The 'advisory' field is used when a PMC has its own naming scheme for their advisories, next to CVE.
This field is often misused:
- Isis, Artemis, Feliz, Ofbiz and Zeppelin incorrectly used it by putting Jira ID's in it
- bookkeeper, camel, karaf and ofbiz incorrectly used it by putting URLs in it
- Struts 2 does seems to use it legitimately.
We should probably hide the field to reduce confusion, and only show it for Struts (and any other PMC that asks).
The 'advisory' field is used when a PMC has its own naming scheme for their advisories, next to CVE.
This field is often misused:
We should probably hide the field to reduce confusion, and only show it for Struts (and any other PMC that asks).