2 files changed, 3 insertions, 2 deletions

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java
index 1924e165..ebeeddb4 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java
@@ -54,7 +54,8 @@ public class EaafObjectInputStream extends ObjectInputStream {
         throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
 
       } else if (objectDeep > 0
-          && !(isValidClassType(clazz) || Object.class.getName().equals(desc.getName()))) {
+          && !(isValidClassType(clazz) || Object.class.getName().equals(desc.getName())
+              || Object[].class.getName().equals(desc.getName()))) {
         throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
 
       } else {
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java
index efb4c9be..49b992f6 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java
@@ -84,7 +84,7 @@ public class EaafSerializationUtils {
    * allow-list.<br>
    * <b>Hint:</b> Do NOT set {@link Object} as allowed class, because any class is
    * an super-type of {@link Object}. This method implementation allows
-   * {@link Object} as explicit type with strict check-mode.
+   * {@link Object} and Object[] as explicit type with strict check-mode.
    * </p>
    *
    * @param bytes            a serialized object