Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes the MSB3825 warning code.
Message text
MSB3825: Resource 'value' of type 'value' may be deserialized via BinaryFormatter at runtime. BinaryFormatter is deprecated due to known security risks and is removed from .NET 9+. If you wish to continue using it, set property 'GenerateResourceWarnOnBinaryFormatterUse' to false. More information: https://aka.ms/binaryformatter-migration-guide
Description
This warning occurs with .NET 8 and earlier. The deprecated .NET type BinaryFormatter, previously commonly used for serializing and deserializing arbitrary .NET types, isn't considered secure, because it allows arbitrary .NET types to be injected into an assembly via the deserialization process.
.NET 9 handles BinaryFormatter using a secure algorithm, so there's no issue when using .NET 9.
Resolution
If you upgrade to .NET 9, you won't get this warning for resources, but may have to implement another solution if another part of your code uses BinaryFormatter. See the migration guide for alternatives to BinaryFormatter.
For .NET 8 and earlier, you can suppress the warning either by setting the GenerateResourceWarnOnBinaryFormatterUse property to false, as mentioned in the message, or by setting the $(NoWarn) property to a property group in your project file, as follows:
<PropertyGroup>
<!-- other properties -->
<GenerateResourceWarnOnBinaryFormatterUse>false<GenerateResourceWarnOnBinaryFormatterUse>
<!-- or -->
<NoWarn>$(NoWarn);MSB3825</NoWarn>
</PropertyGroup>
Applies to
All recent versions of MSBuild