Editor revision for TC meeting 2024-10-30

csaf_2.1/json_schema/csaf_json_schema.json

@@ -1335,9 +1335,11 @@
                   "description": "Specifies the category which this remediation belongs to.",
                   "type": "string",
                   "enum": [
+                    "fix_planned",
                     "mitigation",
                     "no_fix_planned",
                     "none_available",
+                    "optional_patch",
                     "vendor_fix",
                     "workaround"
                   ]

csaf_2.1/prose/edit/etc/bind.txt

@@ -8,6 +8,7 @@ introduction-04-informative-references.md
 introduction-05-typographical-conventions.md
 design-considerations-00.md
 design-considerations-01-construction-principles.md
+design-considerations-02-date-time.md
 schema-elements-00.md
 schema-elements-01-definitions.md
 schema-elements-01-defs-01-acknowledgements.md
@@ -63,6 +64,9 @@ tests-01-mndtr-30-mixed-integer-and-semantic-versioning.md
 tests-01-mndtr-31-version-range-in-product-version.md
 tests-01-mndtr-32-flag-without-product-reference.md
 tests-01-mndtr-33-multiple-flags-with-vex-justification-codes-per-product.md
+tests-01-mndtr-34-branches-recursion-depth.md
+tests-01-mndtr-35-contradicting-remediations.md
+tests-01-mndtr-36-contradicting-product-status-remediation-combination.md
 tests-02-optional.md
 tests-03-informative.md
 distributing.md

csaf_2.1/prose/edit/etc/example-global-to-local.json

@@ -28,127 +28,133 @@
   "26": "version-type-semantic-versioning-eg-3",
   "27": "version-type-semantic-versioning-eg-4",
   "28": "version-type-semantic-versioning-eg-5",
-  "29": "document-property-aggregate-severity-eg-1",
-  "30": "document-property-category-eg-1",
-  "31": "document-property-distribution-text-eg-1",
-  "32": "document-property-distribution-tlp-eg-1",
-  "33": "document-property-publisher-contact-details-eg-1",
-  "34": "document-property-publisher-name-eg-1",
-  "35": "document-property-publisher-namespace-eg-1",
-  "36": "document-property-title-eg-1",
-  "37": "document-property-tracking-aliases-eg-1",
-  "38": "document-property-tracking-generator-eg-1",
-  "39": "document-property-tracking-generator-eg-2",
-  "40": "document-property-tracking-id-eg-1",
-  "41": "product-tree-property-product-groups-eg-1",
-  "42": "product-tree-property-relationships-eg-1",
-  "43": "vulnerabilities-property-cwes-eg-1",
-  "44": "vulnerabilities-property-cwes-eg-2",
-  "45": "vulnerabilities-property-cwes-eg-3",
-  "46": "vulnerabilities-property-ids-eg-1",
-  "47": "vulnerabilities-property-ids-eg-2",
-  "48": "filename-eg-1",
-  "49": "filename-eg-2",
-  "50": "missing-definition-of-product-id-eg-1",
-  "51": "multiple-definition-of-product-id-eg-1",
-  "52": "circular-definition-of-product-id-eg-1",
-  "53": "missing-definition-of-product-group-id-eg-1",
-  "54": "multiple-definition-of-product-group-id-eg-1",
-  "55": "contradicting-product-status-eg-1",
-  "56": "multiple-scores-with-same-version-per-product-eg-1",
-  "57": "invalid-cvss-eg-1",
-  "58": "invalid-cvss-computation-eg-1",
-  "59": "inconsistent-cvss-eg-1",
-  "60": "cwe-eg-1",
-  "61": "language-eg-1",
-  "62": "purl-eg-1",
-  "63": "sorted-revision-history-eg-1",
-  "64": "translator-eg-1",
-  "65": "latest-document-version-eg-1",
-  "66": "document-status-draft-eg-1",
-  "67": "released-revision-history-eg-1",
-  "68": "revision-history-entries-for-pre-release-versions-eg-1",
-  "69": "non-draft-document-version-eg-1",
-  "70": "missing-item-in-revision-history-eg-1",
-  "71": "multiple-definition-in-revision-history-eg-1",
-  "72": "multiple-use-of-same-cve-eg-1",
-  "73": "multiple-definition-in-involvements-eg-1",
-  "74": "multiple-use-of-same-hash-algorithm-eg-1",
-  "75": "prohibited-document-category-name-eg-1",
-  "76": "prohibited-document-category-name-eg-2",
-  "77": "document-notes-eg-1",
-  "78": "document-references-eg-1",
-  "79": "vulnerabilities-for-informational-advisory-eg-1",
-  "80": "product-tree-eg-1",
-  "81": "vulnerability-notes-eg-1",
-  "82": "product-status-eg-1",
-  "83": "vex-product-status-eg-1",
-  "84": "vulnerability-id-eg-1",
-  "85": "impact-statement-eg-1",
-  "86": "action-statement-eg-1",
-  "87": "vulnerabilities-for-security-advisory-or-vex-eg-1",
-  "88": "translation-eg-1",
-  "89": "remediation-without-product-reference-eg-1",
-  "90": "mixed-integer-and-semantic-versioning-eg-1",
-  "91": "version-range-in-product-version-eg-1",
-  "92": "flag-without-product-reference-eg-1",
-  "93": "multiple-flags-with-vex-justification-codes-per-product-eg-1",
-  "94": "unused-definition-of-product-id-eg-1",
-  "95": "missing-remediation-eg-1",
-  "96": "missing-metric-eg-1",
-  "97": "build-metadata-in-revision-history-eg-1",
-  "98": "older-initial-release-date-than-revision-history-eg-1",
-  "99": "older-current-release-date-than-revision-history-eg-1",
-  "100": "missing-date-in-involvements-eg-1",
-  "101": "use-of-md5-as-the-only-hash-algorithm-eg-1",
-  "102": "use-of-sha-1-as-the-only-hash-algorithm-eg-1",
-  "103": "missing-tlp-label-eg-1",
-  "104": "missing-canonical-url-eg-1",
-  "105": "missing-document-language-eg-1",
-  "106": "optional-tests--sorting-eg-1",
-  "107": "use-of-private-language-eg-1",
-  "108": "use-of-default-language-eg-1",
-  "109": "missing-product-identification-helper-eg-1",
-  "110": "cve-in-field-ids-eg-1",
-  "111": "product-version-range-without-vers-eg-1",
-  "112": "cvss-for-fixed-products-eg-1",
-  "113": "additional-properties-eg-1",
-  "114": "same-timestamps-in-revision-history-eg-1",
-  "115": "document-tracking-id-in-title-eg-1",
-  "116": "usage-of-deprecated-cwe-eg-1",
-  "117": "usage-of-non-latest-cwe-version-eg-1",
-  "118": "usage-of-cwe-not-allowed-for-vulnerability-mapping-eg-1",
-  "119": "usage-of-cwe-allowed-with-review-for-vulnerability-mapping-eg-1",
-  "120": "use-of-cvss-v2-as-the-only-scoring-system-eg-1",
-  "121": "use-of-cvss-v3-0-eg-1",
-  "122": "missing-cve-eg-1",
-  "123": "missing-cwe-eg-1",
-  "124": "use-of-short-hash-eg-1",
-  "125": "use-of-non-self-referencing-urls-failing-to-resolve-eg-1",
-  "126": "use-of-self-referencing-urls-failing-to-resolve-eg-1",
-  "127": "spell-check-eg-1",
-  "128": "branch-categories-eg-1",
-  "129": "usage-of-product-version-range-eg-1",
-  "130": "usage-of-v-as-version-indicator-eg-1",
-  "131": "missing-cvss-v4-0-eg-1",
-  "132": "requirement-7-provider-metadata-json-eg-1",
-  "133": "requirement-8-security-txt-eg-1",
-  "134": "requirement-9-well-known-url-for-provider-metadata-json-eg-1",
-  "135": "requirement-11-one-folder-per-year-eg-1",
-  "136": "requirement-12-index-txt-eg-1",
-  "137": "requirement-13-changes-csv-eg-1",
-  "138": "requirement-15-rolie-feed-eg-1",
-  "139": "requirement-16-rolie-service-document-eg-1",
-  "140": "requirement-17-rolie-category-document-eg-1",
-  "141": "requirement-17-rolie-category-document-eg-2",
-  "142": "requirement-17-rolie-category-document-eg-3",
-  "143": "requirement-18-integrity-eg-1",
-  "144": "requirement-18-integrity-eg-2",
-  "145": "requirement-19-signatures-eg-1",
-  "146": "requirement-21-list-of-csaf-providers-eg-1",
-  "147": "requirement-23-mirror-eg-1",
-  "148": "conformance-clause-5-cvrf-csaf-converter-eg-1",
-  "149": "conformance-clause-5-cvrf-csaf-converter-eg-2",
-  "150": "conformance-clause-5-cvrf-csaf-converter-eg-3",
-  "151": "conformance-clause-5-cvrf-csaf-converter-eg-4"
+  "29": "version-type-semantic-versioning-eg-6",
+  "30": "document-property-aggregate-severity-eg-1",
+  "31": "document-property-category-eg-1",
+  "32": "document-property-distribution-text-eg-1",
+  "33": "document-property-distribution-tlp-eg-1",
+  "34": "document-property-publisher-contact-details-eg-1",
+  "35": "document-property-publisher-name-eg-1",
+  "36": "document-property-publisher-namespace-eg-1",
+  "37": "document-property-title-eg-1",
+  "38": "document-property-tracking-aliases-eg-1",
+  "39": "document-property-tracking-generator-eg-1",
+  "40": "document-property-tracking-generator-eg-2",
+  "41": "document-property-tracking-id-eg-1",
+  "42": "product-tree-property-product-groups-eg-1",
+  "43": "product-tree-property-relationships-eg-1",
+  "44": "vulnerabilities-property-cwes-eg-1",
+  "45": "vulnerabilities-property-cwes-eg-2",
+  "46": "vulnerabilities-property-cwes-eg-3",
+  "47": "vulnerabilities-property-ids-eg-1",
+  "48": "vulnerabilities-property-ids-eg-2",
+  "49": "filename-eg-1",
+  "50": "filename-eg-2",
+  "51": "missing-definition-of-product-id-eg-1",
+  "52": "multiple-definition-of-product-id-eg-1",
+  "53": "circular-definition-of-product-id-eg-1",
+  "54": "missing-definition-of-product-group-id-eg-1",
+  "55": "multiple-definition-of-product-group-id-eg-1",
+  "56": "contradicting-product-status-eg-1",
+  "57": "multiple-scores-with-same-version-per-product-eg-1",
+  "58": "invalid-cvss-eg-1",
+  "59": "invalid-cvss-computation-eg-1",
+  "60": "inconsistent-cvss-eg-1",
+  "61": "cwe-eg-1",
+  "62": "language-eg-1",
+  "63": "purl-eg-1",
+  "64": "sorted-revision-history-eg-1",
+  "65": "translator-eg-1",
+  "66": "latest-document-version-eg-1",
+  "67": "document-status-draft-eg-1",
+  "68": "released-revision-history-eg-1",
+  "69": "revision-history-entries-for-pre-release-versions-eg-1",
+  "70": "non-draft-document-version-eg-1",
+  "71": "missing-item-in-revision-history-eg-1",
+  "72": "multiple-definition-in-revision-history-eg-1",
+  "73": "multiple-use-of-same-cve-eg-1",
+  "74": "multiple-definition-in-involvements-eg-1",
+  "75": "multiple-use-of-same-hash-algorithm-eg-1",
+  "76": "prohibited-document-category-name-eg-1",
+  "77": "prohibited-document-category-name-eg-2",
+  "78": "document-notes-eg-1",
+  "79": "document-references-eg-1",
+  "80": "vulnerabilities-for-informational-advisory-eg-1",
+  "81": "product-tree-eg-1",
+  "82": "vulnerability-notes-eg-1",
+  "83": "product-status-eg-1",
+  "84": "vex-product-status-eg-1",
+  "85": "vulnerability-id-eg-1",
+  "86": "impact-statement-eg-1",
+  "87": "action-statement-eg-1",
+  "88": "vulnerabilities-for-security-advisory-or-vex-eg-1",
+  "89": "translation-eg-1",
+  "90": "remediation-without-product-reference-eg-1",
+  "91": "mixed-integer-and-semantic-versioning-eg-1",
+  "92": "version-range-in-product-version-eg-1",
+  "93": "flag-without-product-reference-eg-1",
+  "94": "multiple-flags-with-vex-justification-codes-per-product-eg-1",
+  "95": "mandatory-tests--branches-recursion-depth-eg-1",
+  "96": "contradicting-remediations-eg-1",
+  "97": "contradicting-product-status-remediation-combination-eg-1",
+
+  "98": "unused-definition-of-product-id-eg-1",
+  "99": "missing-remediation-eg-1",
+  "100": "missing-metric-eg-1",
+  "101": "build-metadata-in-revision-history-eg-1",
+  "102": "older-initial-release-date-than-revision-history-eg-1",
+  "103": "older-current-release-date-than-revision-history-eg-1",
+  "104": "missing-date-in-involvements-eg-1",
+  "105": "use-of-md5-as-the-only-hash-algorithm-eg-1",
+  "106": "use-of-sha-1-as-the-only-hash-algorithm-eg-1",
+  "107": "missing-tlp-label-eg-1",
+  "108": "missing-canonical-url-eg-1",
+  "109": "missing-document-language-eg-1",
+  "110": "optional-tests--sorting-eg-1",
+  "111": "use-of-private-language-eg-1",
+  "112": "use-of-default-language-eg-1",
+  "113": "missing-product-identification-helper-eg-1",
+  "114": "cve-in-field-ids-eg-1",
+  "115": "product-version-range-without-vers-eg-1",
+  "116": "cvss-for-fixed-products-eg-1",
+  "117": "additional-properties-eg-1",
+  "118": "same-timestamps-in-revision-history-eg-1",
+  "119": "document-tracking-id-in-title-eg-1",
+  "120": "usage-of-deprecated-cwe-eg-1",
+  "121": "usage-of-non-latest-cwe-version-eg-1",
+  "122": "usage-of-cwe-not-allowed-for-vulnerability-mapping-eg-1",
+  "123": "usage-of-cwe-allowed-with-review-for-vulnerability-mapping-eg-1",
+  "124": "discouraged-product-status-remediation-combination-eg-1",
+  "125": "use-of-cvss-v2-as-the-only-scoring-system-eg-1",
+  "126": "use-of-cvss-v3-0-eg-1",
+  "127": "missing-cve-eg-1",
+  "128": "missing-cwe-eg-1",
+  "129": "use-of-short-hash-eg-1",
+  "130": "use-of-non-self-referencing-urls-failing-to-resolve-eg-1",
+  "131": "use-of-self-referencing-urls-failing-to-resolve-eg-1",
+  "132": "spell-check-eg-1",
+  "133": "branch-categories-eg-1",
+  "134": "usage-of-product-version-range-eg-1",
+  "135": "usage-of-v-as-version-indicator-eg-1",
+  "136": "missing-cvss-v4-0-eg-1",
+  "137": "requirement-7-provider-metadata-json-eg-1",
+  "138": "requirement-8-security-txt-eg-1",
+  "139": "requirement-9-well-known-url-for-provider-metadata-json-eg-1",
+  "140": "requirement-11-one-folder-per-year-eg-1",
+  "141": "requirement-12-index-txt-eg-1",
+  "142": "requirement-13-changes-csv-eg-1",
+  "143": "requirement-15-rolie-feed-eg-1",
+  "144": "requirement-16-rolie-service-document-eg-1",
+  "145": "requirement-17-rolie-category-document-eg-1",
+  "146": "requirement-17-rolie-category-document-eg-2",
+  "147": "requirement-17-rolie-category-document-eg-3",
+  "148": "requirement-18-integrity-eg-1",
+  "149": "requirement-18-integrity-eg-2",
+  "150": "requirement-19-signatures-eg-1",
+  "151": "requirement-21-list-of-csaf-providers-eg-1",
+  "152": "requirement-23-mirror-eg-1",
+  "153": "conformance-clause-5-cvrf-csaf-converter-eg-1",
+  "154": "conformance-clause-5-cvrf-csaf-converter-eg-2",
+  "155": "conformance-clause-5-cvrf-csaf-converter-eg-3",
+  "156": "conformance-clause-5-cvrf-csaf-converter-eg-4"
 }