[Python-checkins] Add a warning about untrusted input to `configparser` docs (#146276)

jaraco Sun, 22 Mar 2026 16:58:56 -0700

https://github.com/python/cpython/commit/fb8d8d9c9f9cbc94fa58887e13e63bf33fe0caac
commit: fb8d8d9c9f9cbc94fa58887e13e63bf33fe0caac
branch: main
author: Stan Ulbrych <[email protected]>
committer: jaraco <[email protected]>
date: 2026-03-22T19:58:31-04:00
summary:


Add a warning about untrusted input to `configparser` docs (#146276)

files:
M Doc/library/configparser.rst

diff --git a/Doc/library/configparser.rst b/Doc/library/configparser.rst
index 4c1750de1d3933..4d720176fcc334 100644
--- a/Doc/library/configparser.rst
+++ b/Doc/library/configparser.rst
@@ -24,6 +24,11 @@ can be customized by end users easily.
    This library does *not* interpret or write the value-type prefixes used in
    the Windows Registry extended version of INI syntax.
 
+.. warning::
+   Be cautious when parsing data from untrusted sources. A malicious
+   INI file may cause the decoder to consume considerable CPU and memory
+   resources. Limiting the size of data to be parsed is recommended.
+
 .. seealso::
 
    Module :mod:`tomllib`

_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]

[Python-checkins] Add a warning about untrusted input to `configparser` docs (#146276)

Reply via email to