On Tue, Sep 25, 2018 at 10:09 AM Mike Orr <[email protected]> wrote:
> On Mon, Sep 24, 2018 at 3:21 PM Michael Merickel <[email protected]> > wrote: > > We'd deprecate it in 1.10 and remove it in 2.0 as we're planning to do > with pickle-based sessions [2]. > > Why are pickle-based sessions being removed? I switched my serializers > to JSON but later switched them back because it was useful to have the > ability to cache non-JSONable objects in sessions. > You can read the security concerns in the pull request I linked. You're welcome to keep using pickle sessions (they support everything JSON supports), but Pyramid will be moving to only requiring JSON. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAKdhhwG_bKb%2B_pZKdAd%2B-fu4NiFYcH7qxOEpDO1vQvr4YCr_Zg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
