New submission from STINNER Victor <vstin...@redhat.com>:
http.server documentation starts with a red warning: "Warning: http.server is not recommended for production. It only implements basic security checks." https://docs.python.org/dev/library/http.server.html It would help to be even more explicit on what it means. For example, document that symbolic links are followed and SimpleHTTPRequestHandler directory can be "escaped" following symbolic links. ---------- assignee: docs@python components: Documentation messages: 342054 nosy: docs@python, vstinner priority: normal severity: normal status: open title: http.server: Document explicitly that symbolic links are followed type: security versions: Python 3.8 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue36873> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
