It is now possible to monitor deserialization of objects using JDK Flight Recorder (JFR). When JFR is enabled and the JFR configuration includes deserialization events, JFR will emit an event whenever the running program attempts to deserialize an object. The deserialization event is named `jdk.Deserialization`, and it is disabled by default. The deserialization event contains information that is used by the serialization filter mechanism; see the [ObjectInputFilter](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/io/ObjectInputFilter.html) specification. Additionally, if a filter is enabled, the JFR event indicates whether the filter accepted or rejected deserialization of the object. For further information about how to use the JFR deserialization event, see the article [Monitoring Deserialization to Improve Application Security](https://inside.java/2021/03/02/monitoring-deserialization-activity-in-the-jdk/). For reference information about using and configuring JFR, see the [JFR Runtime Guide](https://docs.oracle.com/javacomponents/jmc-5-5/jfr-runtime-guide/preface_jfrrt.htm#JFRRT165) and [JFR Command Reference](https://docs.oracle.com/javacomponents/jmc-5-5/jfr-command-reference/command-line-options.htm#JFRCR-GUID-FE61CA60-E1DF-460E-A8E0-F4FF5D58A7A0) sections of the JDK Mission Control documentation.