If you have a class which (directly or indirectly) implements
java.io.Externalizable, it must have a public no-argument constructor. This
constructor is called during deserialization. Therefore it ought to be reported
if you perform Find Usages on the constructor. Similarly, Delete Safely should
prevent you from accidentally deleting this constructor, and Change Method
Parameters should prevent you from adding arguments or changing its visibility
to something other than public.
Ideally, refactoring features should also understand that for
java.io.Serializable classes, matching readResolve, writeReplace, readObject,
and writeObject methods are special, and so something like "<used during
(de)serialization>" should appear as a special search hit in Find Usages, and
Change Method Parameters should not permit changing arguments or return type
(though changing visibility is OK and deleting these methods is also OK).
Somewhat related is that code completion in the main class body for Serializable
classes should offer those four special methods as possible "overrides" so you
do not have to remember the exact method signature.
Currently refactoring module works only on language level. This type of checks
are library dependent and requires some semantic level of insight.
Serialization is more a core part of the language than an arbitrary library,
even more so than most of the Java platform. Consider that deserializing an
object can bypass all its constructors, which is something you cannot otherwise
do outside JNI even using reflection.
This old bug may not be relevant anymore. If you can still reproduce it in 8.2 development builds please reopen this issue.
Thanks for your cooperation,
NetBeans IDE 8.2 Release Boss