From 3d9efe333831cbe38df9d420fcf2019d0726deff Mon Sep 17 00:00:00 2001
From: Simon Jakobi <simon.jakobi@gmail.com>
Date: Fri, 1 Oct 2021 15:10:41 +0200
Subject: [PATCH] Add security advisory to package description (#320)

Context: #319
---
 unordered-containers.cabal | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/unordered-containers.cabal b/unordered-containers.cabal
index 9949a64d..843929c5 100644
--- a/unordered-containers.cabal
+++ b/unordered-containers.cabal
@@ -8,6 +8,13 @@ description:
   .
   The declared cost of each operation is either worst-case or
   amortized, but remains valid even if structures are shared.
+  .
+  /Security/
+  .
+  This package currently provides no defenses against hash collision attacks
+  such as HashDoS.
+  Users who need to store input from untrusted sources are advised to use
+  @Data.Map@ or @Data.Set@ from the @containers@ package instead.
 license:        BSD3
 license-file:   LICENSE
 author:         Johan Tibell