id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
29708	Deprecate PickleSerializer and move it out of core	Alex Gaynor	Adam Johnson	"Pickle serializer has long been known to be dangerous. This is mitigated by requiring MAC on pickle in cookies, but nevertheless, RCEs continue to happen: https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/

To further discourage it's use, we should consider deprecating PickleSerializer and moving it into a third party package."	Cleanup/optimization	closed	contrib.sessions	dev	Normal	fixed		Adam Johnson	Ready for checkin	1	0	0	0	0	0