CVE JSON Record Format version Release Candidate 7

• Change the regex for CWE-ID to accept one digit CWE IDs.
• Don’t allow dots in additional property field names that start with x_

CVE JSON Record Format version Release Candidate 6

• Changed some minLength, maxLnegth values
• Updated some descriptions
• Fixed a typo in schema definition

CVE JSON Record Format version Release Candidate 5

• Removed reserved subschema
• Renamed certain fields for better readability
• Documentation improvements
• Stateful CNA containers
• Refactored record and container metadata
• Require at least one English-language description

CVE JSON Record Format version Release Candidate 4

• Flatten the affected field as a list of products, with the vendor as an attribute.
• versions list has been refactored for better representation and automated interpretation.

CVE JSON Record Format version Release Candidate 3

• Refactored metadata fields
• Updated field descriptions

CVE JSON Record Format version Release Candidate 2

Changes since RC1 include:

• Use RESERVED, PUBLISHED, or REJECTED for cveMetadata.state values.
• Extend support for rich text in other descriptive text fields.
• minor fixes and documentation improvements

CVE JSON Record Format v5.0.0 Release Candidate 1

Some important changes since version 4 include:

• Authorized data publishers (ADPs) can contribute information about CVEs in addition to the CNAs.
• Ability to tag the CVE records and URL references.
• Ability to supply CVSS scores or other metrics associated with a CVE.
• Ability to map to other taxonomies like ATT&CK identifiers.
• Support for rich-text markup formatted CVE descriptions and media.
• Ability to record CVE information related to products with improved granularity.
• Improved or simplified specification of fields that were not fully defined in the version 4 schema.