SYSLIB0011: BinaryFormatter serialization is obsolete

Article
09/12/2023

Due to security vulnerabilities in BinaryFormatter, the following APIs were marked as obsolete in .NET 5. Using them in code generates warning or error SYSLIB0011 at compile time.

Starting in .NET 8, BinaryFormatter.Serialize and BinaryFormatter.Deserialize throw a NotSupportedException at run time on most project types. In addition, PreserializedResourceWriter.AddBinaryFormattedResource(String, Byte[], String) is obsolete as warning, and the following APIs are obsolete as error:

Workarounds

If you're using BinaryFormatter, you should migrate away from it due to its security and reliability flaws. For more information, see Deserialization risks in use of BinaryFormatter and related types and Preferred alternatives.

Suppress a warning

If you must use the obsolete APIs, you can suppress the warning/error in code or in your project file.

To suppress only a single violation, add preprocessor directives to your source file to disable and then re-enable the warning.

// Disable the warning.
#pragma warning disable SYSLIB0011

// Code that uses obsolete API.
// ...

// Re-enable the warning.
#pragma warning restore SYSLIB0011

To suppress all the SYSLIB0011 warnings in your project, add a <NoWarn> property to your project file.

<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
   ...
   <NoWarn>$(NoWarn);SYSLIB0011</NoWarn>
  </PropertyGroup>
</Project>

For more information, see Suppress warnings.

SYSLIB0011: BinaryFormatter serialization is obsolete

Workarounds

Suppress a warning

See also

Feedback

Additional resources