From 73eed49b231f4c4b3f571b632e83badaddbbbb04 Mon Sep 17 00:00:00 2001
From: AppleTheGolden <scotsbox@protonmail.com>
Date: Sun, 10 Aug 2025 17:29:03 +0200
Subject: [PATCH] Document PRTY_ALLOW_INSECURE_EXPAT

---
 README.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 8f470a50..264ef5d1 100644
--- a/README.md
+++ b/README.md
@@ -2270,10 +2270,11 @@ example: `PRTY_NO_IFADDR=1 python3 copyparty-sfx.py`
 
 force-enable features with known issues on your OS/env  by setting any of the following environment variables, also affectionately known as `fuckitbits` or `hail-mary-bits`
 
-| env-var                  | what it does |
-| ------------------------ | ------------ |
-| `PRTY_FORCE_MP`          | force-enable multiprocessing (real multithreading) on MacOS and other broken platforms |
-| `PRTY_FORCE_MAGIC`       | use [magic](https://pypi.org/project/python-magic/) on Windows (you will segfault) |
+| env-var                     | what it does                                                                                                                                                        |
+|-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `PRTY_FORCE_MP`             | force-enable multiprocessing (real multithreading) on MacOS and other broken platforms                                                                              |
+| `PRTY_FORCE_MAGIC`          | use [magic](https://pypi.org/project/python-magic/) on Windows (you will segfault)                                                                                  |
+| `PRTY_ALLOW_INSECURE_EXPAT` | allow using expat versions (bundled with python) that are vulnerable to xml attacks, [see the python docs](https://docs.python.org/3/library/xml.html#xml-security) |
 
 
 # packages