diff --git a/release-notes/2.1/2.1.7/2.1.7.md b/release-notes/2.1/2.1.7/2.1.7.md
index 548db603..b6ebcb05 100644
--- a/release-notes/2.1/2.1.7/2.1.7.md
+++ b/release-notes/2.1/2.1.7/2.1.7.md
@@ -47,6 +47,12 @@ See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blo
* ### [CVE-2019-0545: .NET Core Information Disclosure Vulnerability](https://github.com/dotnet/Announcements/issues/XX)
**Executive summary**
+ Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 2.1 and 2.2. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
+
+ Microsoft is aware of an information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application.
+
+ The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass.
+
* ### [CVE-2019-0548: ASP.NET Core Denial Of Service Vulnerability](https://github.com/dotnet/Announcements/issues/XX)
**Executive summary**
diff --git a/release-notes/2.2/2.2.1/2.2.1.md b/release-notes/2.2/2.2.1/2.2.1.md
index 41faab8b..d44a2251 100644
--- a/release-notes/2.2/2.2.1/2.2.1.md
+++ b/release-notes/2.2/2.2.1/2.2.1.md
@@ -46,6 +46,13 @@ See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blo
* ### [CVE-2019-0545: .NET Core Information Disclosure Vulnerability](https://github.com/dotnet/Announcements/issues/XX)
**Executive summary**
+
+ Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 2.1 and 2.2. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
+
+ Microsoft is aware of an information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application.
+
+ The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass.
+
* ### [CVE-2019-0548: ASP.NET Core Denial Of Service Vulnerability](https://github.com/dotnet/Announcements/issues/XX)
**Executive summary**
@@ -75,23 +82,6 @@ See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blo
Microsoft.AspNetCore.App | 2.2.0
2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6 | 2.2.1
2.1.7
Microsoft.AspNetCore.All | 2.2.0
2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6 | 2.2.1
2.1.7
-* ### [CVE-2018-8416: .NET Core Tampering Vulnerability](https://github.com/dotnet/Announcements/issues/XX)
- **Executive summary**
-
- Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
-
- Microsoft is aware of a tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.
-
- To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system
-
- The update addresses the vulnerability by correcting how .NET Core handles these files.
-
- **Package and Binary updates**
-
- Package name | Vulnerable versions | Secure versions
- ------------ | ------------------- | -------------------------
- System.IO.Compression.ZipFile | 4.0.0, 4.0.1, 4.3.0 | 4.3.1
-
## Packages updated as part of this release:
Package name | Version