This tiny library tries to fix several known BinaryFormatter vulnerabilities.
See ysoserial.net project for details.
// bad: deserialization can trigger arbitrary code execution
var fmt = new BinaryFormatter();
var object = fmt.Deserialize(stream);
// better: deserialization is checked against known vulnerabilities
var fmt = new BinaryFormatter();
fmt.Binder = new SafeSerializationBinder();
var object = fmt.Deserialize(stream);TODO: publish a Nuget package