Merge pull request #206 from fpapon/XMLSerializer
Deprecate unsecure XMLSerializer
diff --git a/lang/src/main/java/org/apache/shiro/io/XmlSerializer.java b/lang/src/main/java/org/apache/shiro/io/XmlSerializer.java
index 12c2a39..583a8ce 100644
--- a/lang/src/main/java/org/apache/shiro/io/XmlSerializer.java
+++ b/lang/src/main/java/org/apache/shiro/io/XmlSerializer.java
@@ -32,8 +32,9 @@
* <p/>
* <b>NOTE:</b> The JavaBeans XMLEncoder/XMLDecoder only successfully encode/decode objects when they are
* JavaBeans compatible!
- *
+ *
* @since 0.9
+ * @deprecated This class should not be used directly because of unsecure XMLEncoder/XMLDecoder usage.
*/
public class XmlSerializer implements Serializer {