From 2489c87311874c25fa4b468c1c59e2470d34c580 Mon Sep 17 00:00:00 2001
From: Sam Ezeh <sam.z.ezeh@gmail.com>
Date: Fri, 1 Jul 2022 17:21:27 +0100
Subject: [PATCH] [3.7] gh-81054: Document that SimpleHTTPRequestHandler
 follows symbolic links (GH-94416) (cherry picked from commit
 80aaeabb8bd1e6b49598a7e23e0f8d99b3fcecaf)

Co-authored-by: Sam Ezeh <sam.z.ezeh@gmail.com>
---
 Doc/library/http.server.rst | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst
index 7e317cd8bc2ba8..a93362d96f13f4 100644
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -19,7 +19,7 @@ This module defines classes for implementing HTTP servers (Web servers).
 .. warning::
 
     :mod:`http.server` is not recommended for production. It only implements
-    basic security checks.
+    :ref:`basic security checks <http.server-security>`.
 
 One class, :class:`HTTPServer`, is a :class:`socketserver.TCPServer` subclass.
 It creates and listens at the HTTP socket, dispatching the requests to a
@@ -470,3 +470,14 @@ the following command uses a specific directory::
 the ``--cgi`` option::
 
         python -m http.server --cgi 8000
+
+.. _http.server-security:
+
+Security Considerations
+-----------------------
+
+.. index:: pair: http.server; security
+
+:class:`SimpleHTTPRequestHandler` will follow symbolic links when handling
+requests, this makes it possible for files outside of the specified directory
+to be served.