From 454e36b7572c872f479e6124c59c0efe138920af Mon Sep 17 00:00:00 2001
From: Joe DeCock <josephdecock@gmail.com>
Date: Wed, 31 Jul 2024 10:43:02 -0500
Subject: [PATCH] Update README.md

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 8c69fa69..05633241 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,6 @@
+# Security Vulnerability Found
+IdentityServer4 contains a known Open Redirect vulnerability (CVE-2024-39694) that we do not intend to address. Please see [the security advisory](https://github.com/IdentityServer/IdentityServer4/security/advisories/GHSA-55p7-v223-x366) for more details and consider upgrading to [Duende.IdentityServer](www.duendesoftware.com).
+
 # Important update
 This project is not maintained anymore. This repo will be archived when .NET Core 3.1 end of support is reached (13th Dec 2022). All new development is happening in the new [Duende Software](https://github.com/duendesoftware) organization.