typed datasets generated by designer 😳 Also time to time we use designer to edit generated datasets.

kirsan31 commented 4 months ago

/cc @merriemcgaw @JeremyKuhne

JeremyKuhne commented 2 months ago

@KlausLoeffelmann this is something we'll want to investigate.

@kirsan31 at worst, you'll have to reference a new NuGet package to get this to work. We're working on making sure embedded resources just work (as they're considered trusted). I'm not sure what the BinaryFormatter workflow is for data sets, but we'll look to make sure we're fully clear how it might be impacted.

KlausLoeffelmann commented 2 months ago

Yes, this is definitely something we need to test intensively.

MagicAndre1981 commented 2 weeks ago

What is the current state now that BinaryFormatter was removed from runtime and moved to System.Runtime.Serialization.Formatters nuget?

Do you use this nuget now for Winforms if you can't removed BF until deadline for .net9? What impact will this have to WinForm Devs? Do we also need to enable it in the csproj of the winforms project?

<EnableUnsafeBinaryFormatterSerialization>true</EnableUnsafeBinaryFormatterSerialization>

JeremyKuhne commented 4 days ago

Marking as 10 for remaining work.

MagicAndre1981 commented 3 days ago

@JeremyKuhne and what happens in .NET9? Will the nuget be referenced automatically when UseWinForms is set in csproj?

JeremyKuhne commented 3 days ago

@MagicAndre1981 the package will not be referenced automatically. Anything that could be moved away from the BinaryFormatter has been. Remaining (.NET 10) work is to improve diagnostics for guidance when you're potentially hitting BinaryFormatter paths and adding of new API to reduce risk when you're using the BinaryFormatter with custom types on the clipboard and with drag/drop.

More detailed guidance documents are being finalized and will be posted soon. @lonitra