當嘗試在Pytorch>=2.6.0的版本使用`torch.load()`載入模型的時候 會跳出這個錯誤訊息 > File "/usr/local/lib/python3.11/dist-packages/torch/serialization.py", line 1470, in load raise pickle.UnpicklingError(_get_wo_message(str(e))) from None _pickle.UnpicklingError: Weights only load failed. This file can still be loaded, to do so you have two options, do those steps only if you trust the source of the checkpoint. (1) In PyTorch 2.6, we changed the default value of the `weights_only` argument in `torch.load` from `False` to `True`. Re-running `torch.load` with `weights_only` set to `False` will likely succeed, but it can result in arbitrary code execution. Do it only if you got the file from a trusted source. (2) Alternatively, to load with `weights_only=True` please check the recommended steps in the following error message. WeightsUnpickler error: Unsupported global: GLOBAL models.yolo.Model was not an allowed global by default. Please use `torch.serialization.add_safe_globals([Model])` or the `torch.serialization.safe_globals([Model])` context manager to allowlist this global if you trust this class/function. Check the documentation of torch.load to learn more about types accepted by default with weights_only https://pytorch.org/docs/stable/generated/torch.load.html. 官方公告 > This is a backward compatibility-breaking change, please see this [forum post](https://dev-discuss.pytorch.org/t/bc-breaking-change-torch-load-is-being-flipped-to-use-weights-only-true-by-default-in-the-nightlies-after-137602/2573) for more details. 主因是因.pkl會引起安全性問題 ByteDance的實習生透過checkpoint去攻擊large training cluster 所以重寫了unpickler確保allowlisted以外的classes/functions modules/functions會被imported進而觸發遠端攻擊 並且將weights_only預設為False 只有state_dicts of plain tensors會在torch.load時進行unpickling 當checkpoint是信任的時候才開啟