Skip to content

0.8.2
Compare
Choose a tag to compare
@DigitalTrustCenter DigitalTrustCenter released this 14 Apr 08:11
· 12 commits to main since this release
0.8.2
24463a7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

bugfixing: #44, #45 and #46
adding support for CSAF field #47

#44: Wordings "data_after_sig" error message and inclusion in README and #45: Text suggestion for "signed_format_issue" error

  • error message changed to be more clear.

#46: Unknown field: notification and textual suggestion

  • Added notifications which were already mentioned in the ReadMe and the text for the unknown_field notification is changed to be more clear.

#47: Validate new CSAF field
new key for CSAF field, it is considered optional as per the section 2.4 (https://www.rfc-editor.org/rfc/rfc9116.html#section-2.4).
If the field is not present a recommendation "no_csaf" is added. "'CSAF' field should appear at least once"
if the field does not point to the correct file an error "no_csaf_file" is added. "All CSAF field in the security.txt must point to a provider-metadata.json file"
If multiple fields are present a notification "multiple_csaf_fields" is added to remove them even though it is allowed. "It is allowed to have more than one CSAF field, however this should be removed if possible."

Assets 2
Loading