Fix CVE-2020-9493 and CVE-2022-23307 (Chainsaw deserialization)

[ceki]

Here are some relevant links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9493 https://nvd.nist.gov/vuln/detail/CVE-2022-23307 https://lists.apache.org/thread/rx0hpjow5csq05r93cyvntj9ry19tm9y

The issue seems to stem from uncontrolled deserialization.

[ceki]

Fixed in 64902fe18ce5 by hardening the code and not removing it.