I have a code snippet where I getting critical code smell from sonar because exception implements serializable. This code work fine in production for a long time and I can't see any issues from Sonar doc: "For instance, under load, most J2EE application frameworks flush objects to disk, and an allegedly Serializable object with non-transient, non-serializable data members could cause program crashes". Do you face with code crashes in your application with this sonar issue?
If you don't plan to de/serialize the entries field use the transient keyword:
private final transient List<Objects> entries = new ArrayList<>();
Otherwise, you have to implement a custom de/serialization, however, I am not sure it would resolve the Sonar issue. The keyword transient does resolve the Sonar issue.
J2EE application frameworks flush objects to disk
It depends whether the object OuterException itself is actually de/serialized. I doubt J2EE serializes custom objects made by yourself without being told to do so. Actually, feel free to close the issue with the "Won't Fix" resolution and an appropriate comment, which is no wrong.
