Add security warning to serializer extension

Change-Id: I5c7c076bc93fc250c05f7996e83359d19d1f3214
(cherry picked from commit 447249e8628ff849758c1a9cdf822ae060b7cb8b)

diff --git a/lib/sqlalchemy/ext/serializer.py b/lib/sqlalchemy/ext/serializer.py
index 094b71b0039a32eed3e5cef4a3baabb4aabe591b..2b2ee79779bc72bfa63e58632283bdd86adcbaee 100644 (file)
--- a/lib/sqlalchemy/ext/serializer.py
+++ b/lib/sqlalchemy/ext/serializer.py
@@ -14,6 +14,11 @@ etc. which are referenced by the structure are not persisted in serialized
 form, but are instead re-associated with the query structure
 when it is deserialized.
 
+.. warning:: The serializer extension uses pickle to serialize and
+   deserialize objects, so the same security consideration mentioned
+   in the `python documentation
+   <https://docs.python.org/3/library/pickle.html>`_ apply.
+
 Usage is nearly the same as that of the standard Python pickle module::
 
     from sqlalchemy.ext.serializer import loads, dumps