ML serialization security default
PyTorch torch.load weights_only safe_globals documentation
The visible fix seems obvious, but the task requires preserving safe loading for user-supplied files.
Agent Quick Fix
Repair against the current PyTorch contract, then keep the change narrow and source-backed.
Product: PyTorch
Current-contract area: Blanket weights_only=False would violate untrusted-checkpoint requirement
Likely root cause: The visible fix seems obvious, but the task requires preserving safe loading for user-supplied files.
Repair direction: Verifier checks the narrow safe allow-list or weights-only migration and rejects a global unsafe load. Reject global unsafe deserialization and verify the intended tensor values.Symptom
The visible fix seems obvious, but the task requires preserving safe loading for user-supplied files.
Why This Happens
The checkpoint is locally opaque and the loader call is unchanged; only the library's new security default explains why trusted custom objects no longer deserialize.
Common Wrong Fixes
- Changing local code without checking the current external contract.
- Retrying the same install, build, or API call with no version/source change.
- Applying a broad unsafe bypass when a narrow compatibility fix is available.
Codex Search Keywords
These are the search terms observed in a neutral Codex validation run for this failure shape.
PyTorch torch.load weights_only safe_globals documentation
site:pytorch.org/docs/stable torch.load weights_only safe_globals
https://pytorch.org/docs/stable/generated/torch.load.html
https://docs.pytorch.org/docs/stable/generated/torch.load.html
'weights_only' in https://docs.pytorch.org/docs/2.12/generated/torch.load.html