Re: [Django] #35905: Sign (or encrypt) pickle cache traffic to protect against remote code execution through cache takeover
3 views
Skip to first unread message
Django
Jul 14, 2025, 7:21:19 PM7/14/25
to django-...@googlegroups.com
#35905: Sign (or encrypt) pickle cache traffic to protect against remote code
execution through cache takeover
-------------------------------------+-------------------------------------
Reporter: Sebastian Pipping | Owner: (none)
Type: New feature | Status: closed
Component: Core (Cache system) | Version: dev
Severity: Normal | Resolution: wontfix
Keywords: cache security | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tim Graham):
I created the Django forum thread [https://forum.djangoproject.com/t
/adding-optional-signing-of-cache-data/41820 Adding optional signing of
cache data] to discuss this proposal.
--
Ticket URL: <https://code.djangoproject.com/ticket/35905#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
execution through cache takeover
-------------------------------------+-------------------------------------
Reporter: Sebastian Pipping | Owner: (none)
Type: New feature | Status: closed
Component: Core (Cache system) | Version: dev
Severity: Normal | Resolution: wontfix
Keywords: cache security | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tim Graham):
I created the Django forum thread [https://forum.djangoproject.com/t
/adding-optional-signing-of-cache-data/41820 Adding optional signing of
cache data] to discuss this proposal.
--
Ticket URL: <https://code.djangoproject.com/ticket/35905#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Reply all
Reply to author
Forward
0 new messages