From 7bcb71fddb3505f3dd7858b307320b8fa8f63cea Mon Sep 17 00:00:00 2001
From: Mathieu Champlon <mathieu.champlon@docker.com>
Date: Tue, 29 Apr 2025 10:20:17 +0200
Subject: [PATCH 1/2] Add CVE-2025-3911 to release notes of Docker Desktop 4.41

---
 content/manuals/desktop/release-notes.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/content/manuals/desktop/release-notes.md b/content/manuals/desktop/release-notes.md
index 7f5f82093860..fbd7ba0180dc 100644
--- a/content/manuals/desktop/release-notes.md
+++ b/content/manuals/desktop/release-notes.md
@@ -51,9 +51,10 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
 - [Docker Scout CLI v1.17.1](https://github.com/docker/scout-cli/releases/tag/v1.17.1)
 - [Compose Bridge v0.0.19](https://github.com/docker/compose-bridge-binaries/releases/tag/v0.0.19)
 
-### Security 
+### Security
 
 - Fixed [CVE-2025-3224](https://www.cve.org/CVERecord?id=CVE-2025-3224) allowing an attacker with access to a user machine to perform an elevation of privilege when Docker Desktop updates.
+- Fixed [CVE-2025-3911](https://www.cve.org/CVERecord?id=CVE-2025-3911) allowing an attacker with read access to a user machine to obtain sensitive information from Docker Desktop log files containing environment variables configured for running containers.
 
 ### Bug fixes and enhancements
 

From 059aa2fc4c70071a1254e29541fdf012b223b55d Mon Sep 17 00:00:00 2001
From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com>
Date: Tue, 29 Apr 2025 10:07:19 +0100
Subject: [PATCH 2/2] Apply suggestions from code review

---
 content/manuals/desktop/release-notes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/manuals/desktop/release-notes.md b/content/manuals/desktop/release-notes.md
index fbd7ba0180dc..e2cee93458b3 100644
--- a/content/manuals/desktop/release-notes.md
+++ b/content/manuals/desktop/release-notes.md
@@ -54,7 +54,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
 ### Security
 
 - Fixed [CVE-2025-3224](https://www.cve.org/CVERecord?id=CVE-2025-3224) allowing an attacker with access to a user machine to perform an elevation of privilege when Docker Desktop updates.
-- Fixed [CVE-2025-3911](https://www.cve.org/CVERecord?id=CVE-2025-3911) allowing an attacker with read access to a user machine to obtain sensitive information from Docker Desktop log files containing environment variables configured for running containers.
+- Fixed [CVE-2025-3911](https://www.cve.org/CVERecord?id=CVE-2025-3911) allowing an attacker with read access to a user's machine to obtain sensitive information from Docker Desktop log files, including environment variables configured for running containers.
 
 ### Bug fixes and enhancements