From dac8ff4c401f75e65a5eef1514f2d7987e63bbfe Mon Sep 17 00:00:00 2001
From: AN Long <aisk@users.noreply.github.com>
Date: Sat, 2 Mar 2024 01:25:14 +0800
Subject: gh-104711: Add security warning to the CGIHTTPRequestHandler document
 (GH-115915)

---
 Doc/library/http.server.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst
index bc59d3d..886e359 100644
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -520,6 +520,12 @@ the ``--cgi`` option::
    :mod:`http.server` command line ``--cgi`` support is being removed
    because :class:`CGIHTTPRequestHandler` is being removed.
 
+.. warning::
+
+   :class:`CGIHTTPRequestHandler` and the ``--cgi`` command line option
+   are not intended for use by untrusted clients and may be vulnerable
+   to exploitation. Always use within a secure environment.
+
 .. _http.server-security:
 
 Security Considerations
-- 
cgit v0.12