Merge commit '6efb279bfacbd7304cef994be8181c6f804e7dd4'

4 files changed, 44 insertions, 4 deletions

diff --git a/docs/content/en/functions/math/Add.md b/docs/content/en/functions/math/Add.md
index afa8d48aa..a438a3d53 100644
--- a/docs/content/en/functions/math/Add.md
+++ b/docs/content/en/functions/math/Add.md
@@ -22,3 +22,9 @@ If one of the numbers is a [`float`], the result is a `float`.
 ```
 
 [`float`]: /getting-started/glossary/#float
+
+You can also use the `add` function to concatenate strings.
+
+```go-html-template
+{{ add "hu" "go" }} → hugo
+```
diff --git a/docs/content/en/functions/os/ReadDir.md b/docs/content/en/functions/os/ReadDir.md
index 63af850b7..f4a5389d9 100644
--- a/docs/content/en/functions/os/ReadDir.md
+++ b/docs/content/en/functions/os/ReadDir.md
@@ -47,5 +47,3 @@ news → true
 Note that `os.ReadDir` is not recursive.
 
 Details of the `FileInfo` structure are available in the [Go documentation](https://pkg.go.dev/io/fs#FileInfo).
-
-For more information on using `readDir` and `readFile` in your templates, see [Local File Templates](/templates/files).
diff --git a/docs/content/en/functions/os/ReadFile.md b/docs/content/en/functions/os/ReadFile.md
index 654e300ac..5e733ef2d 100644
--- a/docs/content/en/functions/os/ReadFile.md
+++ b/docs/content/en/functions/os/ReadFile.md
@@ -36,5 +36,3 @@ This is **bold** text.
 ```
 
 Note that `os.ReadFile` returns raw (uninterpreted) content.
-
-For more information on using `readDir` and `readFile` in your templates, see [Local File Templates](/templates/files).
diff --git a/docs/content/en/functions/resources/GetRemote.md b/docs/content/en/functions/resources/GetRemote.md
index 0e6b91b64..e596b2ab6 100644
--- a/docs/content/en/functions/resources/GetRemote.md
+++ b/docs/content/en/functions/resources/GetRemote.md
@@ -175,3 +175,41 @@ Override the cache key by setting a `key` in the options map. Use this approach
 ```
 
 [configure file caches]: /getting-started/configuration/#configure-file-caches
+
+## Security
+
+To protect against malicious intent, the `resources.GetRemote` function inspects the server response including:
+
+- The [Content-Type] in the response header
+- The file extension, if any
+- The content itself
+
+If Hugo is unable to resolve the media type to an entry in its [allowlist], the function throws an error:
+
+```text
+ERROR error calling resources.GetRemote: failed to resolve media type...
+```
+
+For example, you will see the error above if you attempt to download an executable.
+
+Although the allowlist contains entries for common media types, you may encounter situations where Hugo is unable to resolve the media type of a file that you know to be safe. In these situations, edit your site configuration to add the media type to the allowlist. For example:
+
+```text
+[security.http]
+mediaTypes=['application/vnd\.api\+json'] 
+```
+
+Note that the entry above is:
+
+- An _addition_ to the allowlist; it does not _replace_ the allowlist
+- An array of regular expressions
+
+For example, to add two entries to the allowlist:
+
+```text
+[security.http]
+mediaTypes=['application/vnd\.api\+json','image/avif']
+```
+
+[allowlist]: https://en.wikipedia.org/wiki/Whitelist
+[Content-Type]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type