- update dates
- insert new revision for tracking

- resolves #721
- set TLP label `CLEAR` as default
- add reasoning

- addresses parts of #660
- add `version` as new required field to `cwe`

- addresses parts of #660
- adopt prose to reflect schema
- add CSAF 2.0 to CSAF 2.1 conversion rule
- copy conversion rule to CVRF CSAF converter

- addresses parts of #660
- adopt testdata to reflect current version of the schema
- adopt examples to reflect current version of the schema

Editor Revision 2024-05-29

`TLP:CLEAR` as default

- resolves #628
- add `number` as second level sorting field in 6.1.16
- unify phrasing to match 6.1.14

- resolves #647
- add `number` as second level sorting field in 6.1.14

- addresses parts of #660
- add invalid examples for 6.1.11
- add valid examples for 6.1.11
- explicitly state in 6.1.11 that CWE Views and Categories are not valid

- addresses parts of #154
- state explicit how to handle CWE categories and views

- addresses parts of #530
- wrap CWE into a list to allow multiple CWEs per vulnerability

- addresses parts of #530, #154
- adopt prose to reflect schema
- remove conversion rule for CVRF CSAF converter
- reorder CVRF CSAF converter rules regarding CWEs
- clarify warning regarding conversion of CWE category and view

- addresses parts of #530
- adopt test 6.1.11 to reflect schema

- addresses parts of #530
- adopt examples to reflect schema
- adopt testdata to reflect schema

- addresses parts of #530, #660
- add `/vulnerabilities[]/cwes[]/version` to guidance on size
- add `/vulnerabilities[]/cwes` to guidance on size
- adopt pathes to match schema

- addresses parts of #530
- add invalid example for 6.1.11
- add valid example for 6.1.11

- correct comma mistake

- add missing fact that involvements are a set

- addresses parts of #693
- add missing `\\` for overlooked `/`
- adopt prose to reflect schema

- addresses parts of #693
- add new local testcases

Same timestamps

Editorial 2024-05-29

- addresses review comment from #738
- clarify that invalid CWEs MUST omitted
- use RFC 2119 language

- addresses review comment from #738
- convert abbreviation back to singular (from plural)

- addresses parts of #635
- add new requirement explicitly stating that no blocking is allowed

- addresses parts of review comments from #742
- change wording from MUST NOT to MUST (hopefully with same clarity)
- rephrase "white-listing" to exempt
- use new line per sentence

- resolves #627
- add optional test that warns if two timestamps in the revision history are the same
- add invalid examples for 6.2.21
- add valid examples for 6.2.21
- update testcase and schema for testcases

- addresses parts of #632
- provide guidance where to expect a ROLIE category document

- addresses parts of #632
- provide guidance where to expect a ROLIE service document
- state suggested filename

- addresses parts of #744
- correct metadata of valid example 3 of 6.2.21
- unify metadata of invalid example 3 of 6.2.21
- fix invalid JSON

- addresses review comment from #745
- replace MAY with different wording to show it is optional

- addresses parts of #625
- add section about recursion depth

- addresses parts of #625
- add mandatory test 6.1.34 to check branches recursion depth
- add invalid examples for 6.1.34
- add valid example for 6.1.34
- update testdata schema to accept new test

- addresses parts of #580
- add new party "multiplier" to JSON schema

- addresses parts of #580
- adopt prose to reflect schema

- addresses parts of #580, #673
- add conversion rule

Co-authored-by: Martin Prpič <martin.prpic@gmail.com>

Co-authored-by: Martin Prpič <martin.prpic@gmail.com>

- addresses review comment from #747
- use American English for "flavored"

- addresses parts of review comments from #742
- change wording to SHOULD instead of weak MUST statements

Co-authored-by: Stefan Hagen <stefan@hagen.link>

Editorial

- addresses review comment from #744
- state clearly that conversion needs to happen first

- addresses parts of #627
- add invalid examples for 6.2.21

- addresses review comment from #738
- clarify that an order of CWEs is expected

- addresses parts of #749
- clarify that timestamps might have different timezones
- add invalid example for 6.1.14
- add valid example for 6.1.14

- addresses parts of #749
- clarify that timestamps might have different timezones
- add invalid example for 6.1.16
- add valid example for 6.1.16

- addresses parts of #749
- clarify that timestamps might have different timezones
- add invalid example for 6.1.21
- add valid example for 6.1.21

- addresses parts of #749, #341
- clarify that timestamps might have different timezones
- add invalid example for 6.2.5
- add valid examples for 6.2.5

- addresses parts of #749, #341
- clarify that timestamps might have different timezones
- add invalid example for 6.2.6
- add valid examples for 6.2.6

- addresses review comment from #744
- simplify requirement on comparison

- addresses review comment of #747
- rephrase "separated" into "regrouped"

Clarify Timezones in multiple tests

- addresses review comment from #738
- simplify the statement of ordered CWEs

Co-authored-by: Martin Prpič <martin.prpic@gmail.com>

ROLIE category and service document location

Branches recursion depth

Add party `multiplier`

HTTP User-Agents

…to cwe

…to same-timestamps

CWEs, CWE version and CWE Weakness clarification

Optional Test: Same Timestamps in Revision History

- adding new examples to counters require fresh inversion of mapping

Signed-off-by: Stefan Hagen <stefan@hagen.link>

Signed-off-by: Stefan Hagen <stefan@hagen.link>

Signed-off-by: Stefan Hagen <stefan@hagen.link>

Signed-off-by: Stefan Hagen <stefan@hagen.link>

- Previous file still did neither have the injected styles nor the logo image as data

Signed-off-by: Stefan Hagen <stefan@hagen.link>