From dac8ff4c401f75e65a5eef1514f2d7987e63bbfe Mon Sep 17 00:00:00 2001 From: AN Long Date: Sat, 2 Mar 2024 01:25:14 +0800 Subject: gh-104711: Add security warning to the CGIHTTPRequestHandler document (GH-115915) --- Doc/library/http.server.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst index bc59d3d..886e359 100644 --- a/Doc/library/http.server.rst +++ b/Doc/library/http.server.rst @@ -520,6 +520,12 @@ the ``--cgi`` option:: :mod:`http.server` command line ``--cgi`` support is being removed because :class:`CGIHTTPRequestHandler` is being removed. +.. warning:: + + :class:`CGIHTTPRequestHandler` and the ``--cgi`` command line option + are not intended for use by untrusted clients and may be vulnerable + to exploitation. Always use within a secure environment. + .. _http.server-security: Security Considerations -- cgit v0.12