oasis-tcs · tschmidtb51 · Jan 16, 2025 · Jan 16, 2025 · Jan 16, 2025 · Jan 16, 2025
diff --git a/csaf_2.1/examples/csaf/rhsa-2021_5186.json b/csaf_2.1/examples/csaf/rhsa-2021_5186.json
@@ -173,6 +173,7 @@
           "version": "4.6"
         }
       ],
+      "disclosure_date": "2021-12-10T00:00:00Z",
       "discovery_date": "2021-12-13T00:00:00Z",
       "ids": [
         {
@@ -228,7 +229,6 @@
           "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667"
         }
       ],
-      "release_date": "2021-12-10T00:00:00Z",
       "remediations": [
         {
           "category": "vendor_fix",
@@ -252,6 +252,7 @@
     },
     {
       "cve": "CVE-2021-4125",
+      "disclosure_date": "2021-12-16T00:00:00Z",
       "discovery_date": "2021-12-16T00:00:00Z",
       "ids": [
         {
@@ -297,7 +298,6 @@
           "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033121"
         }
       ],
-      "release_date": "2021-12-16T00:00:00Z",
       "remediations": [
         {
           "category": "vendor_fix",
@@ -320,4 +320,4 @@
       "title": "CVE-2021-4125 kube-reporting/hive: Incomplete fix for log4j CVE-2021-44228 and CVE-2021-45046"
     }
   ]
-}
+}
diff --git a/csaf_2.1/examples/csaf/rhsa-2021_5217.json b/csaf_2.1/examples/csaf/rhsa-2021_5217.json
@@ -124,6 +124,7 @@
           "version": "4.6"
         }
       ],
+      "disclosure_date": "2021-12-16T17:05:00Z",
       "discovery_date": "2021-12-17T00:00:00Z",
       "ids": [
         {
@@ -165,7 +166,6 @@
           "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033602"
         }
       ],
-      "release_date": "2021-12-16T17:05:00Z",
       "remediations": [
         {
           "category": "vendor_fix",
@@ -186,4 +186,4 @@
       "title": "CVE-2021-4133 Keycloak: Incorrect authorization allows unpriviledged users to create other users"
     }
   ]
-}
+}
diff --git a/csaf_2.1/examples/csaf/rhsa-2022_0011.json b/csaf_2.1/examples/csaf/rhsa-2022_0011.json
@@ -348,6 +348,7 @@
           "version": "4.6"
         }
       ],
+      "disclosure_date": "2020-02-28T00:00:00Z",
       "discovery_date": "2020-03-06T00:00:00Z",
       "ids": [
         {
@@ -393,7 +394,6 @@
           "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811673"
         }
       ],
-      "release_date": "2020-02-28T00:00:00Z",
       "remediations": [
         {
           "category": "vendor_fix",
@@ -428,4 +428,4 @@
       "title": "CVE-2020-10188 telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code"
     }
   ]
-}
+}
diff --git a/csaf_2.1/json_schema/csaf_json_schema.json b/csaf_2.1/json_schema/csaf_json_schema.json
@@ -855,7 +855,7 @@
             },
             "initial_release_date": {
               "title": "Initial release date",
-              "description": "The date when this document was first published.",
+              "description": "The date when this document was first released to the specified target group.",
               "type": "string",
               "format": "date-time"
             },
@@ -1099,6 +1099,12 @@
               }
             }
           },
+          "disclosure_date": {
+            "title": "Disclosure date",
+            "description": "Holds the date and time the vulnerability was originally disclosed to the public.",
+            "type": "string",
+            "format": "date-time"
+          },
           "discovery_date": {
             "title": "Discovery date",
             "description": "Holds the date and time the vulnerability was originally discovered.",
@@ -1275,6 +1281,9 @@
                     },
                     "cvss_v4": {
                       "$ref": "https://www.first.org/cvss/cvss-v4.0.json"
+                    },
+                    "ssvc_v1": {
+                      "$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json"
                     }
                   }
                 },
@@ -1348,12 +1357,6 @@
             "description": "Holds a list of references associated with this vulnerability item.",
             "$ref": "#/$defs/references_t"
           },
-          "release_date": {
-            "title": "Release date",
-            "description": "Holds the date and time the vulnerability was originally released into the wild.",
-            "type": "string",
-            "format": "date-time"
-          },
           "remediations": {
             "title": "List of remediations",
             "description": "Contains a list of remediations.",

diff --git a/csaf_2.1/prose/edit/etc/bind.txt b/csaf_2.1/prose/edit/etc/bind.txt
@@ -73,6 +73,13 @@ tests-01-mndtr-39-public-sharing-group-with-no-max-uuid.md
 tests-01-mndtr-40-invalid-sharing-group-name.md
 tests-01-mndtr-41-missing-sharing-group-name.md
 tests-01-mndtr-42-purl-qualifiers.md
+tests-01-mndtr-43-use-of-multiple-stars-in-model-number.md
+tests-01-mndtr-44-use-of-multiple-stars-in-serial-number.md
+tests-01-mndtr-45-inconsistent-disclosure-date.md
+tests-01-mndtr-46-invalid-ssvc.md
+tests-01-mndtr-47-inconsistent-ssvc-id.md
+tests-01-mndtr-48-ssvc-decision-points.md
+tests-01-mndtr-49-inconsistent-ssvc-timestamp.md
 tests-02-optional.md
 tests-03-informative.md
 distributing.md