gh-104711: Add security warning to the CGIHTTPRequestHandler document (GH-115915)

author AN Long <aisk@users.noreply.github.com>

Fri, 1 Mar 2024 17:25:14 +0000 (01:25 +0800)

committer GitHub <noreply@github.com>

Fri, 1 Mar 2024 17:25:14 +0000 (17:25 +0000)
author AN Long <aisk@users.noreply.github.com>
Fri, 1 Mar 2024 17:25:14 +0000 (01:25 +0800)
committer GitHub <noreply@github.com>
Fri, 1 Mar 2024 17:25:14 +0000 (17:25 +0000)
diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst

index bc59d3d17912fd0fccf5f9bf38b8be02ee6feaa7..886e359bd8cd621d5630edad9a163ea831cb4ae5 100644 (file)
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -520,6 +520,12 @@ the ``--cgi`` option::
     :mod:`http.server` command line ``--cgi`` support is being removed
     because :class:`CGIHTTPRequestHandler` is being removed.
  
+.. warning::
+
+   :class:`CGIHTTPRequestHandler` and the ``--cgi`` command line option
+   are not intended for use by untrusted clients and may be vulnerable
+   to exploitation. Always use within a secure environment.
+
  .. _http.server-security:
  
  Security Considerations
author	AN Long <aisk@users.noreply.github.com>
	Fri, 1 Mar 2024 17:25:14 +0000 (01:25 +0800)
committer	GitHub <noreply@github.com>
	Fri, 1 Mar 2024 17:25:14 +0000 (17:25 +0000)