BuyLog In
Breaking Change T1032787
Visible to All Users

Reporting - An exception may be thrown when loading layouts with binary serialized objects

What Changed

We changed the XtraReport.LoadLayout overloaded methods' behavior.
These methods throw an exception on an attempt to load a layout that includes untrusted binary serialized object(s).

Reasons for Change

This change is required to correctly handle untrusted layouts.

Impact on Existing Apps

If your application handles untrusted layouts, the LoadLayout methods throw an exception.

How to Update Existing Apps

Do either of the following if your layouts contain binary serialized objects:

  • Remove unsafe binary serialized objects from your layouts.
  • Reporting uses a safety mechanism for all deserialization operations to improve security. An exception is thrown if a layout attempts to load an unsafe type. Review all unsafe type exceptions. If you trust a certain type, use the following code to enable deserialization:
    C#
    DevExpress.Utils.DeserializationSettings.RegisterTrustedClass(typeof(CustomClass));  
    Visual Basic
    DevExpress.Utils.DeserializationSettings.RegisterTrustedClass(GetType(CustomClass))

Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.