From 536980b30655762a6520038b33e7c1df53769bab Mon Sep 17 00:00:00 2001
From: gitea-admin <gitea-admin@hibachi.ninja>
Date: Wed, 20 May 2026 07:05:24 +0000
Subject: [PATCH] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 7d332bf..ad0ee20 100644
--- a/README.md
+++ b/README.md
@@ -2,14 +2,14 @@
 
 Minimal Go HTTP service used by the RHADS supply-chain demo.
 
-## The deliberate CVE
+## Demo CVE
 
 `go.mod` pins `github.com/dgrijalva/jwt-go v3.2.0+incompatible`, which has a
 documented vulnerability (CVE-2020-26160 — `alg=none` not rejected). The
 `/verify` handler actually calls into this library, so SBOM scanners pick the
 dependency up as in-use and RHTPA flags it.
 
-## Fixing the CVE (the "patch" act)
+## Fixing the CVE
 
 1. `go get github.com/golang-jwt/jwt/v5`
 2. `go mod tidy`