From 912d8aa97a7c15096b1a0a8e16c7f68c33b457b1 Mon Sep 17 00:00:00 2001
From: henk <info@metaclass.nl>
Date: Sat, 6 Aug 2022 12:26:46 +0200
Subject: [PATCH] #10 OR filter bypasses all doctrine extensions -> Potential
 security problem - added warning to readme

---
 README.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 04756df..92b393f 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,12 @@ Combines API Platform ORM Filters with AND, OR and NOT according to client reque
 - existing requests keep working unmodified if not using "and", "or" or "not" as query parameters
 - works with built in filters of Api Platform, except for DateFilter
   with EXCLUDE_NULL. A DateFilter subclass is provided to correct this.
-  
+
+SECURIY WARNING: The current version of LogicFilter allows clients 
+to bypass criteria set by custom Extensions to limit their access to certain data,
+like the examples do in the docs on [Custom Doctrine ORM Extension](https://api-platform.com/docs/core/extensions/#custom-doctrine-orm-extension) 
+see [Issue 10](https://github.com/metaclass-nl/filter-bundle/issues/10).
+
 Usage
 -----
 Once the FilterLogic class and service configuration have been installed in you app,