SYSLIB0011: BinaryFormatter serialization is obsolete

Due to security vulnerabilities in BinaryFormatter, the following APIs are marked as obsolete, starting in .NET 5. Using them in code generates warning SYSLIB0011 at compile time.

• System.Exception.SerializeObjectState
• BinaryFormatter.Serialize
• BinaryFormatter.Deserialize
• Formatter.Serialize(Stream, Object)
• Formatter.Deserialize(Stream)
• IFormatter.Serialize(Stream, Object)
• IFormatter.Deserialize(Stream)

Workarounds

Consider using JsonSerializer or XmlSerializer instead of BinaryFormatter.

For more information about recommended actions, see Resolving BinaryFormatter obsoletion and disablement errors.

Suppress a warning

If you must use the obsolete APIs, you can suppress the warning in code or in your project file.

To suppress only a single violation, add preprocessor directives to your source file to disable and then re-enable the warning.

// Disable the warning.
#pragma warning disable SYSLIB0011

// Code that uses obsolete API.
// ...

// Re-enable the warning.
#pragma warning restore SYSLIB0011

To suppress all the SYSLIB0011 warnings in your project, add a <NoWarn> property to your project file.

<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
   ...
   <NoWarn>$(NoWarn);SYSLIB0011</NoWarn>
  </PropertyGroup>
</Project>

For more information, see Suppress warnings.

See also

• Resolving BinaryFormatter obsoletion and disablement errors
• BinaryFormatter serialization methods are obsolete and prohibited in ASP.NET apps