https://github.com/python/cpython/commit/b6077aaf12e5d1cbbe9d721a3f3baefc4d8991e5
commit: b6077aaf12e5d1cbbe9d721a3f3baefc4d8991e5
branch: 3.11
author: AN Long <[email protected]>
committer: zooba <[email protected]>
date: 2024-03-04T11:54:46Z
summary:
gh-104711: Add security warning to the CGIHTTPRequestHandler document
(GH-115915)
(cherry picked from commit dac8ff4c401f75e65a5eef1514f2d7987e63bbfe)
files:
M Doc/library/http.server.rst
diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst
index c42103599d1fd7..89c1756c4354bd 100644
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -502,6 +502,12 @@ the ``--cgi`` option::
python -m http.server --cgi
+.. warning::
+
+ :class:`CGIHTTPRequestHandler` and the ``--cgi`` command line option
+ are not intended for use by untrusted clients and may be vulnerable
+ to exploitation. Always use within a secure environment.
+
.. _http.server-security:
Security Considerations
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: [email protected]
