diff --git a/protege-editor-core/src/main/java/org/protege/editor/core/log/LogPreferences.java b/protege-editor-core/src/main/java/org/protege/editor/core/log/LogPreferences.java
index e1b9579c7..336a55634 100644
--- a/protege-editor-core/src/main/java/org/protege/editor/core/log/LogPreferences.java
+++ b/protege-editor-core/src/main/java/org/protege/editor/core/log/LogPreferences.java
@@ -135,12 +135,13 @@ public static byte[] serialize(Object obj) throws IOException {
 	}
 
 	public static Object deserialize(byte[] bytes)
-			throws IOException, ClassNotFoundException {
-		try (ByteArrayInputStream b = new ByteArrayInputStream(bytes)) {
-			try (ObjectInputStream o = new ObjectInputStream(b)) {
-				return o.readObject();
-			}
-		}
+        throws IOException, ClassNotFoundException {
+	    try (ByteArrayInputStream b = new ByteArrayInputStream(bytes);
+	         ValidatingObjectInputStream o = new ValidatingObjectInputStream(b)) {
+	        // Only allow specific classes to be deserialized
+	        o.accept(LinkedList.class, LogMutation.class, HashMap.class, String.class);
+	        return o.readObject();
+	    }
 	}
 
 }