1 files changed, 32 insertions, 0 deletions

diff --git a/devdocs/python~3.12/library%2Fsecurity_warnings.html b/devdocs/python~3.12/library%2Fsecurity_warnings.html
new file mode 100644
index 00000000..7d5c0b93
--- /dev/null
+++ b/devdocs/python~3.12/library%2Fsecurity_warnings.html
@@ -0,0 +1,32 @@
+ <span id="index-0"></span><h1>Security Considerations</h1> <p>The following modules have specific security considerations:</p> <ul class="simple"> <li>
+<a class="reference internal" href="base64#module-base64" title="base64: RFC 4648: Base16, Base32, Base64 Data Encodings; Base85 and Ascii85"><code>base64</code></a>: <a class="reference internal" href="base64#base64-security"><span class="std std-ref">base64 security considerations</span></a> in <span class="target" id="index-1"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4648.html"><strong>RFC 4648</strong></a>
+</li> <li>
+<a class="reference internal" href="cgi#module-cgi" title="cgi: Helpers for running Python scripts via the Common Gateway Interface. (deprecated)"><code>cgi</code></a>: <a class="reference internal" href="cgi#cgi-security"><span class="std std-ref">CGI security considerations</span></a>
+</li> <li>
+<a class="reference internal" href="hashlib#module-hashlib" title="hashlib: Secure hash and message digest algorithms."><code>hashlib</code></a>: <a class="reference internal" href="hashlib#hashlib-usedforsecurity"><span class="std std-ref">all constructors take a “usedforsecurity” keyword-only argument disabling known insecure and blocked algorithms</span></a>
+</li> <li>
+<a class="reference internal" href="http.server#module-http.server" title="http.server: HTTP server and request handlers."><code>http.server</code></a> is not suitable for production use, only implementing basic security checks. See the <a class="reference internal" href="http.server#http-server-security"><span class="std std-ref">security considerations</span></a>.</li> <li>
+<a class="reference internal" href="logging#module-logging" title="logging: Flexible event logging system for applications."><code>logging</code></a>: <a class="reference internal" href="logging.config#logging-eval-security"><span class="std std-ref">Logging configuration uses eval()</span></a>
+</li> <li>
+<a class="reference internal" href="multiprocessing#module-multiprocessing" title="multiprocessing: Process-based parallelism."><code>multiprocessing</code></a>: <a class="reference internal" href="multiprocessing#multiprocessing-recv-pickle-security"><span class="std std-ref">Connection.recv() uses pickle</span></a>
+</li> <li>
+<a class="reference internal" href="pickle#module-pickle" title="pickle: Convert Python objects to streams of bytes and back."><code>pickle</code></a>: <a class="reference internal" href="pickle#pickle-restrict"><span class="std std-ref">Restricting globals in pickle</span></a>
+</li> <li>
+<a class="reference internal" href="random#module-random" title="random: Generate pseudo-random numbers with various common distributions."><code>random</code></a> shouldn’t be used for security purposes, use <a class="reference internal" href="secrets#module-secrets" title="secrets: Generate secure random numbers for managing secrets."><code>secrets</code></a> instead</li> <li>
+<a class="reference internal" href="shelve#module-shelve" title="shelve: Python object persistence."><code>shelve</code></a>: <a class="reference internal" href="shelve#shelve-security"><span class="std std-ref">shelve is based on pickle and thus unsuitable for dealing with untrusted sources</span></a>
+</li> <li>
+<a class="reference internal" href="ssl#module-ssl" title="ssl: TLS/SSL wrapper for socket objects"><code>ssl</code></a>: <a class="reference internal" href="ssl#ssl-security"><span class="std std-ref">SSL/TLS security considerations</span></a>
+</li> <li>
+<a class="reference internal" href="subprocess#module-subprocess" title="subprocess: Subprocess management."><code>subprocess</code></a>: <a class="reference internal" href="subprocess#subprocess-security"><span class="std std-ref">Subprocess security considerations</span></a>
+</li> <li>
+<a class="reference internal" href="tempfile#module-tempfile" title="tempfile: Generate temporary files and directories."><code>tempfile</code></a>: <a class="reference internal" href="tempfile#tempfile-mktemp-deprecated"><span class="std std-ref">mktemp is deprecated due to vulnerability to race conditions</span></a>
+</li> <li>
+<a class="reference internal" href="xml#module-xml" title="xml: Package containing XML processing modules"><code>xml</code></a>: <a class="reference internal" href="xml#xml-vulnerabilities"><span class="std std-ref">XML vulnerabilities</span></a>
+</li> <li>
+<a class="reference internal" href="zipfile#module-zipfile" title="zipfile: Read and write ZIP-format archive files."><code>zipfile</code></a>: <a class="reference internal" href="zipfile#zipfile-resources-limitations"><span class="std std-ref">maliciously prepared .zip files can cause disk volume exhaustion</span></a>
+</li> </ul> <p>The <a class="reference internal" href="../using/cmdline#cmdoption-I"><code>-I</code></a> command line option can be used to run Python in isolated mode. When it cannot be used, the <a class="reference internal" href="../using/cmdline#cmdoption-P"><code>-P</code></a> option or the <span class="target" id="index-2"></span><a class="reference internal" href="../using/cmdline#envvar-PYTHONSAFEPATH"><code>PYTHONSAFEPATH</code></a> environment variable can be used to not prepend a potentially unsafe path to <a class="reference internal" href="sys#sys.path" title="sys.path"><code>sys.path</code></a> such as the current directory, the script’s directory or an empty string.</p> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2001&ndash;2023 Python Software Foundation<br>Licensed under the PSF License.<br>
+    <a href="https://docs.python.org/3.12/library/security_warnings.html" class="_attribution-link">https://docs.python.org/3.12/library/security_warnings.html</a>
+  </p>
+</div>