Hello Team,

We have identified some structural changes in CSAF 2026 advisories related to container images, and we would like to report these for confirmation and clarification.

References

• New advisory (2026):
  RHSA-2026:0327
  https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0327.json

• Older advisory (2025):
  RHSA-2025:9278
  https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9278.json

Observation

When comparing the above advisories, we noticed structural differences in how container image–related information is represented in the CSAF document. These changes appear to affect fields related to:

• Product identification and/or relationships for container images

• Representation of affected container artifacts (e.g., images, repositories, or tags)

• Placement or structure of container-specific data within the CSAF schema

This impacts tooling and downstream consumers that rely on a consistent CSAF structure for:

• Parsing affected container images

• Mapping vulnerabilities to image artifacts

• Automation around vulnerability ingestion and reporting

Request

Could you please help clarify:

1. Whether these changes are intentional and part of an updated CSAF modeling approach for container images

1. If there is documentation or a changelog describing these structural updates

1. Whether consumers should expect backward incompatibilities or further changes going forward

1. Any recommended guidance for adapting parsers or tooling to handle these updates correctly

We appreciate your guidance and confirmation so we can ensure compatibility with current and future CSAF advisories.

Thank you for your time and support.

Best regards,
Sagar Kale