From df23a99f4b20508a40ffba81fc35273e58cabb44 Mon Sep 17 00:00:00 2001
From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
Date: Thu, 25 Jan 2024 03:48:14 +0100
Subject: [PATCH] CSAF 2.0 to CSAF 2.1
- update rest of prose to use v2.1
- update timestamps for consistency
- fix incorrect filesname
- adopt test data to reflect changes in prose
---
.../introduction-04-informative-references.md | 3 +
csaf_2.1/prose/edit/src/revision-history.md | 6 +-
csaf_2.1/prose/edit/src/schema-elements-00.md | 4 +-
.../schema-elements-02-props-01-document.md | 2 +-
...sts-01-mndtr-14-sorted-revision-history.md | 4 +-
...sts-01-mndtr-16-latest-document-version.md | 4 +-
...s-01-mndtr-18-released-revision-history.md | 4 +-
...istory-entries-for-pre-release-versions.md | 4 +-
...dtr-21-missing-item-in-revision-history.md | 4 +-
...-24-multiple-definition-in-involvements.md | 4 +-
.../src/tests-01-mndtr-27-profile-tests.md | 2 +-
...0-mixed-integer-and-semantic-versioning.md | 4 +-
csaf_2.1/prose/edit/src/tests-02-optional.md | 28 +--
csaf_2.1/prose/share/csaf-v2.1-draft.md | 177 +++++++++---------
...oasis_csaf_tc-csaf_2_1-2024-6-1-24-01.json | 4 +-
...oasis_csaf_tc-csaf_2_1-2024-6-1-24-02.json | 4 +-
...oasis_csaf_tc-csaf_2_1-2024-6-1-24-11.json | 4 +-
...oasis_csaf_tc-csaf_2_1-2024-6-1-24-12.json | 4 +-
...is_csaf_tc-csaf_2_1-2024-6-1-27-02-01.json | 2 +-
...oasis_csaf_tc-csaf_2_1-2024-6-2-04-01.json | 2 +-
...oasis_csaf_tc-csaf_2_1-2024-6-2-11-01.json | 2 +-
...oasis_csaf_tc-csaf_2_1-2024-6-2-11-11.json | 2 +-
22 files changed, 133 insertions(+), 141 deletions(-)
diff --git a/csaf_2.1/prose/edit/src/introduction-04-informative-references.md b/csaf_2.1/prose/edit/src/introduction-04-informative-references.md
index 7271aec2..5fb3bb5a 100644
--- a/csaf_2.1/prose/edit/src/introduction-04-informative-references.md
+++ b/csaf_2.1/prose/edit/src/introduction-04-informative-references.md
@@ -12,6 +12,9 @@ CPE23-M
CPE23-N
: _Common Platform Enumeration: Naming Specification Version 2.3_, B. Cheikes, D. Waltermire, K. Scarfone, Editors, NIST Interagency Report 7695, August 2011, https://dx.doi.org/10.6028/NIST.IR.7695.
+CSAF-v2.0
+: _Common Security Advisory Framework Version 2.0_. Edited by Langley Rock, Stefan Hagen, and Thomas Schmidt. 18 November 2022. OASIS Standard. https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html. Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html.
+
CVE
: _Common Vulnerability and Exposures (CVE) – The Standard for Information Security Vulnerability Names_, MITRE, 1999, https://cve.mitre.org/about/.
diff --git a/csaf_2.1/prose/edit/src/revision-history.md b/csaf_2.1/prose/edit/src/revision-history.md
index d84b761f..c692ae69 100644
--- a/csaf_2.1/prose/edit/src/revision-history.md
+++ b/csaf_2.1/prose/edit/src/revision-history.md
@@ -10,10 +10,6 @@ toc:
| Revision | Date | Editor | Changes Made |
|:-------------------------|:-----------|:--------------------------------|:--------------------------------------------------------------------------------------|
-| csaf-v2.0-wd20210927-dev | 2021-09-27 | Stefan Hagen and Thomas Schmidt | Preparing next Editor revision for TC review and submittal as CS for public review |
-| csaf-v2.0-wd20220329-dev | 2022-03-29 | Stefan Hagen and Thomas Schmidt | Preparing next Editor revision for TC review and submittal as CSD02 for public review |
-| csaf-v2.0-wd20220514-dev | 2022-05-14 | Stefan Hagen and Thomas Schmidt | Preparing next Editor revision for TC review and submittal as CS |
-| csaf-v2.0-wd20220715-dev | 2022-07-15 | Stefan Hagen and Thomas Schmidt | Preparing next Editor revision for TC review and submittal as CS |
-| csaf-v2.0-wd20220720-dev | 2022-07-20 | Stefan Hagen and Thomas Schmidt | Preparing next Editor revision for TC review and submittal as CS |
+| csaf-v2.0-wd20240124-dev | 2024-01-24 | Stefan Hagen and Thomas Schmidt | Preparing initial Editor Revision |
-------
diff --git a/csaf_2.1/prose/edit/src/schema-elements-00.md b/csaf_2.1/prose/edit/src/schema-elements-00.md
index 5280d3a1..41fddef7 100644
--- a/csaf_2.1/prose/edit/src/schema-elements-00.md
+++ b/csaf_2.1/prose/edit/src/schema-elements-00.md
@@ -2,7 +2,7 @@
The CSAF schema describes how to represent security advisory information as a JSON document.
-The CSAF schema Version 2.0 builds on the JSON Schema draft 2020-12 rules.
+The CSAF schema Version 2.1 builds on the JSON Schema draft 2020-12 rules.
```
"$schema": "https://json-schema.org/draft/2020-12/schema"
@@ -11,7 +11,7 @@ The CSAF schema Version 2.0 builds on the JSON Schema draft 2020-12 rules.
The schema identifier is:
```
- "$id": "https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json"
+ "$id": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json"
```
The further documentation of the schema is organized via Definitions and Properties.
diff --git a/csaf_2.1/prose/edit/src/schema-elements-02-props-01-document.md b/csaf_2.1/prose/edit/src/schema-elements-02-props-01-document.md
index 152e89fe..ba00e4b0 100644
--- a/csaf_2.1/prose/edit/src/schema-elements-02-props-01-document.md
+++ b/csaf_2.1/prose/edit/src/schema-elements-02-props-01-document.md
@@ -130,7 +130,7 @@ CSAF version (`csaf_version`) of value type `string` and `enum` gives the versio
The single valid value for this `enum` is:
```
- 2.0
+ 2.1
```
#### Document Property - Distribution
diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-14-sorted-revision-history.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-14-sorted-revision-history.md
index 2ef4331a..5753010c 100644
--- a/csaf_2.1/prose/edit/src/tests-01-mndtr-14-sorted-revision-history.md
+++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-14-sorted-revision-history.md
@@ -13,12 +13,12 @@ The relevant path for this test is:
```
"revision_history": [
{
- "date": "2021-07-22T10:00:00.000Z",
+ "date": "2024-01-22T10:00:00.000Z",
"number": "2",
"summary": "Second version."
},
{
- "date": "2021-07-23T10:00:00.000Z",
+ "date": "2024-01-23T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-16-latest-document-version.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-16-latest-document-version.md
index 88a529ce..dbf69ab6 100644
--- a/csaf_2.1/prose/edit/src/tests-01-mndtr-16-latest-document-version.md
+++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-16-latest-document-version.md
@@ -17,12 +17,12 @@ The relevant path for this test is:
// ...
"revision_history": [
{
- "date": "2021-07-21T09:00:00.000Z",
+ "date": "2024-01-21T09:00:00.000Z",
"number": "1",
"summary": "Initial version."
},
{
- "date": "2021-07-21T10:00:00.000Z",
+ "date": "2024-01-21T10:00:00.000Z",
"number": "2",
"summary": "Second version."
}
diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-18-released-revision-history.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-18-released-revision-history.md
index 293c4215..354eb4bc 100644
--- a/csaf_2.1/prose/edit/src/tests-01-mndtr-18-released-revision-history.md
+++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-18-released-revision-history.md
@@ -15,12 +15,12 @@ The relevant path for this test is:
// ...
"revision_history": [
{
- "date": "2021-05-17T10:00:00.000Z",
+ "date": "2023-09-17T10:00:00.000Z",
"number": "0",
"summary": "First draft"
},
{
- "date": "2021-07-21T10:00:00.000Z",
+ "date": "2024-01-21T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-19-revision-history-entries-for-pre-release-versions.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-19-revision-history-entries-for-pre-release-versions.md
index 9744f891..e5012e5d 100644
--- a/csaf_2.1/prose/edit/src/tests-01-mndtr-19-revision-history-entries-for-pre-release-versions.md
+++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-19-revision-history-entries-for-pre-release-versions.md
@@ -13,12 +13,12 @@ The relevant path for this test is:
```
"revision_history": [
{
- "date": "2021-04-22T10:00:00.000Z",
+ "date": "2023-08-22T10:00:00.000Z",
"number": "1.0.0-rc",
"summary": "Release Candidate for initial version."
},
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"number": "1.0.0",
"summary": "Initial version."
}
diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-21-missing-item-in-revision-history.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-21-missing-item-in-revision-history.md
index c0b27622..cb0c9ac6 100644
--- a/csaf_2.1/prose/edit/src/tests-01-mndtr-21-missing-item-in-revision-history.md
+++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-21-missing-item-in-revision-history.md
@@ -16,12 +16,12 @@ The relevant path for this test is:
```
"revision_history": [
{
- "date": "2021-04-22T10:00:00.000Z",
+ "date": "2023-08-22T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
},
{
- "date": "2021-07-21T10:00:00.000Z",
+ "date": "2024-01-21T10:00:00.000Z",
"number": "3",
"summary": "Some other changes."
}
diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-24-multiple-definition-in-involvements.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-24-multiple-definition-in-involvements.md
index af7a1732..b58f5301 100644
--- a/csaf_2.1/prose/edit/src/tests-01-mndtr-24-multiple-definition-in-involvements.md
+++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-24-multiple-definition-in-involvements.md
@@ -15,12 +15,12 @@ The relevant path for this test is:
{
"involvements": [
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"party": "vendor",
"status": "completed"
},
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"party": "vendor",
"status": "in_progress",
"summary": "The vendor has released a mitigation and is working to fully resolve the issue."
diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-27-profile-tests.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-27-profile-tests.md
index fc3a123f..0ae0ee69 100644
--- a/csaf_2.1/prose/edit/src/tests-01-mndtr-27-profile-tests.md
+++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-27-profile-tests.md
@@ -62,7 +62,7 @@ The relevant path for this test is:
{
"category": "self",
"summary": "The canonical URL.",
- "url": "https://example.com/security/data/csaf/2021/OASIS_CSAF_TC-CSAF_2_0-2021-6-1-27-02-01.json"
+ "url": "https://example.com/security/data/csaf/2024/oasis_csaf_tc-csaf_2_1-2024-6-1-27-02-01.json"
}
]
```
diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-30-mixed-integer-and-semantic-versioning.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-30-mixed-integer-and-semantic-versioning.md
index 0f88191d..f5b2f478 100644
--- a/csaf_2.1/prose/edit/src/tests-01-mndtr-30-mixed-integer-and-semantic-versioning.md
+++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-30-mixed-integer-and-semantic-versioning.md
@@ -17,12 +17,12 @@ The relevant paths for this test are:
// ...
"revision_history": [
{
- "date": "2021-07-21T09:00:00.000Z",
+ "date": "2024-01-21T09:00:00.000Z",
"number": "1.0.0",
"summary": "Initial version."
},
{
- "date": "2021-07-21T10:00:00.000Z",
+ "date": "2024-01-21T10:00:00.000Z",
"number": "2",
"summary": "Second version."
}
diff --git a/csaf_2.1/prose/edit/src/tests-02-optional.md b/csaf_2.1/prose/edit/src/tests-02-optional.md
index b8d49d55..24d9ac66 100644
--- a/csaf_2.1/prose/edit/src/tests-02-optional.md
+++ b/csaf_2.1/prose/edit/src/tests-02-optional.md
@@ -128,7 +128,7 @@ The relevant path for this test is:
```
"revision_history": [
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"number": "1.0.0+exp.sha.ac00785",
"summary": "Initial version."
}
@@ -152,15 +152,15 @@ The relevant path for this test is:
```
"tracking": {
// ...
- "initial_release_date": "2021-04-22T10:00:00.000Z",
+ "initial_release_date": "2023-08-22T10:00:00.000Z",
"revision_history": [
{
- "date": "2021-05-06T10:00:00.000Z",
+ "date": "2023-09-06T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
},
{
- "date": "2021-07-21T11:00:00.000Z",
+ "date": "2024-01-21T11:00:00.000Z",
"number": "2",
"summary": "Second version."
}
@@ -169,7 +169,7 @@ The relevant path for this test is:
}
```
-> The initial release date `2021-04-22T10:00:00.000Z` is older than `2021-05-06T10:00:00.000Z` which is the `date` of
+> The initial release date `2023-08-22T10:00:00.000Z` is older than `2023-09-06T10:00:00.000Z` which is the `date` of
> the oldest item in Revision History.
### Older Current Release Date than Revision History
@@ -186,16 +186,16 @@ The relevant path for this test is:
```
"tracking": {
- "current_release_date": "2021-05-06T10:00:00.000Z",
+ "current_release_date": "2023-09-06T10:00:00.000Z",
// ...
"revision_history": [
{
- "date": "2021-05-06T10:00:00.000Z",
+ "date": "2023-09-06T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
},
{
- "date": "2021-07-21T11:00:00.000Z",
+ "date": "2024-01-21T11:00:00.000Z",
"number": "2",
"summary": "Second version."
}
@@ -204,7 +204,7 @@ The relevant path for this test is:
}
```
-> The current release date `2021-05-06T10:00:00.000Z` is older than `2021-05-23T1100:00.000Z` which is the `date` of
+> The current release date `2023-09-06T10:00:00.000Z` is older than `2023-09-23T1100:00.000Z` which is the `date` of
> the newest item in Revision History.
### Missing Date in Involvements
@@ -367,13 +367,13 @@ The relevant path for this test is:
{
"category": "self",
"summary": "A non-canonical URL.",
- "url": "https://example.com/security/data/csaf/2021/OASIS_CSAF_TC-CSAF_2.0-2021-6-2-11-01_1.json"
+ "url": "https://example.com/security/data/csaf/2024/oasis_csaf_tc-csaf_2.1-2024-6-2-11-01_1.json"
}
],
// ...
"tracking": {
// ...
- "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-11-01",
+ "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-11-01",
// ...
"version": "1"
},
@@ -398,7 +398,7 @@ The relevant path for this test is:
```
"document": {
"category": "csaf_base",
- "csaf_version": "2.0",
+ "csaf_version": "2.1",
"publisher": {
// ...
},
@@ -422,7 +422,7 @@ The relevant path for this test is:
```
"document": {
- "csaf_version": "2.0",
+ "csaf_version": "2.1",
"category": "csaf_base",
// ...
}
@@ -631,7 +631,7 @@ The relevant path for this test is:
```
"document": {
"category": "csaf_base",
- "csaf_version": "2.0",
+ "csaf_version": "2.1",
"custom_property": "any",
// ...
}
diff --git a/csaf_2.1/prose/share/csaf-v2.1-draft.md b/csaf_2.1/prose/share/csaf-v2.1-draft.md
index 2e9a2ec5..6f2c07d3 100644
--- a/csaf_2.1/prose/share/csaf-v2.1-draft.md
+++ b/csaf_2.1/prose/share/csaf-v2.1-draft.md
@@ -3,26 +3,24 @@
-------
-# Common Security Advisory Framework Version 2.0
+# Common Security Advisory Framework Version 2.1
-## OASIS Standard
+## Committee Specification Draft 01
-## 18 November 2022
+## ?? Month 2024
#### This stage:
-https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.md (Authoritative) \
-https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html \
-https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.pdf
+https://docs.oasis-open.org/csaf/csaf/v2.1/csd01/csaf-v2.1-csd01.md (Authoritative) \
+https://docs.oasis-open.org/csaf/csaf/v2.1/csd01/csaf-v2.1-csd01.html \
+https://docs.oasis-open.org/csaf/csaf/v2.1/csd01/csaf-v2.1-csd01.pdf
#### Previous stage:
-https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.md (Authoritative) \
-https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.html \
-https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.pdf
+N/A
#### Latest stage:
-https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.md (Authoritative) \
-https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html \
-https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.pdf
+https://docs.oasis-open.org/csaf/csaf/v2.1/csaf-v2.1.md (Authoritative) \
+https://docs.oasis-open.org/csaf/csaf/v2.1/csaf-v2.1.html \
+https://docs.oasis-open.org/csaf/csaf/v2.1/csaf-v2.1.pdf
#### Technical Committee:
[OASIS Common Security Advisory Framework (CSAF) TC](https://www.oasis-open.org/committees/csaf/)
@@ -31,32 +29,29 @@ https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.pdf
Omar Santos (osantos@cisco.com), [Cisco Systems](https://cisco.com/)
#### Editors:
-Langley Rock (lrock@redhat.com), [Red Hat](https://redhat.com/) \
Stefan Hagen (stefan@hagen.link), [Individual](https://stefan-hagen.website/) \
Thomas Schmidt (thomas.schmidt@bsi.bund.de), [Federal Office for Information Security (BSI) Germany](https://www.bsi.bund.de/)
-In Memory of Eric Johnson, TIBCO Software Inc. and Mike Gorski, Cisco Systems both active members of the OASIS CSAF Technical Committee.
-
#### Additional artifacts:
This prose specification is one component of a Work Product that also includes:
-* Aggregator JSON schema: https://docs.oasis-open.org/csaf/csaf/v2.0/os/schemas/aggregator_json_schema.json. \
-Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.0/aggregator_json_schema.json.
-* CSAF JSON schema: https://docs.oasis-open.org/csaf/csaf/v2.0/os/schemas/csaf_json_schema.json. \
-Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json.
-* Provider JSON schema: https://docs.oasis-open.org/csaf/csaf/v2.0/os/schemas/provider_json_schema.json. \
-Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.0/provider_json_schema.json.
+* Aggregator JSON schema: https://docs.oasis-open.org/csaf/csaf/v2.1/csd01/schemas/aggregator_json_schema.json. \
+Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.1/aggregator_json_schema.json.
+* CSAF JSON schema: https://docs.oasis-open.org/csaf/csaf/v2.1/csd01/schemas/csaf_json_schema.json. \
+Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json.
+* Provider JSON schema: https://docs.oasis-open.org/csaf/csaf/v2.1/csd01/schemas/provider_json_schema.json. \
+Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.1/provider_json_schema.json.
#### Related work:
This specification replaces or supersedes:
-* _CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2_. Edited by Stefan Hagen. Latest stage: https://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/csaf-cvrf-v1.2.html.
+* _Common Security Advisory Framework Version 2.0_. Edited by Langley Rock, Stefan Hagen, and Thomas Schmidt. 18 November 2022. OASIS Standard. https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html. Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html.
#### Declared JSON namespaces:
-* [https://docs.oasis-open.org/csaf/csaf/v2.0/aggregator_json_schema.json](https://docs.oasis-open.org/csaf/csaf/v2.0/aggregator_json_schema.json)
-* [https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json](https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json)
-* [https://docs.oasis-open.org/csaf/csaf/v2.0/provider_json_schema.json](https://docs.oasis-open.org/csaf/csaf/v2.0/provider_json_schema.json)
+* [https://docs.oasis-open.org/csaf/csaf/v2.1/aggregator_json_schema.json](https://docs.oasis-open.org/csaf/csaf/v2.1/aggregator_json_schema.json)
+* [https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json](https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json)
+* [https://docs.oasis-open.org/csaf/csaf/v2.1/provider_json_schema.json](https://docs.oasis-open.org/csaf/csaf/v2.1/provider_json_schema.json)
#### Abstract:
@@ -74,9 +69,9 @@ Note that any machine-readable content ([Computer Language Definitions](https://
#### Citation format:
When referencing this specification the following citation format should be used:
-**[csaf-v2.0]**
+**[csaf-v2.1]**
-_Common Security Advisory Framework Version 2.0_. Edited by Langley Rock, Stefan Hagen, and Thomas Schmidt. 18 November 2022. OASIS Standard. https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html. Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html.
+_Common Security Advisory Framework Version 2.0_. Edited by Langley Rock, Stefan Hagen, and Thomas Schmidt. 18 November 2022. OASIS Standard. https://docs.oasis-open.org/csaf/csaf/v2.1/csd01/csaf-v2.1-csd01.html. Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.1/csaf-v2.1.html.
-------
@@ -594,6 +589,8 @@ For purposes of this document, the following terms and definitions apply:
**\[****CPE23-N\]** _Common Platform Enumeration: Naming Specification Version 2.3_, B. Cheikes, D. Waltermire, K. Scarfone, Editors, NIST Interagency Report 7695, August 2011, https://dx.doi.org/10.6028/NIST.IR.7695.
+**\[****CSAF-v2.0\]** _Common Security Advisory Framework Version 2.0_. Edited by Langley Rock, Stefan Hagen, and Thomas Schmidt. 18 November 2022. OASIS Standard. https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html. Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html.
+
**\[****CVE\]** _Common Vulnerability and Exposures (CVE) – The Standard for Information Security Vulnerability Names_, MITRE, 1999, https://cve.mitre.org/about/.
**\[****CVE-NF\]** _Common Vulnerability and Exposures (CVE) – The Standard for Information Security Vulnerability Names - CVE ID Syntax Change_, MITRE, January 01, 2014, https://cve.mitre.org/cve/identifiers/syntaxchange.html.
@@ -698,7 +695,7 @@ including authoritative vendor partners.
A security issue is not necessarily constrained to a problem statement, the focus of the term is on the security aspect impacting
(or not impacting) specific product-platform-version combinations.
Information on presence or absence of workarounds is also considered part of the security issue.
-This document is the definitive reference for the language elements of CSAF version 2.0.
+This document is the definitive reference for the language elements of CSAF version 2.1.
The encompassing JSON schema file noted in the Additional Artifacts section of the title page SHALL be taken as normative in the case
a gap or an inconsistency in this explanatory document becomes evident.
The following presentation in this section is grouped by topical area, and is not simply derivative documentation from the schema document itself.
@@ -721,7 +718,7 @@ partially difficult to play schemas.
The format chosen is [JSONSchema] which allows validation and delegation to sub schema providers.
The latter aligns well with separation of concerns and shares the format family of information interchange utilized by
the providers of product and vulnerability information which migrated from XML to JSON since the creation of CSAF CVRF version 1.2,
-the predecessor of this specification.
+the pre-predecessor of this specification.
The acronym CSAF, “Common Security Advisory Framework”, stands for the target of concerted mitigation and remediation accomplishment.
@@ -785,7 +782,7 @@ Finally, a set of conformance targets describes tools in the ecosystem.
The CSAF schema describes how to represent security advisory information as a JSON document.
-The CSAF schema Version 2.0 builds on the JSON Schema draft 2020-12 rules.
+The CSAF schema Version 2.1 builds on the JSON Schema draft 2020-12 rules.
```
"$schema": "https://json-schema.org/draft/2020-12/schema"
@@ -794,7 +791,7 @@ The CSAF schema Version 2.0 builds on the JSON Schema draft 2020-12 rules.
The schema identifier is:
```
- "$id": "https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json"
+ "$id": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json"
```
The further documentation of the schema is organized via Definitions and Properties.
@@ -2103,7 +2100,7 @@ CSAF version (`csaf_version`) of value type `string` and `enum` gives the versio
The single valid value for this `enum` is:
```
- 2.0
+ 2.1
```
#### 3.2.1.5 Document Property - Distribution
@@ -4283,12 +4280,12 @@ The relevant path for this test is:
```
"revision_history": [
{
- "date": "2021-07-22T10:00:00.000Z",
+ "date": "2024-01-22T10:00:00.000Z",
"number": "2",
"summary": "Second version."
},
{
- "date": "2021-07-23T10:00:00.000Z",
+ "date": "2024-01-23T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
@@ -4343,12 +4340,12 @@ The relevant path for this test is:
// ...
"revision_history": [
{
- "date": "2021-07-21T09:00:00.000Z",
+ "date": "2024-01-21T09:00:00.000Z",
"number": "1",
"summary": "Initial version."
},
{
- "date": "2021-07-21T10:00:00.000Z",
+ "date": "2024-01-21T10:00:00.000Z",
"number": "2",
"summary": "Second version."
}
@@ -4399,12 +4396,12 @@ The relevant path for this test is:
// ...
"revision_history": [
{
- "date": "2021-05-17T10:00:00.000Z",
+ "date": "2023-09-17T10:00:00.000Z",
"number": "0",
"summary": "First draft"
},
{
- "date": "2021-07-21T10:00:00.000Z",
+ "date": "2024-01-21T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
@@ -4431,12 +4428,12 @@ The relevant path for this test is:
```
"revision_history": [
{
- "date": "2021-04-22T10:00:00.000Z",
+ "date": "2023-08-22T10:00:00.000Z",
"number": "1.0.0-rc",
"summary": "Release Candidate for initial version."
},
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"number": "1.0.0",
"summary": "Initial version."
}
@@ -4485,12 +4482,12 @@ The relevant path for this test is:
```
"revision_history": [
{
- "date": "2021-04-22T10:00:00.000Z",
+ "date": "2023-08-22T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
},
{
- "date": "2021-07-21T10:00:00.000Z",
+ "date": "2024-01-21T10:00:00.000Z",
"number": "3",
"summary": "Some other changes."
}
@@ -4570,12 +4567,12 @@ The relevant path for this test is:
{
"involvements": [
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"party": "vendor",
"status": "completed"
},
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"party": "vendor",
"status": "in_progress",
"summary": "The vendor has released a mitigation and is working to fully resolve the issue."
@@ -4742,7 +4739,7 @@ The relevant path for this test is:
{
"category": "self",
"summary": "The canonical URL.",
- "url": "https://example.com/security/data/csaf/2021/OASIS_CSAF_TC-CSAF_2_0-2021-6-1-27-02-01.json"
+ "url": "https://example.com/security/data/csaf/2024/oasis_csaf_tc-csaf_2_1-2024-6-1-27-02-01.json"
}
]
```
@@ -5184,12 +5181,12 @@ The relevant paths for this test are:
// ...
"revision_history": [
{
- "date": "2021-07-21T09:00:00.000Z",
+ "date": "2024-01-21T09:00:00.000Z",
"number": "1.0.0",
"summary": "Initial version."
},
{
- "date": "2021-07-21T10:00:00.000Z",
+ "date": "2024-01-21T10:00:00.000Z",
"number": "2",
"summary": "Second version."
}
@@ -5467,7 +5464,7 @@ The relevant path for this test is:
```
"revision_history": [
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"number": "1.0.0+exp.sha.ac00785",
"summary": "Initial version."
}
@@ -5491,15 +5488,15 @@ The relevant path for this test is:
```
"tracking": {
// ...
- "initial_release_date": "2021-04-22T10:00:00.000Z",
+ "initial_release_date": "2023-08-22T10:00:00.000Z",
"revision_history": [
{
- "date": "2021-05-06T10:00:00.000Z",
+ "date": "2023-09-06T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
},
{
- "date": "2021-07-21T11:00:00.000Z",
+ "date": "2024-01-21T11:00:00.000Z",
"number": "2",
"summary": "Second version."
}
@@ -5508,7 +5505,7 @@ The relevant path for this test is:
}
```
-> The initial release date `2021-04-22T10:00:00.000Z` is older than `2021-05-06T10:00:00.000Z` which is the `date` of
+> The initial release date `2023-08-22T10:00:00.000Z` is older than `2023-09-06T10:00:00.000Z` which is the `date` of
> the oldest item in Revision History.
### 6.2.6 Older Current Release Date than Revision History
@@ -5525,16 +5522,16 @@ The relevant path for this test is:
```
"tracking": {
- "current_release_date": "2021-05-06T10:00:00.000Z",
+ "current_release_date": "2023-09-06T10:00:00.000Z",
// ...
"revision_history": [
{
- "date": "2021-05-06T10:00:00.000Z",
+ "date": "2023-09-06T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
},
{
- "date": "2021-07-21T11:00:00.000Z",
+ "date": "2024-01-21T11:00:00.000Z",
"number": "2",
"summary": "Second version."
}
@@ -5543,7 +5540,7 @@ The relevant path for this test is:
}
```
-> The current release date `2021-05-06T10:00:00.000Z` is older than `2021-05-23T1100:00.000Z` which is the `date` of
+> The current release date `2023-09-06T10:00:00.000Z` is older than `2023-09-23T1100:00.000Z` which is the `date` of
> the newest item in Revision History.
### 6.2.7 Missing Date in Involvements
@@ -5706,13 +5703,13 @@ The relevant path for this test is:
{
"category": "self",
"summary": "A non-canonical URL.",
- "url": "https://example.com/security/data/csaf/2021/OASIS_CSAF_TC-CSAF_2.0-2021-6-2-11-01_1.json"
+ "url": "https://example.com/security/data/csaf/2024/oasis_csaf_tc-csaf_2.1-2024-6-2-11-01_1.json"
}
],
// ...
"tracking": {
// ...
- "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-11-01",
+ "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-11-01",
// ...
"version": "1"
},
@@ -5737,7 +5734,7 @@ The relevant path for this test is:
```
"document": {
"category": "csaf_base",
- "csaf_version": "2.0",
+ "csaf_version": "2.1",
"publisher": {
// ...
},
@@ -5761,7 +5758,7 @@ The relevant path for this test is:
```
"document": {
- "csaf_version": "2.0",
+ "csaf_version": "2.1",
"category": "csaf_base",
// ...
}
@@ -5970,7 +5967,7 @@ The relevant path for this test is:
```
"document": {
"category": "csaf_base",
- "csaf_version": "2.0",
+ "csaf_version": "2.1",
"custom_property": "any",
// ...
}
@@ -6475,10 +6472,10 @@ CSAF aggregator SHOULD display over any individual `publisher` values in the CSA
"canonical_url": "https://www.example.com/.well-known/csaf/provider-metadata.json",
"distributions": [
{
- "rolie":{
+ "rolie": {
"feeds": [
{
- "summary":"All TLP:WHITE advisories of Example Company.",
+ "summary": "All TLP:WHITE advisories of Example Company.",
"tlp_label": "WHITE",
"url": "https://www.example.com/.well-known/csaf/feed-tlp-white.json"
}
@@ -6486,9 +6483,9 @@ CSAF aggregator SHOULD display over any individual `publisher` values in the CSA
}
}
],
- "last_updated": "2021-07-12T20:20:56.169Z",
+ "last_updated": "2024-01-24T20:20:56.169Z",
"list_on_CSAF_aggregators": true,
- "metadata_version": "2.0",
+ "metadata_version": "2.1",
"mirror_on_CSAF_aggregators": true,
"public_openpgp_keys": [
{
@@ -6499,7 +6496,7 @@ CSAF aggregator SHOULD display over any individual `publisher` values in the CSA
"publisher": {
"category": "vendor",
"name": "Example Company ProductCERT",
- "namespace":"https://psirt.example.com"
+ "namespace": "https://psirt.example.com"
},
"role": "csaf_trusted_provider"
}
@@ -6632,43 +6629,43 @@ Each ROLIE feed document MUST be a JSON file that conforms with \[[RFC8322](#RFC
"href": "https://psirt.domain.tld/advisories/csaf/feed-tlp-white.json"
}
],
- "category": [
+ "category": [
{
"scheme": "urn:ietf:params:rolie:category:information-type",
"term": "csaf"
}
],
- "updated": "2021-01-01T12:00:00.000Z",
+ "updated": "2024-01-01T12:00:00.000Z",
"entry": [
{
- "id": "2020-ESA-001",
- "title": "Example Security Advisory 001",
+ "id": "ESA-2024-001",
+ "title": "Multiple vulnerabilities in ABC 0.0.2",
"link": [
{
"rel": "self",
- "href": "https://psirt.domain.tld/advisories/csaf/2020/2020-ESA-001.json"
+ "href": "https://psirt.domain.tld/advisories/csaf/2024/esa-2024-001.json"
},
{
"rel": "hash",
- "href": "https://psirt.domain.tld/advisories/csaf/2020/2020-ESA-001.json.sha512"
+ "href": "https://psirt.domain.tld/advisories/csaf/2024/esa-2024-001.json.sha512"
},
{
"rel": "signature",
- "href": "https://psirt.domain.tld/advisories/csaf/2020/2020-ESA-001.json.asc"
+ "href": "https://psirt.domain.tld/advisories/csaf/2024/esa-2024-001.json.asc"
}
],
- "published": "2021-01-01T11:00:00.000Z",
- "updated": "2021-01-01T12:00:00.000Z",
+ "published": "2024-01-01T11:00:00.000Z",
+ "updated": "2024-01-01T12:00:00.000Z",
"summary": {
- "content": "Vulnerabilities fixed in ABC 0.0.1"
+ "content": "Multiple vulnerabilities were fixed in ABC 0.0.3"
},
"content": {
"type": "application/json",
- "src": "https://psirt.domain.tld/advisories/csaf/2020/2020-ESA-001.json"
+ "src": "https://psirt.domain.tld/advisories/csaf/2024/esa-2024-001.json"
},
"format": {
- "schema": "https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json",
- "version": "2.0"
+ "schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json",
+ "version": "2.1"
}
}
]
@@ -6853,12 +6850,12 @@ The file `aggregator.json` SHOULD only list the latest version of the metadata o
"name": "Example CSAF Lister",
"namespace": "https://lister.example"
},
- "aggregator_version": "2.0",
+ "aggregator_version": "2.1",
"canonical_url": "https://aggregator.example/.well-known/csaf-aggregator/aggregator.json",
"csaf_providers": [
{
"metadata": {
- "last_updated": "2021-07-12T20:20:56.169Z",
+ "last_updated": "2024-01-12T20:20:56.169Z",
"publisher": {
"category": "vendor",
"name": "Example Company ProductCERT",
@@ -6869,7 +6866,7 @@ The file `aggregator.json` SHOULD only list the latest version of the metadata o
},
{
"metadata": {
- "last_updated": "2021-07-12T21:35:38.000Z",
+ "last_updated": "2024-01-12T21:35:38.000Z",
"publisher": {
"category": "coordinator",
"name": "Example Coordinator CERT",
@@ -6879,7 +6876,7 @@ The file `aggregator.json` SHOULD only list the latest version of the metadata o
}
}
],
- "last_updated":"2021-07-12T22:35:38.978Z"
+ "last_updated": "2024-01-24T22:35:38.978Z"
}
```
@@ -6909,12 +6906,12 @@ Each such folder MUST at least:
"name": "Example Aggregator",
"namespace": "https://aggregator.example"
},
- "aggregator_version": "2.0",
+ "aggregator_version": "2.1",
"canonical_url": "https://aggregator.example/.well-known/csaf-aggregator/aggregator.json",
"csaf_providers": [
{
"metadata": {
- "last_updated": "2021-07-12T20:20:56.169Z",
+ "last_updated": "2024-01-12T20:20:56.169Z",
"publisher": {
"category": "vendor",
"name": "Example Company ProductCERT",
@@ -6928,7 +6925,7 @@ Each such folder MUST at least:
},
{
"metadata": {
- "last_updated": "2021-07-12T21:35:38.000Z",
+ "last_updated": "2024-01-12T21:35:38.000Z",
"publisher": {
"category": "coordinator",
"name": "Example Coordinator CERT",
@@ -6941,7 +6938,7 @@ Each such folder MUST at least:
]
}
],
- "last_updated":"2021-07-12T22:35:38.978Z"
+ "last_updated": "2024-01-24T22:35:38.978Z"
}
```
@@ -7745,11 +7742,7 @@ The following individuals were members of the OASIS CSAF Technical Committee dur
| Revision | Date | Editor | Changes Made |
|:-------------------------|:-----------|:--------------------------------|:--------------------------------------------------------------------------------------|
-| csaf-v2.0-wd20210927-dev | 2021-09-27 | Stefan Hagen and Thomas Schmidt | Preparing next Editor revision for TC review and submittal as CS for public review |
-| csaf-v2.0-wd20220329-dev | 2022-03-29 | Stefan Hagen and Thomas Schmidt | Preparing next Editor revision for TC review and submittal as CSD02 for public review |
-| csaf-v2.0-wd20220514-dev | 2022-05-14 | Stefan Hagen and Thomas Schmidt | Preparing next Editor revision for TC review and submittal as CS |
-| csaf-v2.0-wd20220715-dev | 2022-07-15 | Stefan Hagen and Thomas Schmidt | Preparing next Editor revision for TC review and submittal as CS |
-| csaf-v2.0-wd20220720-dev | 2022-07-20 | Stefan Hagen and Thomas Schmidt | Preparing next Editor revision for TC review and submittal as CS |
+| csaf-v2.0-wd20240124-dev | 2024-01-24 | Stefan Hagen and Thomas Schmidt | Preparing initial Editor Revision |
-------
diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-01.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-01.json
index c58d7ad5..5d6b88d9 100644
--- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-01.json
+++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-01.json
@@ -27,12 +27,12 @@
{
"involvements": [
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"party": "vendor",
"status": "completed"
},
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"party": "vendor",
"status": "in_progress",
"summary": "The vendor has released a mitigation and is working to fully resolve the issue."
diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-02.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-02.json
index 4a47b1e1..77a291e0 100644
--- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-02.json
+++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-02.json
@@ -27,12 +27,12 @@
{
"involvements": [
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"party": "vendor",
"status": "in_progress"
},
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"party": "vendor",
"status": "in_progress",
"summary": "The vendor has released a mitigation and is working to fully resolve the issue."
diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-11.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-11.json
index ba344a75..ccd84eab 100644
--- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-11.json
+++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-11.json
@@ -27,7 +27,7 @@
{
"involvements": [
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"party": "vendor",
"status": "completed"
}
@@ -36,7 +36,7 @@
{
"involvements": [
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"party": "vendor",
"status": "in_progress",
"summary": "The vendor has released a mitigation and is working to fully resolve the issue."
diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-12.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-12.json
index 124386a6..1f7a2ae0 100644
--- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-12.json
+++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-24-12.json
@@ -27,7 +27,7 @@
{
"involvements": [
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"party": "vendor",
"status": "in_progress"
}
@@ -36,7 +36,7 @@
{
"involvements": [
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"party": "vendor",
"status": "in_progress",
"summary": "The vendor has released a mitigation and is working to fully resolve the issue."
diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-27-02-01.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-27-02-01.json
index 579f74d8..ac55ed61 100644
--- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-27-02-01.json
+++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-27-02-01.json
@@ -11,7 +11,7 @@
{
"category": "self",
"summary": "The canonical URL.",
- "url": "https://example.com/security/data/csaf/2021/OASIS_CSAF_TC-CSAF_2_0-2021-6-1-27-02-01.json"
+ "url": "https://example.com/security/data/csaf/2024/oasis_csaf_tc-csaf_2_1-2024-6-1-27-02-01.json"
}
],
"title": "Mandatory test: Document References (failing example 1)",
diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-04-01.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-04-01.json
index f80ee3ad..f1408d64 100644
--- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-04-01.json
+++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-04-01.json
@@ -14,7 +14,7 @@
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
- "date": "2021-04-23T10:00:00.000Z",
+ "date": "2023-08-23T10:00:00.000Z",
"number": "1.0.0+exp.sha.ac00785",
"summary": "Initial version."
}
diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-11-01.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-11-01.json
index f252b23d..bb5cca36 100644
--- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-11-01.json
+++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-11-01.json
@@ -11,7 +11,7 @@
{
"category": "self",
"summary": "A non-canonical URL.",
- "url": "https://example.com/security/data/csaf/2021/OASIS_CSAF_TC-CSAF_2.0-2021-6-2-11-01_1.json"
+ "url": "https://example.com/security/data/csaf/2024/oasis_csaf_tc-csaf_2.1-2024-6-2-11-01_1.json"
}
],
"title": "Optional test: Missing Canonical URL (failing example 1)",
diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-11-11.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-11-11.json
index a61b9254..d31df969 100644
--- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-11-11.json
+++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-11-11.json
@@ -11,7 +11,7 @@
{
"category": "self",
"summary": "A canonical URL.",
- "url": "https://example.com/security/data/csaf/2021/oasis_csaf_tc-csaf_2_0-2021-6-2-11-11.json"
+ "url": "https://example.com/security/data/csaf/2024/oasis_csaf_tc-csaf_2.1-2024-6-2-11-11.json"
}
],
"title": "Optional test: Missing Canonical URL (valid example 1)",