Closed westurner closed 6 years ago
I'm not sure what action you are requesting here.
It may be appropriate to link to the Python documentation regarding the utilization of Pickle.
I would happily approve a patch that adds this warning to zodbpickle's documentation (e.g. README.rst).
From http://docs.python.org/2/library/pickle.html#pickle-python-object-serialization
Upon unserialization (
.loads
,.load
), Python Pickles may execute arbitrary code.Because of the warning in the Python documentation, this functionality of Pickle is not an:
References: