From fb8d8d9c9f9cbc94fa58887e13e63bf33fe0caac Mon Sep 17 00:00:00 2001
From: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Date: Sun, 22 Mar 2026 23:58:31 +0000
Subject: [PATCH] Add a warning about untrusted input to `configparser` docs
 (#146276)

---
 Doc/library/configparser.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Doc/library/configparser.rst b/Doc/library/configparser.rst
index 4c1750de1d39..4d720176fcc3 100644
--- a/Doc/library/configparser.rst
+++ b/Doc/library/configparser.rst
@@ -24,6 +24,11 @@ can be customized by end users easily.
    This library does *not* interpret or write the value-type prefixes used in
    the Windows Registry extended version of INI syntax.
 
+.. warning::
+   Be cautious when parsing data from untrusted sources. A malicious
+   INI file may cause the decoder to consume considerable CPU and memory
+   resources. Limiting the size of data to be parsed is recommended.
+
 .. seealso::
 
    Module :mod:`tomllib`
-- 
2.47.3