v1.6.3

What's Changed

• Add Malicious Packages and the "MAL" id namespace. by @calebbrown in #223
• Events requirements: recommend the use of fixed over limit by @zacchiro in #221
• Adding Technical Charter by @redenmartinez in #225
• Revert "Adding Technical Charter" by @hythloda in #227
• Fix truncated copy/paste in database_specific description by @chrisbloom7 in #229
• Enable encoding of Maven registries. by @oliverchang in #231

New Contributors

• @zacchiro made their first contribution in #221
• @redenmartinez made their first contribution in #225
• @hythloda made their first contribution in #227

Full Changelog: v1.6.2...v1.6.3

v1.6.2

What's Changed

• Add support of CVSS v4.0 by @pandatix in #213
• Replace jsonschema with check-jsonschema by @dodys in #218
• Add Ubuntu ecosystem by @dodys in #219
• Clarify some wording for Ubuntu ecosystem by @oliverchang in #220
• Bump version and update changelog. by @oliverchang in #222

New Contributors

• @pandatix made their first contribution in #213
• @dodys made their first contribution in #218

1.6.1

What's Changed

• Update Android ecosystem package name definition. by @doryiii in #191
• Swap CRAN and bioconductor by @randy3k in #200
• Fill in TODOs in Haskell parts of osv-schema by @mihaimaruseac in #198
• Clarify why aliases should not be used in vulnerability bundles by @michaelkedar in #197
• Update README.md by @oliverchang in #172
• Revert "Update README.md" by @oliverchang in #209
• Add links to OpenSSF Vulnerabilities Disclosures WG by @david-a-wheeler in #119
• Some schema cleanup. by @oliverchang in #210

New Contributors

• @doryiii made their first contribution in #191
• @randy3k made their first contribution in #200
• @david-a-wheeler made their first contribution in #119

Full Changelog: v1.6.0...v1.6.1

1.6.0

What's Changed

• Several new database prefixes.
• SwiftURL ecosystem.
• Clarifications for aliases, and related.

New Contributors

• @mihaimaruseac made their first contribution in #157
• @gongomgra made their first contribution in #156
• @hayleycd made their first contribution in #159
• @captn3m0 made their first contribution in #107
• @calebbrown made their first contribution in #177
• @dependabot made their first contribution in #182
• @MichaelChirico made their first contribution in #176
• @tylfin made their first contribution in #185
• @sethmlarson made their first contribution in #190
• @michaelkedar made their first contribution in #193

Full Changelog: v1.5.0...v1.6.0

1.5.0

What's Changed

• Include last_affected in fields discussed for affected[].ranges[].type by @andrewpollock in #115
• Add Rocky Linux by @mstg in #118
• Clarify that the credits type field is a string. by @oliverchang in #121
• Clarify schema_version being required in >1.0.0 by @oliverchang in #122
• Added INTRODUCED to compliment FIX by @kurtseifried in #128
• Add DETECTION reference type by @joshbuker in #137
• Add AlmaLinux ecosystem by @Roo4L in #141
• Last affected by @kurtseifried in #147
• Add schema $id by @joshbuker in #130
• Update list of ecosystems and databases by @oliverchang in #149
• Add DISCUSSION reference type by @joshbuker in #138
• Update database prefix documentation to be more detailed by @joshbuker in #143
• Bump version to 1.5.0 by @oliverchang in #152

New Contributors

• @andrewpollock made their first contribution in #115
• @mstg made their first contribution in #118
• @Roo4L made their first contribution in #141

Full Changelog: v1.4.0...v1.5.0

1.4.0

Main changes.

• Add optional severity field override for affected packages. by @oswalpalash in #106
• Add a credit types field by @hawaiigal in #110

1.3.1

What's Changed

• Clarify Go examples. by @oliverchang in #76
• Added CVSS_V2 and fixed whitespace by @kurtseifried in #87

New Contributors

• @kurtseifried made their first contribution in #87

Full Changelog: v1.3.0...v1.3.1

1.3.0

Add GitHub Actions and Pub to the ecosystems list (#74)

* Add GitHub Actions and Pub to the ecosystems list

This adds GitHub Actions and Pub to the documented list of defined ecosystems. The description for Pub is the wording taken directly from their website, but open to feedback if you'd like it to follow a specific pattern.

There are no validations on the ecosystems defined in the schema docs, so the validation JSON has not been updated.

* Clarify formatting of Actions name

1.2.0

Includes various changes suggested by GitHub (schema_version, top-level database_specific, credits, severity, relaxation of version enumeration requirement).

0.7.1

Update README.md