From 915eda78ce54b28c1c1bfb380fb2351844380ee7 Mon Sep 17 00:00:00 2001
From: Leona Maroni <dev@leona.is>
Date: Fri, 10 Oct 2025 16:22:07 +0200
Subject: [PATCH] mbedtls_2: mark as vulnerable because EOL

Mbed TLS 2 is no longer maintained [^1]. This is a security relevant
package, so we should inform our users that it might be vulnerable.

^1: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10
---
 pkgs/development/libraries/mbedtls/generic.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/development/libraries/mbedtls/generic.nix b/pkgs/development/libraries/mbedtls/generic.nix
index e986ea51ecb6..266584968ca0 100644
--- a/pkgs/development/libraries/mbedtls/generic.nix
+++ b/pkgs/development/libraries/mbedtls/generic.nix
@@ -72,5 +72,8 @@ stdenv.mkDerivation rec {
     ];
     platforms = platforms.all;
     maintainers = with maintainers; [ raphaelr ];
+    knownVulnerabilities = lib.optionals (lib.versionOlder version "3.0") [
+      "Mbed TLS 2 is not maintained anymore. Please migrate to newer versions"
+    ];
   };
 }