From 05684448b852baa4c24c13e3fe72a44fbc0a0870 Mon Sep 17 00:00:00 2001
From: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
Date: Wed, 29 Jun 2022 14:25:59 -0400
Subject: [PATCH] docs: provide logging recommendations (#371)

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 5309bd382..e7d301afb 100644
--- a/README.md
+++ b/README.md
@@ -57,6 +57,10 @@ go-getter contains mitigations for some of these security issues, but should sti
 caution in security-critical contexts. See the available [security options](#Security-Options) that
 can be configured to mitigate some of these risks.
 
+go-getter may return values that contain caller-provided query parameters that can contain sensitive data.
+Context around what parameters are and are not sensitive is known only by the caller of go-getter, and specific to each use case.
+We recommend the caller ensure that go-getter's return values (e.g., error messages) are properly handled and sanitized to ensure
+sensitive data is not persisted to logs.
 ## URL Format
 
 go-getter uses a single string URL as input to download from a variety of