andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-05-05 17:22:36 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity
Files
c1ae3da1cd99885d81341d3a417cd44e6fb5a29b
crewAI/lib/crewai-files/tests
History
Devin AI 614354df4c fix: replace insecure pickle deserialization with JSON serialization 
Fixes #4746 - Security: Insecure Pickle Deserialization enables Arbitrary Code Execution

- Replace pickle.load/dump with json.load/dump in PickleHandler (file_handler.py)
- Add backward compatibility to auto-migrate legacy .pkl files to .json
- Replace PickleSerializer with JSON-based _CachedUploadSerializer in upload_cache.py
- Replace PickleSerializer with JsonSerializer in file_store.py and agent_card.py
- Update and add comprehensive security tests for all changes

Co-Authored-By: João <joao@crewai.com>
2026-03-06 15:19:49 +00:00
..
fixtures
feat: native multimodal file handling; openai responses api
2026-01-23 15:13:25 -05:00
processing
feat: native multimodal file handling; openai responses api
2026-01-23 15:13:25 -05:00
test_file_url.py
feat: native multimodal file handling; openai responses api
2026-01-23 15:13:25 -05:00
test_resolved.py
feat: native multimodal file handling; openai responses api
2026-01-23 15:13:25 -05:00
test_resolver.py
feat: native multimodal file handling; openai responses api
2026-01-23 15:13:25 -05:00
test_upload_cache.py
fix: replace insecure pickle deserialization with JSON serialization
2026-03-06 15:19:49 +00:00