Regenerate readmes

.portal-docs/docker-hub/README.aspnet.md

@@ -80,10 +80,11 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi
 
 ## Image Update Policy
 
-* Supported .NET images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
-* All .NET images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
-* All images are re-built at least once per month, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
-* At times, components of .NET images like PowerShell or MinGit may require updates out of band with .NET releases in order to fix critical bugs or vulnerabilities. If this happens, new images will be created with suffix as described in the [Fixed Tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
+* **Base Image Updates:** Images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
+* **.NET Releases:** Images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
+* **Critical CVEs:** Images are re-built to pick up critical CVE fixes as described by the [CVE Update Policy](#cve-update-policy) below.
+* **Monthly Re-builds:** Images are re-built monthly, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
+* **Out-Of-Band Updates:** Images can sometimes be re-built when out-of-band updates are necessary to address critical issues. If this happens, new fixed version tags will be updated according to the [Fixed version tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
 
 ### CVE Update Policy
 

.portal-docs/docker-hub/README.monitor-base.md

@@ -62,10 +62,11 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi
 
 ## Image Update Policy
 
-* Supported .NET images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
-* All .NET images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
-* All images are re-built at least once per month, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
-* At times, components of .NET images like PowerShell or MinGit may require updates out of band with .NET releases in order to fix critical bugs or vulnerabilities. If this happens, new images will be created with suffix as described in the [Fixed Tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
+* **Base Image Updates:** Images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
+* **.NET Releases:** Images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
+* **Critical CVEs:** Images are re-built to pick up critical CVE fixes as described by the [CVE Update Policy](#cve-update-policy) below.
+* **Monthly Re-builds:** Images are re-built monthly, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
+* **Out-Of-Band Updates:** Images can sometimes be re-built when out-of-band updates are necessary to address critical issues. If this happens, new fixed version tags will be updated according to the [Fixed version tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
 
 ### CVE Update Policy
 

.portal-docs/docker-hub/README.monitor.md

@@ -63,10 +63,11 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi
 
 ## Image Update Policy
 
-* Supported .NET images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
-* All .NET images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
-* All images are re-built at least once per month, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
-* At times, components of .NET images like PowerShell or MinGit may require updates out of band with .NET releases in order to fix critical bugs or vulnerabilities. If this happens, new images will be created with suffix as described in the [Fixed Tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
+* **Base Image Updates:** Images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
+* **.NET Releases:** Images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
+* **Critical CVEs:** Images are re-built to pick up critical CVE fixes as described by the [CVE Update Policy](#cve-update-policy) below.
+* **Monthly Re-builds:** Images are re-built monthly, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
+* **Out-Of-Band Updates:** Images can sometimes be re-built when out-of-band updates are necessary to address critical issues. If this happens, new fixed version tags will be updated according to the [Fixed version tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
 
 ### CVE Update Policy
 

.portal-docs/docker-hub/README.runtime-deps.md

@@ -61,10 +61,11 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi
 
 ## Image Update Policy
 
-* Supported .NET images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
-* All .NET images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
-* All images are re-built at least once per month, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
-* At times, components of .NET images like PowerShell or MinGit may require updates out of band with .NET releases in order to fix critical bugs or vulnerabilities. If this happens, new images will be created with suffix as described in the [Fixed Tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
+* **Base Image Updates:** Images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
+* **.NET Releases:** Images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
+* **Critical CVEs:** Images are re-built to pick up critical CVE fixes as described by the [CVE Update Policy](#cve-update-policy) below.
+* **Monthly Re-builds:** Images are re-built monthly, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
+* **Out-Of-Band Updates:** Images can sometimes be re-built when out-of-band updates are necessary to address critical issues. If this happens, new fixed version tags will be updated according to the [Fixed version tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
 
 ### CVE Update Policy
 

.portal-docs/docker-hub/README.runtime.md

@@ -69,10 +69,11 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi
 
 ## Image Update Policy
 
-* Supported .NET images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
-* All .NET images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
-* All images are re-built at least once per month, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
-* At times, components of .NET images like PowerShell or MinGit may require updates out of band with .NET releases in order to fix critical bugs or vulnerabilities. If this happens, new images will be created with suffix as described in the [Fixed Tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
+* **Base Image Updates:** Images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
+* **.NET Releases:** Images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
+* **Critical CVEs:** Images are re-built to pick up critical CVE fixes as described by the [CVE Update Policy](#cve-update-policy) below.
+* **Monthly Re-builds:** Images are re-built monthly, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
+* **Out-Of-Band Updates:** Images can sometimes be re-built when out-of-band updates are necessary to address critical issues. If this happens, new fixed version tags will be updated according to the [Fixed version tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
 
 ### CVE Update Policy
 

.portal-docs/docker-hub/README.samples.md

@@ -88,10 +88,11 @@ These sample images are not intended for production use and may be subject to br
 
 ## Image Update Policy
 
-* Supported .NET images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
-* All .NET images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
-* All images are re-built at least once per month, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
-* At times, components of .NET images like PowerShell or MinGit may require updates out of band with .NET releases in order to fix critical bugs or vulnerabilities. If this happens, new images will be created with suffix as described in the [Fixed Tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
+* **Base Image Updates:** Images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
+* **.NET Releases:** Images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
+* **Critical CVEs:** Images are re-built to pick up critical CVE fixes as described by the [CVE Update Policy](#cve-update-policy) below.
+* **Monthly Re-builds:** Images are re-built monthly, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
+* **Out-Of-Band Updates:** Images can sometimes be re-built when out-of-band updates are necessary to address critical issues. If this happens, new fixed version tags will be updated according to the [Fixed version tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
 
 ### CVE Update Policy
 

.portal-docs/docker-hub/README.sdk.md

@@ -71,10 +71,11 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi
 
 ## Image Update Policy
 
-* Supported .NET images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
-* All .NET images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
-* All images are re-built at least once per month, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
-* At times, components of .NET images like PowerShell or MinGit may require updates out of band with .NET releases in order to fix critical bugs or vulnerabilities. If this happens, new images will be created with suffix as described in the [Fixed Tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
+* **Base Image Updates:** Images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
+* **.NET Releases:** Images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
+* **Critical CVEs:** Images are re-built to pick up critical CVE fixes as described by the [CVE Update Policy](#cve-update-policy) below.
+* **Monthly Re-builds:** Images are re-built monthly, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
+* **Out-Of-Band Updates:** Images can sometimes be re-built when out-of-band updates are necessary to address critical issues. If this happens, new fixed version tags will be updated according to the [Fixed version tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
 
 ### CVE Update Policy
 

.portal-docs/mar/README.aspire-dashboard.portal.md

@@ -115,10 +115,11 @@ Limits are per-resource. For example, a `MaxLogCount` value of 10,000 configures
 
 ### Image Update Policy
 
-* Supported .NET images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
-* All .NET images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
-* All images are re-built at least once per month, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
-* At times, components of .NET images like PowerShell or MinGit may require updates out of band with .NET releases in order to fix critical bugs or vulnerabilities. If this happens, new images will be created with suffix as described in the [Fixed Tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
+* **Base Image Updates:** Images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
+* **.NET Releases:** Images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
+* **Critical CVEs:** Images are re-built to pick up critical CVE fixes as described by the [CVE Update Policy](#cve-update-policy) below.
+* **Monthly Re-builds:** Images are re-built monthly, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
+* **Out-Of-Band Updates:** Images can sometimes be re-built when out-of-band updates are necessary to address critical issues. If this happens, new fixed version tags will be updated according to the [Fixed version tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
 
 #### CVE Update Policy
 

.portal-docs/mar/README.aspnet.portal.md

@@ -76,10 +76,11 @@ The [Image Variants documentation](https://github.com/dotnet/dotnet-docker/blob/
 
 ### Image Update Policy
 
-* Supported .NET images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
-* All .NET images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
-* All images are re-built at least once per month, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
-* At times, components of .NET images like PowerShell or MinGit may require updates out of band with .NET releases in order to fix critical bugs or vulnerabilities. If this happens, new images will be created with suffix as described in the [Fixed Tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
+* **Base Image Updates:** Images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
+* **.NET Releases:** Images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
+* **Critical CVEs:** Images are re-built to pick up critical CVE fixes as described by the [CVE Update Policy](#cve-update-policy) below.
+* **Monthly Re-builds:** Images are re-built monthly, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
+* **Out-Of-Band Updates:** Images can sometimes be re-built when out-of-band updates are necessary to address critical issues. If this happens, new fixed version tags will be updated according to the [Fixed version tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
 
 #### CVE Update Policy
 

.portal-docs/mar/README.monitor-base.portal.md

@@ -58,10 +58,11 @@ The following Dockerfiles demonstrate how you can use this base image to build a
 
 ### Image Update Policy
 
-* Supported .NET images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
-* All .NET images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
-* All images are re-built at least once per month, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
-* At times, components of .NET images like PowerShell or MinGit may require updates out of band with .NET releases in order to fix critical bugs or vulnerabilities. If this happens, new images will be created with suffix as described in the [Fixed Tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
+* **Base Image Updates:** Images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
+* **.NET Releases:** Images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
+* **Critical CVEs:** Images are re-built to pick up critical CVE fixes as described by the [CVE Update Policy](#cve-update-policy) below.
+* **Monthly Re-builds:** Images are re-built monthly, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
+* **Out-Of-Band Updates:** Images can sometimes be re-built when out-of-band updates are necessary to address critical issues. If this happens, new fixed version tags will be updated according to the [Fixed version tags documentation](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md#fixed-version-tags).
 
 #### CVE Update Policy