CodeQL documentation

Incorrect serialVersionUID field

ID: java/incorrect-serial-version-uid
Kind: problem
Severity: warning
Precision: medium
   - reliability
   - maintainability
   - language-features
Query suites:
   - java-security-and-quality.qls

Click to see the query in the CodeQL repository

A serializable class that uses the serialVersionUID field to act as an object version number must declare the field to be final, static, and of type long for it to be used by the Java serialization framework.


Make sure that the serialVersionUID field in a serialized class is final, static, and of type long.


In the following example, WrongNote defines serialVersionUID using the wrong type, so that it is not used by the Java serialization framework. However, Note defines it correctly so that it is used by the framework.

class WrongNote implements Serializable {
	// BAD: serialVersionUID must be static, final, and 'long'
	private static final int serialVersionUID = 1;

class Note implements Serializable {
	// GOOD: serialVersionUID is of the correct type
	private static final long serialVersionUID = 1L;