Public bug reported:
The python-yaml module's load function is remarkably unsafe, allowing
yaml code to instantiate arbitrary python objects of arbitrary class or
type. Hidden away in the documentation is a safe_load() function, which
is the one nearly everyone wants to use to process yaml being
Have you checked to see what your proposed change might break? pyyaml is used
in a wide variety of settings and such a backward incompatible change seems
risky. Perhaps improving the documentation about which to use when would be a
better approach?
--
You received this bug notification
