From 4191d605eeb3c1232491ef061ca5558b1e5c9d8f Mon Sep 17 00:00:00 2001
From: Zhiwei Liang <zhi.wei.liang@outlook.com>
Date: Thu, 28 Mar 2024 00:17:02 -0400
Subject: [PATCH] doc: Add security notice for filemd5 and filesha1 functions

---
 website/docs/language/functions/filemd5.mdx  | 5 +++++
 website/docs/language/functions/filesha1.mdx | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/website/docs/language/functions/filemd5.mdx b/website/docs/language/functions/filemd5.mdx
index 3470ba9d7e..5b8525557f 100644
--- a/website/docs/language/functions/filemd5.mdx
+++ b/website/docs/language/functions/filemd5.mdx
@@ -13,3 +13,8 @@ that hashes the contents of a given file rather than a literal string.
 This is similar to `md5(file(filename))`, but
 because [`file`](/terraform/language/functions/file) accepts only UTF-8 text it cannot be used to
 create hashes for binary files.
+
+Collision attacks have been successfully performed against this hashing
+function. Before using this function for anything security-sensitive, refer to
+[RFC 6151](https://tools.ietf.org/html/rfc6151) for updated security
+considerations applying to the MD5 algorithm.
diff --git a/website/docs/language/functions/filesha1.mdx b/website/docs/language/functions/filesha1.mdx
index a2b56ce6c6..e8acde62cd 100644
--- a/website/docs/language/functions/filesha1.mdx
+++ b/website/docs/language/functions/filesha1.mdx
@@ -13,3 +13,7 @@ that hashes the contents of a given file rather than a literal string.
 This is similar to `sha1(file(filename))`, but
 because [`file`](/terraform/language/functions/file) accepts only UTF-8 text it cannot be used to
 create hashes for binary files.
+
+Collision attacks have been successfully performed against this hashing
+function. Before using this function for anything security-sensitive, review
+relevant literature to understand the security implications.