[3.8] gh-81054: Document that SimpleHTTPRequestHandler follows symbolic links (GH-94416) (GH-94495)

(cherry picked from commit 80aaeabb) Co-authored-by: Sam Ezeh <sam.z.ezeh@gmail.com>

[3.8] gh-81054: Document that SimpleHTTPRequestHandler follows symbolic links (GH-94416) (GH-94495)
bd0f2a19 · Łukasz Langa · GitHub · 51f1ae5c · bd0f2a19
Unverified Commit bd0f2a19 authored 2 years ago by Łukasz Langa Committed by GitHub 2 years ago
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -20,7 +20,7 @@ This module defines classes for implementing HTTP servers (Web servers).
 .. warning::

    :mod:`http.server` is not recommended for production. It only implements
-    basic security checks.
+    :ref:`basic security checks <http.server-security>`.

 One class, :class:`HTTPServer`, is a :class:`socketserver.TCPServer` subclass.
 It creates and listens at the HTTP socket, dispatching the requests to a
@@ -477,3 +477,14 @@ the following command uses a specific directory::
 the ``--cgi`` option::

        python -m http.server --cgi 8000
+
+.. _http.server-security:
+
+Security Considerations
+-----------------------
+
+.. index:: pair: http.server; security
+
+:class:`SimpleHTTPRequestHandler` will follow symbolic links when handling
+requests, this makes it possible for files outside of the specified directory
+to be served.