You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Removal of restrictions within the /cves/ 2.0 API schema
To enable more flexibility within our API output we need to remove certain restrictions from the existing 2.0 API schemas.
Why does this matter?
All existing API users will need to update to the 2.1.0 /cves/ schema or later.
Many systems reference a cached or local version of a schema when performing validation. Since the /cves/ schema prior to 2.1.0 is overly restrictive, any system that references an older version of the schema that contains additionalProperties: false in the locations changed may no longer validate against future 2.0 API output.
We plan to begin including new data types within the 2.0 API output in the near future. We advise updating any schema references within the next 30 days.
What changes were made?
Removed additionalProperties: false from the following objects:
• "cve_item":
• "reference":
• "metrics":
Similar information is available at our news page.
I haven't dug into how this will affect us and if we need to make changes, so this is just a reminder to check on it. I don't think off the top of my head that our schema validation check uses a cached copy, but we don't block on schema fails with NVD anyhow because they have a habit of failing those checks already, so at worst I think there will be cranky log messages.
That said, the fact that they're adding metrics is potentially interesting and might fit well with the existing EPSS work.
The text was updated successfully, but these errors were encountered:
From the nvd's email:
I haven't dug into how this will affect us and if we need to make changes, so this is just a reminder to check on it. I don't think off the top of my head that our schema validation check uses a cached copy, but we don't block on schema fails with NVD anyhow because they have a habit of failing those checks already, so at worst I think there will be cranky log messages.
That said, the fact that they're adding metrics is potentially interesting and might fit well with the existing EPSS work.
The text was updated successfully, but these errors were encountered: