Issue #6972: keep the warning about untrusted extraction and mention

the version it was improved in.
2025-11-25 21:11:09 +00:00 · 2013-02-07 22:17:21 -08:00 · 2013-02-07 22:17:21 -08:00 · 1d824ec9b3
commit 1d824ec9b3
parent 5eda539591 5546b002de
1 changed files with 5 additions and 1 deletions
--- a/Doc/library/zipfile.rst
+++ b/Doc/library/zipfile.rst
@ -260,8 +260,12 @@ ZipFile Objects
   be a subset of the list returned by :meth:`namelist`.  *pwd* is the password
   used for encrypted files.

-   .. note::
+   .. warning::

+      Never extract archives from untrusted sources without prior inspection.
+      It is possible that files are created outside of *path*, e.g. members
+      that have absolute filenames starting with ``"/"`` or filenames with two
+      dots ``".."``.  This module attempts to prevent that.
      See :meth:`extract` note.