$Id: ChangeLog.txt,v 1.3 2005/11/10 17:57:08 rustler Exp $ ChangeLog of CAIF development ----------------------------- CAIF 1.2 (Revision 2): - added the attribute 'policy' to the assessment elements 'risk', 'probability-of-occurrence', and 'threat' to enable authors to document which policy has been used to make the assessments. Details can be found in draft's chapter 4.4 ('Separate Format and Policy) as well as the chapters describing the assessment elements (13.8.1.7, 13.8.1.8, and 13.8.1.9). CAIF 1.2 (Revision 1): - renamed 'constituency-ref' attribute name in elements 'probability-of-occurrence' and 'threat' as 'const-ref' to match the equivalent attributes of the 'bibitem' and 'distribution-allowed' elements CAIF 1.2: - renamed 'constituency' markup element as 'const' - new markup elements: 'aff', 'update' - added 'developer' entity to tech-background attribute of 'target-group' element - renamed 'programming-flaw' entity as 'implementation-flaw' entity of key attribute of class element - added new entity CONTENT-KEYS to classify encodings, new attribute values are 'base64' and 'parsed' - added new markup element 'aff' (for affected) with an 'id' attribute, which allows to markup text passages which are affected by the id value - added new markup element 'update' with a 'version' attribute and an optional 'invalid' subelement to highlight changed content of different announcement versions - renamed 'tg-id' attribute of 'body' element as 'tg-ref' to make the meaning more precise, because the value is of type IDREF - renamed 'tg-id' attribute of 'rlist' element as 'tg-ref' to make the meaning more precise, because the value is of type IDREF - renamed structuring element 'problem-ids' as 'problems' to generalize the namespaces of structuring elements - new structuring element 'determine-affectedness' which allows to provide meta-information how to determine an affected system with integration of third party tools like OVAL or AVDL - swapped order of structuring elements 'other-documents' and 'rendered-copy' for normalization reasonse, the latter one is now the last top-level structuring element - renamed 'announcement-id' subelement of the 'identification' element as 'announcement', because the 'announcement' subelement has an 'id' attribute already - renamed 'issuer-id' attribute of the 'issuer' element as 'id' - renamed 'problem-id' subelement of 'problem-ids' (now 'problems') as 'problem', because it has an 'id' attribute already - changed default value of 'key' attributes of the subelements 'class', 'attack-requirements' and 'impact' into "other" - changed default value of 'key' attribute of subelement 'exploit-status' into "unknown" - the new detitem element contains a at least one body element and following attributes: 'method' which specifies the method, e.g. script, 'aff-ref' which references the dedicated id of an affected system defined with the new 'aff' element, 'problem-ref' which references the problem and 'content-type' which defines the body content's encodings (base64 or parsed) - added optional 'body' subelements to 'other-document' and 'rendered-copy' structuring elements - renamed 'interchange' as 'distribution-allowed' and redesigned element. It now has an attribute 'const-ref' that contains the IDs of the 'constituency' elements to which the distribution is allowed - added 'tg-ref' and 'const-ref' attributes to the 'bibitem' element CAIF 1.1: - removed 'source' structuring element - removed headline and language elements - introduced new target-groups container element - changed target-group element, now contains tech-background, orga-overview attributes instead of old who attribute - moved p, table, list, li elements to markup section - introduced new body element as alternative for rlist if only one problem is objected, body contains a target-group reference for multilingual purposes - removed headline and language in identification and added body+ instead - removed headline from revisions element and added body+ instead to allow multilingual headlines - changed revision body from %MTEXT to body+, now multilingual revision description is no problem - removed all attributes from summary, added body+ instead - removed headline from problem-ids, added body+ instead - changed p with body+ in all structural elements - removed attack-information and merged the resulting elements with problem-id - changed vector, requirements and signature - swapped p with body+ - removed attributes from impact, class, exploit, risk, mitigation, probability-of-occurence, threat, context, description, workaround, solution - removed p and headline from arbitrary and added body+ instead - removed all attributes from bibliography and added body+ and bibitem+ instead, introduced bibitem as single bibliography reference - removed p from credits and disclaimer, added body+ instead - introduced new constituency element for constituency tailored announcements, also introduced const markup element to mark such tailored parts - introduced interchange subelement for identification which can be used to specify interchange restrictions - introduced earliest-release subelement for identification which is used for early release notifications CAIF 1.0: - initial release