ENGDOCS-1770 (#18584)

* ENGDOCS-1770

* add last updated info

content/security/security-announcements.md

@@ -8,6 +8,8 @@ toc_max: 2
 
 ## Text4Shell CVE-2022-42889
 
+_Last updated October 2022_
+
 [CVE-2022-42889](https://nvd.nist.gov/vuln/detail/CVE-2022-42889) has been discovered in the popular Apache Commons Text library. Versions of this library up to but not including 1.10.0 are affected by this vulnerability.
 
 We strongly encourage you to update to the latest version of [Apache Commons Text](https://commons.apache.org/proper/commons-text/download_text.cgi). 
@@ -22,51 +24,32 @@ the Text4Shell CVE in the vulnerability report. For detailed instructions, see [
 
 ### Docker Official Images impacted by CVE-2022-42889
 
-> **Important**
->
-> We will be updating this section with the latest information. We recommend
-> that you revisit this section to view the list of affected images and update
-> images to the patched version as soon as possible to remediate the issue.
-{ .important }
-
 A number of [Docker Official Images](../trusted-content/official-images.md) contain the vulnerable versions of
-Apache Commons Text. The following table lists Docker Official Images that
-may contain the vulnerable versions of Apache Commons Text. We are working on updating
+Apache Commons Text. The following lists Docker Official Images that
+may contain the vulnerable versions of Apache Commons Text:
+
+- [bonita](https://hub.docker.com/_/bonita) 
+- [Couchbase](https://hub.docker.com/_/couchbase)
+- [Geonetwork](https://hub.docker.com/_/geonetwork) 
+- [neo4j](https://hub.docker.com/_/neo4j)
+- sliverpeas](https://hub.docker.com/_/sliverpeas)
+- [solr](https://hub.docker.com/_/solr) 
+- [xwiki](https://hub.docker.com/_/xwiki) 
+
+We have updated
 Apache Commons Text in these images to the latest version. Some of these images may not be
 vulnerable for other reasons. We recommend that you also review the guidelines published on the upstream websites.
 
-| Repository                | Patched version         | Additional documentation       |
-|:------------------------|:-----------------------|:-----------------------|
-| [bonita](https://hub.docker.com/_/bonita) |  | In progress |
-| [Couchbase](https://hub.docker.com/_/couchbase) |  | In progress |
-| [Geonetwork](https://hub.docker.com/_/geonetwork) |  | In progress |
-| [neo4j](https://hub.docker.com/_/neo4j) |  | In progress |
-| [sliverpeas](https://hub.docker.com/_/sliverpeas) |  | In progress |
-| [solr](https://hub.docker.com/_/solr) |  | In progress |
-| [xwiki](https://hub.docker.com/_/xwiki) |  | In progress |
-
-
-## CVE-2021-45449
-
-Docker Desktop versions 4.3.0 and 4.3.1 have a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files. This vulnerability has been fixed in version 4.3.2 or higher. Users should update to version 4.3.2 and may want to update their password. Users should not send local log files to anyone. Users can manually delete their log files, they can be located in the following folder: `~/Library/Containers/com.docker.docker/Data/log/host/` on Mac, and in `C:\Users\<username>\AppData\Roaming\Docker\log\host\` on Windows. When a user installs 4.3.2 or higher, we will delete their local log files, so there is no risk of leakage after an update.
-
-Additionally, these logs may be included when users upload diagnostics, meaning access tokens and passwords might have been shared with Docker. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1, and the user has logged in while on 4.3.0, 4.3.1 and have gone through the process of submitting diagnostics to Docker. Only Docker support Engineers working on an active support case could have access to the diagnostic files, minimizing leakage risk from these files. We have deleted all potentially sensitive diagnostic files from our data storage and will continue to delete diagnostics reported from the affected versions on an ongoing basis.
-For detailed information, see [CVE-2021-45449](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45449).
-
-
-### References
-
-* [Release Notes (Windows)](../desktop/release-notes.md)
-* [Release Notes (Mac)](../desktop/release-notes.md)
-
 ## Log4j 2 CVE-2021-44228
 
+_Last updated December 2021_
+
 The [Log4j 2 CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) vulnerability in Log4j 2, a very common Java logging library, allows remote code execution, often from a context that is easily available to an attacker. For example, it was found in Minecraft servers which allowed the commands to be typed into chat logs as these were then sent to the logger. This makes it a very serious vulnerability, as the logging library is used so widely and it may be simple to exploit. Many open source maintainers are working hard with fixes and updates to the software ecosystem.
 
 The vulnerable versions of Log4j 2 are versions 2.0 to version 2.14.1 inclusive. The first fixed version is 2.15.0. We strongly encourage you to update to the [latest version](https://logging.apache.org/log4j/2.x/download.html) if you can. If you are using a version before 2.0, you are also not vulnerable.
 
 You may not be vulnerable if you are using these versions, as your configuration
-may already mitigate this (see the Mitigations section below), or the things you
+may already mitigate this, or the things you
 log may not include any user input. This may be difficult to validate however
 without understanding all the code paths that may log in detail, and where they
 may get input from. So you probably will want to upgrade all code using
@@ -92,17 +75,11 @@ Log4j 2 CVE in the vulnerability report. For detailed instructions, see [Scan im
 
 ## Docker Official Images impacted by Log4j 2 CVE
 
-> **Important**
->
-> We will be updating this section with the latest information. We recommend
-> that you revisit this section to view the list of affected images and update
-> images to the patched version as soon as possible to remediate the issue.
-{ .important }
+_Last updated December 2021_
 
 A number of [Docker Official Images](../trusted-content/official-images.md) contain the vulnerable versions of
 Log4j 2 CVE-2021-44228. The following table lists Docker Official Images that
-may contain the vulnerable versions of Log4j 2. We are working on updating
-Log4j 2 in these images to the latest version. Some of these images may not be
+may contained the vulnerable versions of Log4j 2. We updated Log4j 2 in these images to the latest version. Some of these images may not be
 vulnerable for other reasons. We recommend that you also review the guidelines published on the upstream websites.
 
 | Repository                | Patched version         | Additional documentation       |