Re: [Django] #29708: Deprecate PickleSerializer and move it out of core

2023-01-17 Thread Django 
#29708: Deprecate PickleSerializer and move it out of core
-+-
 Reporter:  Alex Gaynor  |Owner:  Adam
 Type:   |  Johnson
  Cleanup/optimization   |   Status:  closed
Component:  contrib.sessions |  Version:  dev
 Severity:  Normal   |   Resolution:  fixed
 Keywords:   | Triage Stage:  Ready for
 |  checkin
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Mariusz Felisiak ):

 In [changeset:"b119f4329c2a4878f1c72f4d25d193d080792f62" b119f43]:
 {{{
 #!CommitTicketReference repository=""
 revision="b119f4329c2a4878f1c72f4d25d193d080792f62"
 Refs #29708 -- Removed PickleSerializer per deprecation timeline.
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/01070185bf59571c-1888c2ce-73ba-4e42-a8fe-2b582291d0c8-00%40eu-central-1.amazonses.com.

Re: [Django] #29708: Deprecate PickleSerializer and move it out of core

2022-01-13 Thread Django 
#29708: Deprecate PickleSerializer and move it out of core
-+-
 Reporter:  Alex Gaynor  |Owner:  Adam
 Type:   |  Johnson
  Cleanup/optimization   |   Status:  closed
Component:  contrib.sessions |  Version:  dev
 Severity:  Normal   |   Resolution:  fixed
 Keywords:   | Triage Stage:  Ready for
 |  checkin
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Mariusz Felisiak ):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In [changeset:"45a42aabfa1a86d1806bec93b31ef6ed7ccd51a7" 45a42aa]:
 {{{
 #!CommitTicketReference repository=""
 revision="45a42aabfa1a86d1806bec93b31ef6ed7ccd51a7"
 Fixed #29708 -- Deprecated PickleSerializer.
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/062.e0533382a6cafc53e475a6c193a726a4%40djangoproject.com.

Re: [Django] #29708: Deprecate PickleSerializer and move it out of core

2022-01-13 Thread Django 
#29708: Deprecate PickleSerializer and move it out of core
-+-
 Reporter:  Alex Gaynor  |Owner:  Adam
 Type:   |  Johnson
  Cleanup/optimization   |   Status:  assigned
Component:  contrib.sessions |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Ready for
 |  checkin
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Mariusz Felisiak ):

 In [changeset:"c6cb5a0277fce1b87a4b417002289c31f0ee44bc" c6cb5a02]:
 {{{
 #!CommitTicketReference repository=""
 revision="c6cb5a0277fce1b87a4b417002289c31f0ee44bc"
 Refs #29708 -- Stopped inheriting from PickleSerializer by
 RedisSerializer.
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/062.6077f31121b49f53a8908da4f9d1aada%40djangoproject.com.

Re: [Django] #29708: Deprecate PickleSerializer and move it out of core

2022-01-13 Thread Django 
#29708: Deprecate PickleSerializer and move it out of core
-+-
 Reporter:  Alex Gaynor  |Owner:  Adam
 Type:   |  Johnson
  Cleanup/optimization   |   Status:  assigned
Component:  contrib.sessions |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Ready for
 |  checkin
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Mariusz Felisiak ):

 In [changeset:"436862787cbdbd68b0ba20ed8c23b295e3679df3" 43686278]:
 {{{
 #!CommitTicketReference repository=""
 revision="436862787cbdbd68b0ba20ed8c23b295e3679df3"
 Refs #29708 -- Made SessionBase store expiry as string.
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/062.8f4d14312dec4eefea38f4731b447565%40djangoproject.com.

Re: [Django] #29708: Deprecate PickleSerializer and move it out of core

2022-01-13 Thread Django 
#29708: Deprecate PickleSerializer and move it out of core
-+-
 Reporter:  Alex Gaynor  |Owner:  Adam
 Type:   |  Johnson
  Cleanup/optimization   |   Status:  assigned
Component:  contrib.sessions |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Ready for
 |  checkin
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Mariusz Felisiak):

 * needs_better_patch:  1 => 0
 * stage:  Accepted => Ready for checkin


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/062.4141dc4d1e1820702e66323cd6c32770%40djangoproject.com.

Re: [Django] #29708: Deprecate PickleSerializer and move it out of core

2020-01-30 Thread Django 
#29708: Deprecate PickleSerializer and move it out of core
-+-
 Reporter:  Alex Gaynor  |Owner:  Adam
 Type:   |  (Chainz) Johnson
  Cleanup/optimization   |   Status:  assigned
Component:  contrib.sessions |  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  1
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Adam (Chainz) Johnson):

 * status:  new => assigned
 * needs_better_patch:  0 => 1
 * version:  2.1 => master
 * owner:  nobody => Adam (Chainz) Johnson
 * has_patch:  0 => 1
 * stage:  Someday/Maybe => Accepted


Comment:

 I've solved pickle problems for a couple clients so I thought it's worth
 picking this up.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/062.2db30612a067a6f1aaac47b07efba00b%40djangoproject.com.

Re: [Django] #29708: Deprecate PickleSerializer and move it out of core

2018-08-29 Thread Django 
#29708: Deprecate PickleSerializer and move it out of core
-+-
 Reporter:  Alex Gaynor  |Owner:  nobody
 Type:   |   Status:  new
  Cleanup/optimization   |
Component:  contrib.sessions |  Version:  2.1
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:
 |  Someday/Maybe
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Adam (Chainz) Johnson):

 * cc: Adam (Chainz) Johnson (added)


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/062.7950d4a11ec5d0ff2f71a77b72db6381%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #29708: Deprecate PickleSerializer and move it out of core

2018-08-25 Thread Django 
#29708: Deprecate PickleSerializer and move it out of core
-+-
 Reporter:  Alex Gaynor  |Owner:  nobody
 Type:   |   Status:  new
  Cleanup/optimization   |
Component:  contrib.sessions |  Version:  2.1
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:
 |  Someday/Maybe
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Tim Graham):

 * component:  Uncategorized => contrib.sessions
 * type:  Uncategorized => Cleanup/optimization
 * stage:  Unreviewed => Someday/Maybe


Comment:

 [https://groups.google.com/d/topic/django-
 developers/FR0Eu9QgynY/discussion django-developers thread]

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/062.b42551404a0b8e46b80c4dc4817c0430%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

[Django] #29708: Deprecate PickleSerializer and move it out of core

2018-08-24 Thread Django 
#29708: Deprecate PickleSerializer and move it out of core
-+
   Reporter:  Alex Gaynor|  Owner:  nobody
   Type:  Uncategorized  | Status:  new
  Component:  Uncategorized  |Version:  2.1
   Severity:  Normal |   Keywords:
   Triage Stage:  Unreviewed |  Has patch:  0
Needs documentation:  0  |Needs tests:  0
Patch needs improvement:  0  |  Easy pickings:  0
  UI/UX:  0  |
-+
 Pickle serializer has long been known to be dangerous. This is mitigated
 by requiring MAC on pickle in cookies, but nevertheless, RCEs continue to
 happen: https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a
 -facebook-server/

 To further discourage it's use, we should consider deprecating
 PickleSerializer and moving it into a third party package.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/047.c1058609ea634db88548de01e49aa46b%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.