From 64a8609cb5afaf7eacb8f8dffdb9aadf562b6771 Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Mon, 22 Apr 2024 12:57:50 +0200
Subject: [PATCH] Warn for possible ReDoS (#200)

Signed-off-by: Matteo Collina <hello@matteocollina.com>
---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 96cd4fd..5c1a599 100644
--- a/README.md
+++ b/README.md
@@ -160,6 +160,12 @@ async function subsystem (fastify, opts) {
 }
 ```
 
+#### :warning: potential ReDoS attacks
+
+Middie use [`path-to-regexp`](http://npm.im/path-to-regexp) to convert paths to regular expressions.
+This might cause potential [ReDoS](https://en.wikipedia.org/wiki/ReDoS) attacks in your applications if
+certain patterns are used. Use it with care.
+
 # Middie Engine
 
 You can also use the engine itself without the Fastify plugin system.