v1.5.2-preview

About Pandas
Pandas, a Python package, aims to be the fundamental high-level building block for doing practical, real world data analysis in Python. Additionally, it has the broader goal of becoming the most powerful and flexible open source data analysis / manipulation tool available in any language.

Pandas Modifications - Clean Dependency Project
However, because Pandas relies on Python’s data pickling capabilities, there are scenarios where an attacker could execute code remotely. Fortunately, there are steps a developer can take to prevent remote code execution attacks, which requires training your software engineers on best practices.

To aid the effort of reducing the attack surface area and the potential for human error, we have released a patch for Pandas that uses Python’s find_class method to deny the use of classes and functions or only allow those specified by the developer. The patches include documentation on how to customize the list according to specific application development needs. This means that the only way Pandas can import a particular class or function is if the developer specifically adds it to the allow list, reducing the possibility of inadvertently releasing vulnerable code.

Licensed under BSD, this software patch is provided as is without any warranty of any sort. We think our version is more reliable, but it is by no means fail-safe.