-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate new CSAF field #47
Comments
For some further details see CSAF specification under:
See also: https://www.rfc-editor.org/rfc/rfc9116.html#section-2.4 ("Any fields registered via that process MUST be considered optional.") Possible additional checks:
Example of a security.txt with CSAF field: https://www.bsi.bund.de/.well-known/security.txt |
#47 Validate new CSAF field new recommendation.
|
Thanks. Some remarks:
|
These changes have been applied in the new release.
|
The 'CSAF'-field is now part of the security.txt fields registry (https://www.iana.org/assignments/security-txt-fields/security-txt-fields.xhtml). This field should be accepted without raising the unknown_field notification.
It was added on 2023-02-15.
Validating it as a URI-field should be sufficient, as it probably goes beyond the scope of this parser to check if the field complies with the OASIS specification.
The text was updated successfully, but these errors were encountered: