From f4b1036ddce5b228fd2c097c51780df5b508cf30 Mon Sep 17 00:00:00 2001
From: "cloudcreate.dk" <96371136+cloudcreate-dk@users.noreply.github.com>
Date: Thu, 21 Mar 2024 11:51:16 +0100
Subject: [PATCH] Update README.md

---
 README.md | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index cf96dff..9d3c400 100644
--- a/README.md
+++ b/README.md
@@ -3,8 +3,35 @@
 ## License
 Essentials is released under version 2.0 of the [Apache License](https://www.apache.org/licenses/LICENSE-2.0)
 
-## Versions
+# Security
+
+Several of the components, as well as their subcomponents and/or supporting classes, allows the user of the components to provide customized:
+- table names
+- column names
+- collection names
+- etc.
+
+By using naming conventions for Postgresql table/column/index names and MongoDB Collection names, Essentials attempts to provide an initial layer of defense intended to reduce the risk of malicious input.    
+**However, Essentials does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL and Mongo Queries/Updates against injection threats.**
+> The responsibility for implementing protective measures against malicious API input and configuration values lies exclusively with the users/developers using the Essentials components and its supporting classes.  
+> Users must ensure thorough sanitization and validation of API input parameters, SQL table/column/index names as well as MongoDB collection names.
 
+**Insufficient attention to these practices may leave the application vulnerable to attacks, endangering the security and integrity of the database.**
+
+> Please see the **Security** notices for Essentials `components/README.md`, as well as **Security** notices for the individual components, to familiarize yourself with the security
+> risks related to using the Essentials Components:
+> - `foundation-types/README.md`
+> - `components/postgresql-distributed-fenced-lock/README.md`
+> - `components/springdata-mongo-distributed-fenced-lock/README.md`
+> - `components/postgresql-queue/README.md`
+> - `components/springdata-mongo-queue/README.md`
+> - `components/postgresql-event-store/README.md`
+> - `components/eventsourced-aggregates/README.md`
+> - `components/spring-boot-starter-postgresql/README.md`
+> - `components/spring-boot-starter-postgresql-event-store/README.md`
+> - `components/spring-boot-starter-mongodb/README.md`
+
+## Versions
 
 | Essentials version                                                                           | Java compatibility | Spring Boot compatibility |
 |----------------------------------------------------------------------------------------------|--------------------|---------------------------|