search for: unserializedata

...should not be <...> used". Do you think there is a way to recreate an environment, taking the REFSXP entries into account, without `parent.env<-`? Would you recommend to abandon the folly of unserializing environments manually? -- Best regards, Ivan [1] https://codeberg.org/aitap/unserializeData/src/commit/33d72705c1ee265349b3e369874ce4b47f9cd358/R/unserialize.R#L289-L313

On Sat, 11 May 2024, Peter Langfelder wrote: > On Sat, May 11, 2024 at 9:34?AM luke-tierney--- via R-devel > <r-devel at r-project.org> wrote: >> >> On Sat, 11 May 2024, Travers Ching wrote: >> >>> The following code snippet causes R to hang. This example might be a >>> bit contrived as I was experimenting and trying to understand >>>

All, There seems to be a hullaboo about a vulnerability in R when deserializing untrusted data: https://hiddenlayer.com/research/r-bitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2024-27322 https://www.kb.cert.org/vuls/id/238194 Apparently a fix was made for R 4.4.0, but I see no mention of it in the changes report: https://cloud.r-project.org/bin/windows/base/NEWS.R-4.4.0.html