mirror of
https://github.com/craigerl/aprsd.git
synced 2026-02-25 02:30:05 -05:00
Walter Boring
202c689658
SECURITY FIX: Replace pickle.load() with json.load() to eliminate remote code execution vulnerability from malicious pickle files. Changes: - Update ObjectStoreMixin to use JSON instead of pickle - Add PacketJSONDecoder to reconstruct Packet objects from JSON - Change file extension from .p to .json - Add warning when old pickle files detected - Add OrderedDict restoration for PacketList - Update all tests to work with JSON format Users with existing pickle files must run: aprsd dev migrate-pickle Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>