API Changelog
This document tracks changes and updates to the CyberSecFeed API. Each release includes detailed information about new features, improvements, and any required migration steps.
Current API Version
- Version: v1.5
- Base URL: https://api.cybersecfeed.com
Version 1.5 - May 2025
🎯 MITRE ATT&CK® Integration Release
Released: May 15, 2025
Major Feature: ATT&CK Technique Mappings
✅ MITRE ATT&CK Framework Integration
- CVE-to-ATT&CK technique mappings for majority of KEV catalog
- Real-time adversary technique intelligence
- Parameter-controlled inclusion via
include=attack - Seamless integration with existing enrichment framework
New Capabilities
✅ ATT&CK Data Access
include=attack- Retrieve ATT&CK technique mappings- Technique IDs link vulnerabilities to adversary behaviors
- Compatible with all CVE search and detail endpoints
- Combinable with other enrichment parameters
✅ Enhanced Threat Intelligence
- Map vulnerabilities to attack chains
- Prioritize based on adversary techniques
- Support detection engineering workflows
- Enable threat-informed defense strategies
Response Format Updates
{
"attack": {
"techniques": ["T1190", "T1059", "T1203", "T1210"]
}
}
Each technique ID represents specific adversary tactics:
- T1190: Exploit Public-Facing Application
- T1059: Command and Scripting Interpreter
- T1203: Exploitation for Client Execution
- T1210: Exploitation of Remote Services
Performance Optimization
- Zero performance impact when not requested
- Efficient parameter-based loading
- Integrated with edge caching infrastructure
- Sub-second response times maintained
Usage Examples
# Get CVE with ATT&CK techniques
curl -H "X-API-Key: your-api-key" \
"https://api.cybersecfeed.com/api/v1/cve/CVE-2021-44228?include=attack"
# Search KEV with ATT&CK mappings
curl -H "X-API-Key: your-api-key" \
"https://api.cybersecfeed.com/api/v1/cves?kev=true&include=attack"
# Combine all enrichments
curl -H "X-API-Key: your-api-key" \
"https://api.cybersecfeed.com/api/v1/cve/CVE-2024-0001?include=acsc,enrichment,attack"
Version 1.4 - January 2025
🚀 Performance Optimization Release
Released: January 19, 2025
Major Performance Improvements
- Parameter-Based Enrichment Control: ACSC and enrichment data now require explicit
includeparameters for optimal performance - 80%+ Cache Hit Rate: Achieved through quota header removal and response standardization
- Edge Caching Optimization: Cloudflare CDN integration for sub-second response times
- Database Index Optimization: API key authentication reduced from ~200ms to ~10ms
Breaking Changes
⚠️ ACSC Data Inclusion
- ACSC data now requires
include=acscparameter - Default responses no longer include ACSC data automatically
- Migration: Add
?include=acscto requests that need ACSC notices
⚠️ Quota Headers Removed
- Quota information removed from regular API response headers
- New dedicated
/api/v1/usageendpoint for quota monitoring - Migration: Use
/api/v1/usageendpoint instead of response headers
New Features
✅ Enhanced Parameter Control
include=acsc- Include ACSC security noticesinclude=enrichment- Include enrichment framework datainclude=acsc,enrichment- Include both enrichment types
✅ New Endpoints
GET /api/v1/usage- Dedicated quota and usage monitoringGET /api/v1/ping-lite- Lightweight health check (<1ms response)
✅ Performance Features
- ETag caching support for all endpoints
- Lazy quota updates for paid plans
- Background processing for usage tracking
- Improved field projection capabilities
Response Format Updates
- Default CVE responses: Include core data + KEV + EPSS (when available)
- ACSC responses: Only included with
?include=acscparameter - Enrichment responses: Only included with
?include=enrichmentparameter - Usage endpoint: Dedicated response format for quota monitoring
Performance Metrics
- Response Time: 649ms → ~0ms for 80%+ of cached requests
- Cache Hit Rate: Improved from ~20% to 80%+
- API Authentication: Reduced from ~200ms to ~10ms
- Bandwidth: 25-50% reduction through selective data loading
Migration Guide
See our comprehensive Migration Guide for step-by-step instructions to update your integration.
Version 1.3 - December 2024
🔐 API Subscription Model Release
Released: December 16, 2024
New Features
✅ API Key Authentication
- Database-backed API key system with SHA-256 hashing
- Monthly quota management per subscription tier
- Real-time usage tracking via Durable Objects
✅ Subscription Tiers
- Free: 1,000 requests/month + 5 req/min rate limit
- Plus: 30,000 requests/month
- Premium: 100,000 requests/month
- Pro: 500,000 requests/month
- Enterprise: 2,000,000+ requests/month
✅ Stripe Integration
- Zero-redeploy pricing via Stripe metadata
- Automated subscription lifecycle management
- Webhook-based plan updates
✅ Usage Monitoring
- Real-time quota tracking
- Monthly usage reset automation
- Comprehensive usage analytics
API Enhancements
- Postmark email integration for API key delivery
- Customer name collection for personalized communications
- Enhanced error responses for quota and rate limiting
- Improved authentication performance with 30s LRU cache
Version 1.2 - November 2024
🇦🇺 ACSC Integration Release
Released: November 8, 2024
New Features
✅ ACSC Security Notices
- Australian Cyber Security Centre alerts and advisories
- Hourly RSS feed ingestion with ETag efficiency
- Historical backfill of 65+ security notices
- CVE linkage for threat correlation
✅ Enhanced CVE Responses
- ACSC notices included in CVE detail endpoints
- Priority-based alert classification
- Direct links to ACSC website for detailed guidance
Data Coverage
- 8 notices ingested via real-time RSS feeds
- 65+ historical notices from comprehensive backfill
- 454 CVE linkages connecting vulnerabilities to ACSC guidance
- Large file handling with summarization for files >128KB
Version 1.1 - October 2024
📊 MITRE Integration & Data Expansion
Released: October 6, 2024
Major Data Expansion
✅ MITRE CVE Integration
- Added 57,000+ MITRE CVE stubs for complete coverage
- Improved coverage from 80.98% to 98.17% of CVE universe
- Hourly delta processing for real-time updates
- UPSERT protection to prevent data loss
✅ Enhanced Data Quality
- NVD > MITRE data hierarchy enforcement
- Source tracking for incident recovery
- Automated conflict resolution
Performance Improvements
- EPSS Async Processing: 15-20min → 2m9s (700% improvement)
- Parallel Uploads: 8x concurrent processing
- SQLite Optimization: ROW_NUMBER → correlated MAX (7.5x improvement)
- Smart Skip Logic: 50%+ bandwidth savings
Version 1.0 - September 2024
🎉 Production Launch
Released: September 5, 2024
Core API Endpoints
✅ CVE Operations
GET /api/v1/cve/{id}- Detailed CVE informationGET /api/v1/cves- Search and list CVEs with filteringGET /api/v1/kev- Known Exploited Vulnerabilities catalogGET /api/v1/stats- Platform statistics and coverage
✅ Health & Monitoring
GET /api/v1/ping- Comprehensive health checkGET /api/v1/ping-lite- Lightweight status check
Data Sources
✅ Comprehensive Coverage
- NVD: Complete CVE database with real-time updates
- KEV: CISA Known Exploited Vulnerabilities catalog
- EPSS: Exploit Prediction Scoring System
- Custom Domain: Production deployment on cybersecfeed.com
Enterprise Features
- ETag Caching: RFC 7232 compliant conditional requests
- Field Projection: Selective data retrieval
- Batch Operations: Up to 50 CVEs per request
- Advanced Filtering: Multi-parameter search capabilities
- Rate Limiting: Fair usage enforcement
- CORS Support: Cross-origin requests enabled
API Stability Promise
The CyberSecFeed API v1 is stable and production-ready. We are committed to:
- Backwards Compatibility: No breaking changes without major version increment
- Performance: Continuous optimization without functionality changes
- Deprecation Notice: Minimum 90 days notice for any deprecated features
- Migration Support: Comprehensive guides and support for any required changes
Update Notifications
Stay informed about API updates:
- Email Notifications: Subscribe in your account settings
- Documentation: Always reflects the latest API version
- Changelog: Check this page for detailed release notes
- Status Page: Monitor for service updates and incidents
Support
For API-related questions:
- Documentation: Comprehensive guides and references
- Migration Support: Dedicated assistance for version upgrades
- Technical Support: Contact [email protected]
- Community: Join our developer community for best practices