From cbbd2af8d6535431e1ef62a32e62c3a9328f0b80 Mon Sep 17 00:00:00 2001
From: Stan Ulbrych <stan@python.org>
Date: Fri, 29 May 2026 13:29:59 +0100
Subject: [PATCH] Add a security warning about `pydoc`'s HTTP server
 (GH-150409) (cherry picked from commit
 5535c1f9c08e929f96fa5d798277e3a2c91ed12a)

Co-authored-by: Stan Ulbrych <stan@python.org>
---
 Doc/library/pydoc.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Doc/library/pydoc.rst b/Doc/library/pydoc.rst
index f236eba8457657..a0cfb440a36ffa 100644
--- a/Doc/library/pydoc.rst
+++ b/Doc/library/pydoc.rst
@@ -68,6 +68,11 @@ will start a HTTP server on port 1234, allowing you to browse the
 documentation at ``http://localhost:1234/`` in your preferred web browser.
 Specifying ``0`` as the port number will select an arbitrary unused port.
 
+.. warning::
+
+   The :mod:`!pydoc` HTTP server is intended for local use during
+   development and is not suitable for production use.
+
 :program:`python -m pydoc -n <hostname>` will start the server listening at the given
 hostname.  By default the hostname is 'localhost' but if you want the server to
 be reached from other machines, you may want to change the host name that the