diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
index 4574b59e6..012ddba34 100644
--- a/data/txt/sha256sums.txt
+++ b/data/txt/sha256sums.txt
@@ -182,13 +182,13 @@ c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6  lib/core/data.
 914a13ee21fd610a6153a37cbe50830fcbd1324c7ebc1e7fc206d5e598b0f7ad  lib/core/log.py
 67ea32c993cbf23cdbd5170360c020ca33363b7c516ff3f8da4124ef7cb0254d  lib/core/optiondict.py
 83ec82a78c1665ae7516a3bbd239ffb1db8ac2ca20994125ff6023edf3d1e7c1  lib/core/option.py
-c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2  lib/core/patch.py
+3371a9c79ad7d2eb578e705cb077098a9f63cabb5472e4e66c4dac094a438bcd  lib/core/patch.py
 49c0fa7e3814dfda610d665ee02b12df299b28bc0b6773815b4395514ddf8dec  lib/core/profiling.py
 03db48f02c3d07a047ddb8fe33a757b6238867352d8ddda2a83e4fec09a98d04  lib/core/readlineng.py
 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3  lib/core/replication.py
 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6  lib/core/revision.py
 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c  lib/core/session.py
-dfb37a8a4342fbe8fa81161e63a6d308e8ab39da44b513a72ca027a806c6dd8b  lib/core/settings.py
+cee91b682232e472c25a1853f74d6b737243d702bcacf44e59ec755800b1a6b1  lib/core/settings.py
 cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82  lib/core/shell.py
 bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725  lib/core/subprocessng.py
 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6  lib/core/target.py
diff --git a/lib/core/patch.py b/lib/core/patch.py
index 35fde3497..b2ca4aee9 100644
--- a/lib/core/patch.py
+++ b/lib/core/patch.py
@@ -185,7 +185,11 @@ def dirtyPatches():
             def find_class(self, module, name):
                 # blacklist for OS-level execution modules
                 if module in ("os", "subprocess", "sys", "posix", "nt", "pty", "commands", "shutil"):
-                    raise ValueError("Unpickling of module '%s' is forbidden" % module)
+                    raise ValueError("unpickling of module '%s' is forbidden" % module)
+
+                # partial whitelist for builtins to allow safe data types but block eval/exec/__import__
+                if module in ("builtins", "__builtin__") and name not in ("set", "frozenset", "dict", "list", "tuple", "int", "float", "bool", "str", "bytes", "bytearray", "object", "NoneType"):
+                    raise ValueError("unpickling of '%s.%s' is forbidden" % (module, name))
 
                 # Python 2/3 method resolution
                 if hasattr(pickle.Unpickler, "find_class"):
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 3120a62a6..83d70fed1 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from lib.core.enums import OS
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.6.43"
+VERSION = "1.10.6.44"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)