diff --git a/src/taoensso/nippy.clj b/src/taoensso/nippy.clj index a1f4262..4b7cb7a 100644 --- a/src/taoensso/nippy.clj +++ b/src/taoensso/nippy.clj @@ -285,11 +285,8 @@ (defn thaw-from-stream! "Low-level API. Deserializes a frozen object from given DataInputStream to its original Clojure data type." - [data-input-stream & [{:keys [read-eval?]}]] - (if (identical? *read-eval* read-eval?) - (thaw-from-stream data-input-stream) - (binding [*read-eval* read-eval?] ; Expensive - (thaw-from-stream data-input-stream)))) + [data-input-stream] + (thaw-from-stream data-input-stream)) (defn- try-parse-header [ba] (when-let [[head-ba data-ba] (utils/ba-split ba 4)] @@ -300,11 +297,8 @@ (defn thaw "Deserializes a frozen object from given byte array to its original Clojure data type. Supports data frozen with current and all previous versions of - Nippy. For custom types extend the Clojure reader or see `extend-thaw`. - - WARNING: Enabling `:read-eval?` can lead to security vulnerabilities unless - you are sure you know what you're doing." - [^bytes ba & [{:keys [read-eval? password compressor encryptor legacy-opts readers] + Nippy. For custom types extend the Clojure reader or see `extend-thaw`." + [^bytes ba & [{:keys [password compressor encryptor legacy-opts readers] :or {legacy-opts {:compressed? true} compressor snappy-compressor encryptor aes128-encryptor} @@ -323,7 +317,7 @@ ba (if compressor (compression/decompress compressor ba) ba) stream (DataInputStream. (ByteArrayInputStream. ba))] - (thaw-from-stream! stream {:read-eval? read-eval?})) + (thaw-from-stream! stream)) (catch Exception e (cond @@ -461,8 +455,7 @@ :password nil})) (defn thaw-from-bytes "DEPRECATED: Use `thaw` instead." - [ba & {:keys [read-eval? compressed?] + [ba & {:keys [compressed?] :or {compressed? true}}] (thaw ba {:legacy-opts {:compressed? compressed?} - :read-eval? read-eval? :password nil})) \ No newline at end of file