From b2bb8be275dbb2cc9c5d476da2a8b19f4218670c Mon Sep 17 00:00:00 2001
From: Hayg Astourian <hayg@meraki.com>
Date: Tue, 15 Aug 2017 12:03:53 -0700
Subject: Add security considerations section to README

---
 README.rdoc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.rdoc b/README.rdoc
index 5803a39..648f02b 100644
--- a/README.rdoc
+++ b/README.rdoc
@@ -7,6 +7,11 @@ Plist is a library to manipulate Property List files, also known as plists.  It
 
 == Usage
 
+=== Security considerations
+
+Plist.parse_xml uses Marshal.load for <data/> attributes. If the <data/> attribute contains malicious data, an attacker can gain code execution.
+You should never use Plist.parse_xml with untrusted plists!
+
 === Parsing
 
   result = Plist.parse_xml('path/to/example.plist')
-- 
cgit v1.2.1