Add note about ReDoS to README

2022-05-30 13:55:50 -07:00 · 2022-05-30 13:55:50 -07:00 · 3b73d98c47
commit 3b73d98c47
parent d9fa9bddda
1 changed files with 6 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -6,6 +6,12 @@ This package provides a CGo-free port of the PCRE2 regular expression library. T

 ---

+## IMPORTANT NOTE!
+
+Due to the use of PCRE2, this library contains extra features such as lookaheads/lookbehinds. The stdlib regex engine, RE2, left these features out for a reason. It's easy to create regular expressions with this library that have exponential runtime. This creates the possibility of a denial of service attack. Only use this library if the extra features are needed and the user providing the regex is trusted (such as if it's in a config file). Otherwise, use the standard library regexp package.
+
+---
+
 ## Supported GOOS/GOARCH:

 - linux/amd64