Fixed #551 by validating the server side is configured to allow pickle and bumped version for major release to 6.

Author: comrumino

Diff for: CHANGELOG.rst

@@ -1,3 +1,11 @@
+6.0.0
+=====
+Date: 2024-02-23
+
+- `#551`_ Resolves security issue that results in RCE. The fix breaks backwards compatibility for those that rely on the `__array__` attribute used by `numpy`. This RCE is only exploitable when the server-side gets the attribute `__array__` and calls it (e.g., `np.array(x)`). This issues effects all versions since major release 4.
+
+.. _#551: https://github.com/tomerfiliba-org/rpyc/issues/551
+
 5.3.1
 =====
 Date: 2023-02-21

Diff for: rpyc/core/netref.py

@@ -251,6 +251,9 @@ def method(self, start, stop, *args):
         def __array__(self):
             # Note that protocol=-1 will only work between python
             # interpreters of the same version.
+            if not object.__getattribute__(self,'____conn__')._config["allow_pickle"]:
+                # Security check that server side allows pickling per #551
+                raise ValueError("pickling is disabled")
             return pickle.loads(syncreq(self, consts.HANDLE_PICKLE, -1))
         __array__.__doc__ = doc
         return __array__

Diff for: rpyc/version.py

@@ -1,3 +1,3 @@
-__version__ = '5.3.1'
+__version__ = '6.0.0'
 version = tuple(__version__.split('.'))
-release_date = "2023-02-21"
+release_date = "2024-02-23"