From ccb4118e748c98ff9d21a21bbde2d3aad641ca9d Mon Sep 17 00:00:00 2001
From: Ingo Schommer <me@chillu.com>
Date: Tue, 3 Sep 2019 18:51:27 +1200
Subject: [PATCH] DOCS Public webroot requirement

---
 docs/en/00_Getting_Started/00_Server_Requirements.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/en/00_Getting_Started/00_Server_Requirements.md b/docs/en/00_Getting_Started/00_Server_Requirements.md
index 363017c10..a6f0bdae0 100644
--- a/docs/en/00_Getting_Started/00_Server_Requirements.md
+++ b/docs/en/00_Getting_Started/00_Server_Requirements.md
@@ -31,6 +31,15 @@ and relies on the hosting environment to be configured securely to
 enforce restrictions. There are secure default in place for Apache,
 but you should be aware of the configuration regardless of your webserver setup.
 
+### Public webroot
+
+The webroot of your webserver should be configured to the `public/` subfolder.
+Projects created prior to SilverStripe 4.1 might be running the main project
+folder as the webroot. In this case, you are responsible for ensuring
+access to system files such as configuration in `*.yml` is protected
+from public access. We strongly recommend switching to more secure
+hosting via the `public/`. See [4.1.0 upgrading guide](/changelogs/4.1.0).
+
 ### Filesystem permissions
 
 SilverStripe needs write access for the webserver user to `public/assets`,