From 359d4665bca6d9a3475cc75f09d87ecd55ee73bf Mon Sep 17 00:00:00 2001
From: Christophe Tafani-Dereeper <christophe@tafani-dereeper.me>
Date: Thu, 29 Sep 2022 13:01:50 +0200
Subject: [PATCH] Pin Docker image SHA256

---
 README.md | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 821799e..e2b60d1 100644
--- a/README.md
+++ b/README.md
@@ -11,14 +11,7 @@ It uses Log4j 2.14.1 (through `spring-boot-starter-log4j2` 2.6.1) and the JDK 1.
 Run it:
 
 ```bash
-docker run --name vulnerable-app --rm -p 8080:8080 ghcr.io/christophetd/log4shell-vulnerable-app
-```
-
-Build it yourself (you don't need any Java-related tooling):
-
-```bash
-docker build . -t vulnerable-app
-docker run -p 8080:8080 --name vulnerable-app --rm vulnerable-app
+docker run --name vulnerable-app --rm -p 8080:8080 ghcr.io/christophetd/log4shell-vulnerable-app@sha256:6f88430688108e512f7405ac3c73d47f5c370780b94182854ea2cddc6bd59929
 ```
 
 ## Exploitation steps