Merge pull request #13983 from usha-mandya/hvs-note-patch

Update note on Docker Hub scans
2021-12-15 14:38:28 +00:00 · 2021-12-15 14:38:28 +00:00 · ed7dcbb98e
parent 687bdaffaa 6263dcac40
commit ed7dcbb98e
1 changed files with 5 additions and 5 deletions
--- a/docker-hub/vulnerability-scanning.md
+++ b/docker-hub/vulnerability-scanning.md
@ -24,11 +24,11 @@ When you push an image to Docker Hub after enabling vulnerability scanning, Dock

 > **Log4j 2 CVE-2021-44228**
 >
-> Versions of `docker scan` earlier than `v0.11.0` are not able to detect [Log4j
-2 CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228){:
-target="_blank" rel="noopener" class="_"}. You must update your Docker
-> installation to the latest version to fix this issue. For more
-> information, see [Scan images for Log4j 2 CVE](../../engine/scan#scan-images-for-log4j-2-cve).
+> Docker Hub security scans triggered after **1700 UTC 13 December 2021** are
+> now correctly identifying the Log4j2 CVE. Scans before this date **do not**
+> currently reflect the status of this vulnerability. Therefore, we recommend
+> that you trigger scans by pushing the image to Docker Hub to view the status
+> of Log4j2 CVE in the vulnerability report.
 {: .important}

 Hub Vulnerability scanning allows repository owners and administrators of a