From 8a74979cd79d9ffcb59bd92a2ca1bb0310649f7d Mon Sep 17 00:00:00 2001
From: Alexander Pankratov <s.pankratoff@gmail.com>
Date: Mon, 13 Jan 2020 02:02:29 +0300
Subject: [PATCH] Readme Security issue notice

---
 README.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e91d66a..c42bdda 100644
--- a/README.md
+++ b/README.md
@@ -91,7 +91,15 @@ Fast, simple, async php telegram api server:
     * search: `http://127.0.0.1:9503/api/searchGlobal/?data[q]=Hello%20World&data[limit]=10`
     * sendMessage: `http://127.0.0.1:9503/api/sendMessage/?data[peer]=@xtrime&data[message]=Hello!`
     * copy message from one channel to other (not repost): `http://127.0.0.1:9503/api/copyMessages/?data[from_peer]=@xtrime&data[to_peer]=@xtrime&data[id][0]=1`
-    
+
+**INPORTANT SECURITY NOTICE!**
+
+Do not use `SERVER_ADDRESS=0.0.0.0` in version 1.5.0+, because websocket EventHandler endpoint currently not use `IP_WHITELIST` option. 
+This means, anyone from internet can listen your updates via websocket in this mode.
+
+Use only default setting: `SERVER_ADDRESS=127.0.0.1`, or protect your app with external firewall.
+
+This security issue will be fixed in one of next releases in January 2020.
         
 **Contacts**