Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
It's already there? Except it still uses Unpickle, just overloading it to skip at least one problematic thing. I believe (I am not an expert), it using 'GLOBAL' is still a problem.
I tested the Anything V3 pruned from Hugging Face, and indeed nothing funny in its pickle. I used the Fickling library to decompile it. I do not use Windows so my interests in .ckpt security are largely related to Pickle exploits— which could extract malicious code from a data file and then do something with it, but the data files themselves are not executed. I will edit this comment with lines referencing that data file.