#1c5a24 introduced a strict check on unserialize() within Route.php, which is good for security. However, it causes a failure if the compiled route's class is anything other than CompiledRoute. This is the case in Drupal, where the serialized object of a route requires \Drupal\Core\Routing\CompiledRoute.

Might I suggest adding the ability to set the list of allowed classes somehow?