Breaking Changes
Pickle deserialization is now restricted to safe built-in types only. This mitigates CVE-2025-69872, which allowed arbitrary code execution when an attacker with write access to the cache directory injected a crafted pickle payload.
The following types are permitted during deserialization:
- Python builtins:
int,float,str,bytes,bytearray,list,dict,tuple,set,frozenset,complex,range,slice,object,bool,None collections:OrderedDict,defaultdict,dequedatetime:date,datetime,time,timedelta,timezonedecimal.Decimalfractions.Fractionuuid.UUID
All other types will raise
UnpicklingErroron read.- Python builtins:
There is no opt-out mechanism. Users who need to cache custom types have two migration paths:
Use
JSONDiskfor JSON-serializable data:cache = Cache('/tmp/my-cache', disk=JSONDisk)Subclass
Diskand overrideget()andfetch()with a custom serialization strategy appropriate for your data.
New Features
- Added
SafeUnpicklerclass for restricted pickle deserialization. - Added
UnpicklingErrorexception raised when a disallowed type is encountered during deserialization.
Internal
SAFE_PICKLE_CLASSESusesfrozensetvalues to prevent runtime modification.
- Previous release (see git history for details).