Just raising it........ does the current build in the UnsafeAllocator.java (or anywhere else) contain a useage of ObjectInputStream that enables the current dangerous exploit, as detailed here?

https://blog.mmpa.info/posts/bleeding-pipe/

No.