Suppose an instance of some non-array class C is serialized from VM1 to VM2, and
the package access of the class differs between the two VMs (e.g., VM1 has
loaded a version of C which is public, whereas VM2 has loaded a package-private
version). In this case, deserialization of C can still succeed provided that
C has declared an explicit serialVersionUID which is the same in both
reading and writing VMs.

However, if an array of C is written to the stream, then deserialization will
unavoidably fail with an InvalidClassException due to mismatched
serialVersionUIDs, since the package access of an array class follows that
of its component class, and package access affects default serialVersionUIDs
(which there is no way to override for array classes). The attached
example demonstrates this problem. Note that this problem has been present
in serialization since at least JDK 1.2.

One solution would be to disable serialVersionUID checks for array classes,
since such checks seem to serve little purpose, and are already bypassed
in cases where the array name differs between sender and received (such as
when a class has been moved from one package to another).