When you set an Overview Policy in the Coverage parameters to any of the options, the parameter type is set to the full class name i.e. <org.geotools.coverage.grid.io.OverviewPolicy>QUALITY</org.geotools.coverage.grid.io.OverviewPolicy> as opposed to in earlier versions of Geoserver where this would be <string>QUALITY<string>.
This raises a Caused by: org.geoserver.config.util.SecureXStream$ForbiddenClassExceptionEx: Unauthorized class found, see logs for more details on how to handle it: org.geotools.coverage.grid.io.OverviewPolicy.
See full log:
This causes the coverage layer to be deleted from the catalog configuration upon catalog config reload or restart of geoserver.
This issue is likely related to GEOS-8642 which mention boolean being confused with string for some cases.