id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	blockedby	blocking	notify_on_close	platform	project
4347	blastprotein uses notoriously insecure pickle in session data	Greg Couch	Greg Couch	Sessions should only contain primitive data.  pickle create objects directly during deserialization and is known to be insecure.  See https://nedbatchelder.com/blog/202006/pickles_nine_flaws.html as well as many other published articles.	defect	closed	blocker	1.2	Sessions		fixed		Eric Pettersen				all	ChimeraX