From: Stan Ulbrych <stan@python.org>
Date: Fri, 10 Apr 2026 16:02:22 +0000 (+0100)
Subject: gh-148337: Document `importlib.resources` security model (#148340)
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=70b86e7829c42d36c80853ba9bf1da0d8464065b;p=thirdparty%2FPython%2Fcpython.git

gh-148337: Document `importlib.resources` security model (#148340)
---

diff --git a/Doc/library/importlib.resources.rst b/Doc/library/importlib.resources.rst
index 6bad0c4a931..653fa61420b 100644
--- a/Doc/library/importlib.resources.rst
+++ b/Doc/library/importlib.resources.rst
@@ -31,6 +31,12 @@ not** have to exist as physical files and directories on the file system:
 for example, a package and its resources can be imported from a zip file using
 :py:mod:`zipimport`.
 
+.. warning::
+
+   :mod:`importlib.resources` follows the same security model as the built-in
+   :func:`open` function. Passing untrusted inputs to the functions
+   in this module is unsafe.
+
 .. note::
 
    The standalone backport of this module provides more information