Merge pull request #567 from tableau/dleskosky_security_doc_update

security doc update to let users know to use most recent version of Python
tableau · Oct 6, 2022 · 4b9e3d8 · 4b9e3d8
2 parents d1e036b + 0b753fb
commit 4b9e3d8
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/docs/security.md b/docs/security.md
@@ -17,3 +17,7 @@ you may want to consider the following as you use TabPy:
 - Execution of ad-hoc Python scripts can be disabled by turning off the
   /evaluate endpoint. To disable /evaluate endpoint, set "TABPY_EVALUATE_ENABLE"
   to false in config file.
+- Always use the most up-to-date version of Python.
+  TabPy relies on Tornado and if older verions of Python are used with Tornado
+  then malicious users can potentially poison Python server web caches
+  with parameter cloaking.