Hyperion's serialization configuration setting `disallow-unsafe-type = false` has no effect

[jonnydee]

Version Information

• Version of Akka.NET: 1.4.33
• Akka.NET Modules: Akka, Akka.Remote

Bug Description

I allowed deserialization of unsafe types by explicitly by using Hyperion's configuration setting akka.actor.serialization-settings.hyperion.disallow-unsafe-type = false in the Actor System configuration but unsafe types are still not allowed to be deserialized.

Steps to Reproduce

1. Create two Actor Systems with remoting enabled and Hyperion configured as serializer.
2. Make sure that the Actor System which is supposed to receive an unsafe type is configured with akka.actor.serialization-settings.hyperion.disallow-unsafe-type = false.
3. Let the other Actor System send a message with an unsafe type to the one which is supposed to allow the deserialization of unsafe types.
4. The receiving Actor System still prevents deserialization of the unsafe type and indicates this also in the application log.

Expected behavior

If on the receiving Actor System unsafe types are allowed a message with an unsafe type should be deserialized (and, as a result, be receivable by some actor).

Actual behavior

The receiving Actor System cannot receive messages with unsafe types even though its configuration should allow it.

Environment

• Windows 10
• .NET Framework 4.8

Additional context

There was a discussion on Gitter going on where this apparently buggy behavior was discussed here and here. Please note also the thread associated with the latter comment.

[Aaronontheweb]

@Arkatufus probably need a negative regression test inside Akka.Serialization.Hyperion test suite - need to validate that a harmful message can't make it over the wire inside our test suite running the defaults.