From e0cb6a78faaf3c700b9478fd46192258fef9b545 Mon Sep 17 00:00:00 2001
From: Ryan Kurtz <ryanmkurtz@users.noreply.github.com>
Date: Wed, 15 Dec 2021 12:27:35 -0500
Subject: [PATCH] GP-0: Updating README.md

---
 README.md | 32 +++++++-------------------------
 1 file changed, 7 insertions(+), 25 deletions(-)

diff --git a/README.md b/README.md
index befab75e24..f23dfb822f 100644
--- a/README.md
+++ b/README.md
@@ -1,30 +1,5 @@
 <img src="Ghidra/Features/Base/src/main/resources/images/GHIDRA_3.png" width="400">
 
-# WARNING
-
-**WARNING:** There has been a [published CVE security vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
-noted in Ghidra dependencies within 2 `log4j` jar files.  We strongly encourage anyone using 
-previous versions of Ghidra to remediate this issue by either upgrading to 
-[Ghidra 10.1](https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.1_build), 
-or patching your current version.  To patch your current Ghidra installation, delete:
-
-* `Ghidra/Framework/Generic/lib/log4j-api-2.12.1.jar`
-* `Ghidra/Framework/Generic/lib/log4j-core-2.12.1.jar`
-
-and replace with the newer log4j 2.15.0 version:
-
-* [`Ghidra/Framework/Generic/lib/log4j-api-2.15.0.jar`](https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar)
-* [`Ghidra/Framework/Generic/lib/log4j-core-2.15.0.jar`](https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0.jar)
-
-If you are running Ghidra from the development environment, please pull the latest `master` branch
-(or `patch`/`stable` if applicable), and execute the following to upgrade your repo to the newer 
-`log4j`: 
-```
-$ gradle prepdev cleanEclipse eclipse
-```
-
----
-
 # Ghidra Software Reverse Engineering Framework
 
 Ghidra is a software reverse engineering (SRE) framework created and maintained by the 
@@ -46,6 +21,12 @@ If you are a U.S. citizen interested in projects like this, to develop Ghidra an
 cybersecurity tools for NSA to help protect our nation and its allies, consider applying for a 
 [career with us][career].
 
+## Security Warning
+
+**WARNING:** There are known security vulnerabilities within certain versions of Ghidra.  Before 
+proceeding, please read through Ghidra's [Security Advisories][security] for a better understanding 
+of how you might be impacted.
+
 ## Install
 To install an official pre-built multi-platform Ghidra release:  
 * Install [JDK 11 64-bit][jdk11]
@@ -137,3 +118,4 @@ source project.
 [vs]: https://visualstudio.microsoft.com/vs/community/
 [eclipse]: https://www.eclipse.org/downloads/packages/
 [master]: https://github.com/NationalSecurityAgency/ghidra/archive/refs/heads/master.zip
+[security]: https://github.com/NationalSecurityAgency/ghidra/security/advisories
\ No newline at end of file