From 72cb9bc55f5f96ad6d04129cd997e53c5b0c3a83 Mon Sep 17 00:00:00 2001
From: Kenta Murata <mrkn@users.noreply.github.com>
Date: Wed, 26 Aug 2020 14:28:05 +0900
Subject: [PATCH] [webrick][DOC] Describe the stance of WEBrick about its
 security and utilization (#3457)

WEBrick is not recommended for the production use.  We need to explicitly
describe this fact in the document to avoid troubles due to misunderstanding.
---
 lib/webrick.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/webrick.rb b/lib/webrick.rb
index 1c0eb81dbd..b854b68db4 100644
--- a/lib/webrick.rb
+++ b/lib/webrick.rb
@@ -15,6 +15,11 @@
 # WEBrick also includes tools for daemonizing a process and starting a process
 # at a higher privilege level and dropping permissions.
 #
+# == Security
+#
+# *Warning:* WEBrick is not recommended for production.  It only implements
+# basic security checks.
+#
 # == Starting an HTTP server
 #
 # To create a new WEBrick::HTTPServer that will listen to connections on port
@@ -139,9 +144,9 @@
 # servers.  See WEBrick::HTTPAuth, WEBrick::HTTPAuth::BasicAuth and
 # WEBrick::HTTPAuth::DigestAuth.
 #
-# == WEBrick as a Production Web Server
+# == WEBrick as a daemonized Web Server
 #
-# WEBrick can be run as a production server for small loads.
+# WEBrick can be run as a daemonized server for small loads.
 #
 # === Daemonizing
 #