https://github.com/python/cpython/commit/dac8ff4c401f75e65a5eef1514f2d7987e63bbfe
commit: dac8ff4c401f75e65a5eef1514f2d7987e63bbfe
branch: main
author: AN Long <[email protected]>
committer: zooba <[email protected]>
date: 2024-03-01T17:25:14Z
summary:
gh-104711: Add security warning to the CGIHTTPRequestHandler document
(GH-115915)
files:
M Doc/library/http.server.rst
diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst
index bc59d3d17912fd..886e359bd8cd62 100644
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -520,6 +520,12 @@ the ``--cgi`` option::
:mod:`http.server` command line ``--cgi`` support is being removed
because :class:`CGIHTTPRequestHandler` is being removed.
+.. warning::
+
+ :class:`CGIHTTPRequestHandler` and the ``--cgi`` command line option
+ are not intended for use by untrusted clients and may be vulnerable
+ to exploitation. Always use within a secure environment.
+
.. _http.server-security:
Security Considerations
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: [email protected]
