From 3baee3b39765f5e8ec616b2b71b731b140486394 Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
 <31488909+miss-islington@users.noreply.github.com>
Date: Wed, 10 Oct 2018 20:31:27 -0700
Subject: bpo-34576 warn users on security for http.server (GH-9720)

It was proposed to add an warning for http.server regarding security
issues. The wording was provided at bpo-26005 by @orsenthil
(cherry picked from commit 1d26c72e6a9c5b28b27c158f2f196217707dbb0f)

Co-authored-by: Felipe Rodrigues <felipe@felipevr.com>
---
 Doc/library/http.server.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst
index b29020b..ab5d568 100644
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -16,6 +16,14 @@
 
 This module defines classes for implementing HTTP servers (Web servers).
 
+Security Considerations
+-----------------------
+
+http.server is meant for demo purposes and does not implement the stringent
+security checks needed of real HTTP server. We do not recommend
+using this module directly in production.
+
+
 One class, :class:`HTTPServer`, is a :class:`socketserver.TCPServer` subclass.
 It creates and listens at the HTTP socket, dispatching the requests to a
 handler.  Code to create and run the server looks like this::
-- 
cgit v0.12