Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Editor revision for TC meeting 2024-03-27 #714

Open
wants to merge 66 commits into
base: master
Choose a base branch
from
Open

Editor revision for TC meeting 2024-03-27 #714

wants to merge 66 commits into from

Conversation

tschmidtb51
Copy link
Contributor

@tschmidtb51 tschmidtb51 commented Mar 27, 2024
edited

tschmidtb51 and others added 30 commits January 30, 2024 22:03
@tschmidtb51
CVSS 4.0
c813a56 
- addresses parts of #652
- add CVSS v4 to JSON schema
@tschmidtb51
CVSS 4.0
75669a8 
- addresses parts of #652
- add CVSS v4.0 to referenced schemas
- add strict version of schema
@tschmidtb51
CVSS 4.0
6ba76ff 
- addresses parts of #652
- adopt test scripts to include CVSS 4.0
@tschmidtb51
CVSS 4.0
5117d27 
- addresses parts of #652
- add CVSS 4.0 to informative references
- add CVSS 4.0 to construction principles
@tschmidtb51
CVSS 4.0
d282368 
- addresses parts of #652
- add CVSS 4.0 to `/vulnerabilities[]/scores[]`
@tschmidtb51
CVSS 4.0
16530f9 
- addresses parts of #652, #341
- add invalid example for 6.1.7
- add valid examples for 6.1.7
@tschmidtb51
Tests
69532cd 
- addresses parts of #341
- add invalid examples for 6.1.7
- add valid examples for 6.1.7
@tschmidtb51
CVSS 4.0
02acf23 
- addresses parts of #652, #341
- add missing CVSS 4.0 reference in validator test script
@tschmidtb51
CVSS 4.0
6d35d3d 
- addresses parts of #652
- update the strict version to use `unevaluatedProperties` instead of `additionalProperties` which fails with `allOf`
@tschmidtb51
CVSS 4.0
2e36a29 
- addresses parts of #652
- use different vector to avoid `multiple` issue
@tschmidtb51
CVSS 4.0
7c64cab 
- addresses parts of #652
- address `multipleOf` issue by parsing floats as Decimal
- add valid example to show correctness
@tschmidtb51
CVSS 4.0
4140ce9 
- addresses parts of #652
- add CVSS 4.0 to Appendix C regarding size
@tschmidtb51
CVSS 4.0
35278f6 
- addresses parts of #652
- add CVRF-CSAF-conversion rule
@tschmidtb51
CVSS 4.0
efba9ae 
- addresses parts of #652, #341
- add invalid example for 6.1.8
- add valid examples for 6.1.8
- update test 6.1.8
@tschmidtb51
CVSS 4.0
740aa8f 
- addresses parts of #652, #341
- add invalid example for 6.1.9
- add valid examples for 6.1.9
- update test description 6.1.9
@tschmidtb51
CVSS 4.0
3032528 
- addresses parts of #652, #341
- add invalid examples for 6.1.10
- add valid examples for 6.1.10
- update test description 6.1.10
@tschmidtb51
CVSS 4.0
7506cd1 
- addresses parts of #652, #341
- add invalid examples for 6.2.19
- add valid examples for 6.2.19
- update test description 6.2.19
@tschmidtb51
CVSS 4.0
2f21663 
- addresses parts of #652, #341
- add invalid example for 6.3.1
- add valid example for 6.3.1
- update test description 6.3.1
@tschmidtb51
CVSS 4.0
dfc79b6 
- addresses parts of #652
- add test 6.3.12
- add invalid examples for 6.3.12
- add valid examples for 6.3.12
@tschmidtb51
CVSS 4.0
ce28043 
- addresses parts of #652, #341
- add valid example for 6.1.9 to trigger `multipleOf` issue
@tschmidtb51
CVSS 4.0
1c81028 
- addresses parts of #652
- correct wrong `/document/tracking/id`
@tschmidtb51
Merge pull request #688 from tschmidtb51/add-cvss-4.0
d0638d9 
Add CVSS 4.0
@tschmidtb51
References
ea1d449 
- fixes #684
- add RFC 8322 as informative reference
@tschmidtb51
BOM Link
1612c75 
- fixes #687
- correct namespace
@tschmidtb51
Editorial
9429813 
- update date
- update revision history
- update citation format
@tschmidtb51
Size limit
7aa5c24 
- addresses parts of #626
- update size limit and unit
@tschmidtb51
Artifacts
ae30854 
- generate artifacts for easier reading
@sthagen
Added bridge in the note on the increased size
05db3f8
@tschmidtb51 @sthagen
References
f756a72 
- fixes #684
- add RFC 8322 as informative reference
@tschmidtb51 @sthagen
BOM Link
13ec5b7 
- fixes #687
- correct namespace
sthagen and others added 14 commits February 26, 2024 22:50
@sthagen @tschmidtb51
Revert of section title case change
4fb0144 
Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
@sthagen @tschmidtb51
Rendered delivery items matching editor revision 2024-02-28
49ff91a 
- amended the mapping helper files in etc to include the added section and example
- executed the rendering pipeline
- Note: the automated extraction of section and example counts for the mapping
  helpers was forgotten along the many changes during bootstrap
  TODO(sthagen) to restore this auto discovery

Co-authored-by: Thomas Schmidt <thomas.schmidt@bsi.bund.de>
Signed-off-by: Stefan Hagen <stefan@hagen.link>
@tschmidtb51
CVSS 4.0
66834eb 
- addresses parts of #652
- explicitly mention names of Exploitability throughout the different CVSS versions
@tschmidtb51
Editorial
1035bfe 
- addresses parts of #652, #699
- correct location of section separator
@tschmidtb51
CPE regex
2a4f106 
- addresses parts of #693, #710
- correct pattern to `^((CPE2.3)|(CPE2.2))$`
- add additional `\\` to escape previously unescaped `/`
@tschmidtb51
CPE regex
61e78c8 
- addresses parts of #693
- correct parsing of CPE 2.3 Dictionary (to also capture endings `">` instead of just `"/>`)
@tschmidtb51
CPE regex
1cfd26f 
- addresses parts of #693
- add new local test cases
- adopt test script
@tschmidtb51
purl regex
2425782 
- addresses parts of #710
- add additional `\\` to escape previously unescaped `/`
@tschmidtb51
Editor revision 2024-03-27
6e5a39a 
- update dates
- insert new revision for tracking
@tschmidtb51
CSAF 2.1
f8d5a10 
- update overlooked CSAF 2.0 to 2.1
@tschmidtb51
CSAF SBOM matching system
b0f0b98 
- resolves #708
- correct copy-paste mistake "asset" => "SBOM"
@tschmidtb51
CPE regex
fb7115e 
- addresses parts of #693
- add conversion rule
@tschmidtb51
Merge pull request #713 from tschmidtb51/editor-revision-2024-03-27
914850b 
Editor revision 2024 03 27
@santosomar
Merge pull request #711 from tschmidtb51/cpe-regex
bc6c0f4
@tschmidtb51 tschmidtb51 added editor-revision already worked on in the editor revision csaf 2.1 csaf 2.1 work labels Mar 27, 2024
@tschmidtb51 tschmidtb51 self-assigned this Mar 27, 2024
sthagen
sthagen approved these changes Mar 27, 2024
View reviewed changes
Copy link
Contributor

@sthagen sthagen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@tschmidtb51 tschmidtb51 changed the title Editor revision for TC meeting 2024-03-2 Editor revision for TC meeting 2024-03-27 Mar 27, 2024
@tschmidtb51
Copy link
Contributor Author

As discussed in today's TC meeting: We will keep that open until 2024-04-10 for TC review. If no objections occur, it will be merged.

@tschmidtb51 tschmidtb51 mentioned this pull request Mar 27, 2024
Open
sthagen
sthagen approved these changes Mar 28, 2024
View reviewed changes
Copy link
Contributor

@sthagen sthagen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

'LGTM'.lower()

@tschmidtb51 tschmidtb51 marked this pull request as ready for review April 9, 2024 10:04
@tschmidtb51 tschmidtb51 mentioned this pull request Apr 23, 2024
Draft
@santosomar
Copy link
Contributor

A motion will be moved after today's CSAF TC meeting. We agreed that no further changes are pending for this PR.

@tschmidtb51 tschmidtb51 added the motion This item has a motion pending label Apr 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sthagen sthagen sthagen approved these changes

@santosomar santosomar Awaiting requested review from santosomar

Assignees

@tschmidtb51 tschmidtb51

Labels
csaf 2.1 csaf 2.1 work editor-revision already worked on in the editor revision motion This item has a motion pending
Projects
None yet
Milestone
No milestone
3 participants
@tschmidtb51 @santosomar @sthagen