Till very recently, we have been using v3.x of Mysql JDBC Driver in our application. Our application stores serialized objects as bytes in a blob field in Mysql. When we tried to read the data from the field using resultset.getObject(), Mysql Driver threw a ClassNotFoundException as at that particular instance, the class of the serialized object was not present in the classpath.

On investigating further, we learnt that Mysql reads the first 2 bytes of the data in the field and if it finds that it is a byte array representation of a serialized object, it AUTOMATICALLY attempts to deserialize the object, which is quite unexpected of Mysql to do because there is no guarantee that the serialized object’s class would be present in the classpath.

Thankfully, what we found is that the latest version of Mysql JDBC Driver v5.1.6 does not have this problem. And the behaviour is controlled by a property that is available in the mysql connection object called “autoDeserialize”. Thankfully, the default value of the property is “false”.