gh-104711: Add security warning to the CGIHTTPRequestHandler document (GH-115915)

author AN Long <aisk@users.noreply.github.com>

Mon, 4 Mar 2024 11:54:38 +0000 (19:54 +0800)

committer GitHub <noreply@github.com>

Mon, 4 Mar 2024 11:54:38 +0000 (11:54 +0000)
author AN Long <aisk@users.noreply.github.com>
Mon, 4 Mar 2024 11:54:38 +0000 (19:54 +0800)
committer GitHub <noreply@github.com>
Mon, 4 Mar 2024 11:54:38 +0000 (11:54 +0000)
diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst

index eb3a6a87a11e58d42b7b067070a4eb681b91e47c..e6d3bb45ef017eeb34fde874928e93fc351d6897 100644 (file)
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -507,6 +507,12 @@ the ``--cgi`` option::
  
          python -m http.server --cgi
  
+.. warning::
+
+   :class:`CGIHTTPRequestHandler` and the ``--cgi`` command line option
+   are not intended for use by untrusted clients and may be vulnerable
+   to exploitation. Always use within a secure environment.
+
  .. _http.server-security:
  
  Security Considerations
author	AN Long <aisk@users.noreply.github.com>
	Mon, 4 Mar 2024 11:54:38 +0000 (19:54 +0800)
committer	GitHub <noreply@github.com>
	Mon, 4 Mar 2024 11:54:38 +0000 (11:54 +0000)