experimental/cpu/: pyarrow-hotfix-0.6 metadata and description
| author_email | Antoine Pitrou <antoine@python.org> |
| classifiers |
|
| description_content_type | text/x-rst |
| license | Apache License, Version 2.0 |
| project_urls |
|
| requires_python | >=3.5 |
| File | Tox results | History |
|---|---|---|
pyarrow_hotfix-0.6-py3-none-any.whl
|
|
Description
This is a hotfix for the PyArrow security vulnerability CVE-2023-47248.
We generally recommend upgrading to PyArrow 14.0.1 or later, but if you cannot upgrade, this package disables the vulnerability on older versions.
Installation
Use pip to install:
pip install pyarrow_hotfixUsage
pyarrow_hotfix must be imported in your application or library code for it to take effect:
import pyarrow_hotfixSupported versions
pyarrow_hotfix supports all Python versions starting from Python 3.5, and all PyArrow versions starting from 0.14.0.
Dependencies
pyarrow_hotfix is a pure Python package that does not have any explicit dependencies, and assumes you have installed pyarrow through other means (such as pip or conda).
Example
>>> import pyarrow as pa
>>> import pyarrow_hotfix
>>>
>>> pa.ipc.open_file('data.arrow')
Traceback (most recent call last):
[ ... ]
RuntimeError: forbidden deserialization of 'arrow.py_extension_type': storage_type = null, serialized = b"\x80\x03cbuiltins\neval\nq\x00X\x15\x00\x00\x00print('hello world!')q\x01\x85q\x02Rq\x03.", pickle disassembly:
0: \x80 PROTO 3
2: c GLOBAL 'builtins eval'
17: q BINPUT 0
19: X BINUNICODE "print('hello world!')"
45: q BINPUT 1
47: \x85 TUPLE1
48: q BINPUT 2
50: R REDUCE
51: q BINPUT 3
53: . STOP
highest protocol among opcodes = 2License
Like pyarrow, pyarrow_hotfix is distributed under the terms of the Apache License, version 2.0.