From 8ca2110751de9ea4d14edde61e66474f1403bae0 Mon Sep 17 00:00:00 2001
From: "Yang, BongYeol (xeraph)" <xeraph@logpresso.com>
Date: Sun, 2 Jan 2022 21:54:50 +0900
Subject: [PATCH] Clarified --fix option coverage.

---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 30c801f..116d2bc 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,14 @@ log4j2-scan is a single binary command-line tool for CVE-2021-44228 vulnerabilit
 ### How to use
 Just run log4j2-scan.exe or log4j2-scan with target directory path. The logpresso-log4j2-scan.jar should work with JRE/JDK 7+
 
+`--fix` option is supported for following vulnerabilities:
+* Log4j v2 - CVE-2021-44228 (JndiLookup), CVE-2021-45046 (JndiLookup)
+* Log4j v1 - CVE-2021-4104 (JMSAppender), CVE-2019-17571 (SocketServer), CVE-2017-5645(SocketServer), CVE-2020-9488 (SMTPAppender)
+
+`--fix` option doesn't mitigate following vulnerabilities:
+* Log4j v2 - CVE-2021-45105 (DoS), CVE-2021-44832 (JDBCAppender)
+* Logback - CVE-2021-42550
+
 Usage
 ```
 Logpresso CVE-2021-44228 Vulnerability Scanner 2.7.0 (2022-01-02)