From c534698363b8696d597182dcdd308a0d8c869df2 Mon Sep 17 00:00:00 2001
From: justmurphy <96064251+justmurphy@users.noreply.github.com>
Date: Wed, 29 Dec 2021 16:13:37 -0500
Subject: [PATCH 1/2] Update CISA guidance

---
 README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 705f464..f2ad884 100644
--- a/README.md
+++ b/README.md
@@ -3,9 +3,10 @@
 This repository provides
 [CISA's guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance)
 and an overview of related software regarding the Log4j vulnerability
-(CVE-2021-44228). CISA encourages users and administrators to review the
+(CVE-2021-44228). CISA urges users and administrators to review the
 [official Apache release](https://logging.apache.org/log4j/2.x/security.html)
-and upgrade to Log4j 2.17.1 or apply the recommended mitigations immediately.
+for updates and mitigation guidance, and upgrade to Log4j 2.17.1 (Java 8), 2.12.4
+(Java 7) and 2.3.2 (Java 6).
 
 The information in this repository is provided "as is" for informational
 purposes only and is being assembled and updated by CISA through

From 95e34c2637f4092f153ed9c71c70ecbd1d40640a Mon Sep 17 00:00:00 2001
From: justmurphy <96064251+justmurphy@users.noreply.github.com>
Date: Wed, 29 Dec 2021 16:18:03 -0500
Subject: [PATCH 2/2] Update CISA rec guidance

---
 README.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index f2ad884..d338bed 100644
--- a/README.md
+++ b/README.md
@@ -3,10 +3,10 @@
 This repository provides
 [CISA's guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance)
 and an overview of related software regarding the Log4j vulnerability
-(CVE-2021-44228). CISA urges users and administrators to review the
-[official Apache release](https://logging.apache.org/log4j/2.x/security.html)
-for updates and mitigation guidance, and upgrade to Log4j 2.17.1 (Java 8), 2.12.4
-(Java 7) and 2.3.2 (Java 6).
+(CVE-2021-44228). CISA urges users and administrators to upgrade to Log4j 2.17.1
+(Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6), and review and monitor the
+[Apache Log4j Security Vulnerabilities webpage](https://logging.apache.org/log4j/2.x/security.html)
+for updates and mitigation guidance.
 
 The information in this repository is provided "as is" for informational
 purposes only and is being assembled and updated by CISA through
@@ -35,7 +35,7 @@ or imply their endorsement, recommendation, or favoring by CISA.
 
 National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
 
-## Mitigation Guidance ##
+## CISA Mitigation Guidance ##
 
 When updates are available, agencies must update software
 using Log4j to the newest version, which is the most