Problem
Potential insecure default de/serialization(JdkSerializationRedisSerializer) for entries values.
Suggestion
Make the JSON value de/serializer as the default config for RedisCache and RedisTemplate.
Comment From: quaff
JDK serialization is safe if no gadgets on the classpath or the input is from trusted source, so you should protect your redis server not hacked by attackers, and it's a breaking change that will broke compatibility.
Suggestion
Customize your own RedisSerializer if you think it's insecure.