OK, the first time I clicked on the links I didn't see any specific reasons but now I do. It's also interesting that you had the same concerns I have. I'll have to go through my code and see if there's anything non-JSONable in it now, or if I just switched back to pickle because it was the default.
Is there a timeline for Pyramid 2? 2018 or 2019? On Tue, Sep 25, 2018 at 8:18 AM Michael Merickel <[email protected]> wrote: > > On Tue, Sep 25, 2018 at 10:09 AM Mike Orr <[email protected]> wrote: >> >> On Mon, Sep 24, 2018 at 3:21 PM Michael Merickel <[email protected]> wrote: >> > We'd deprecate it in 1.10 and remove it in 2.0 as we're planning to do >> > with pickle-based sessions [2]. >> >> Why are pickle-based sessions being removed? I switched my serializers >> to JSON but later switched them back because it was useful to have the >> ability to cache non-JSONable objects in sessions. > > > You can read the security concerns in the pull request I linked. You're > welcome to keep using pickle sessions (they support everything JSON > supports), but Pyramid will be moving to only requiring JSON. > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/pylons-discuss/CAKdhhwG_bKb%2B_pZKdAd%2B-fu4NiFYcH7qxOEpDO1vQvr4YCr_Zg%40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout. -- Mike Orr <[email protected]> -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAH9f%3Duop_scissPmMu_USadQveQdMOO1bAdeT2UPNzcVMHMvpg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
