New submission from STINNER Victor firstname.lastname@example.org:
http.server documentation starts with a red warning:
"Warning: http.server is not recommended for production. It only implements basic security checks."
It would help to be even more explicit on what it means. For example, document that symbolic links are followed and SimpleHTTPRequestHandler directory can be "escaped" following symbolic links.
---------- assignee: docs@python components: Documentation messages: 342054 nosy: docs@python, vstinner priority: normal severity: normal status: open title: http.server: Document explicitly that symbolic links are followed type: security versions: Python 3.8