Merge pull request #1714 from DependencyTrack/issue-1090-update-breaking-changes

Issue-1090 : Document Findings response changes.

Author: nscuro

docs/getting-started/changes-over-v4.md

@@ -73,4 +73,12 @@ and vulnerability analysis is performed by services separately from the API serv
 [Kafka]: https://kafka.apache.org/
 [Lucene]: https://lucene.apache.org/
 [PostgreSQL]: https://www.postgresql.org/
-[Protobuf]: https://protobuf.dev/
+[Protobuf]: https://protobuf.dev/
+[sarif.peb]: https://github.com/DependencyTrack/hyades-apiserver/blob/main/src/main/resources/templates/findings/sarif.peb
+
+### Findings
+
+* The Findings response object's `vulnerability` will no longer contain two fields below, `cwes` will hold the respective ids. 
+    * `cweId`
+    * `cweName`
+* In the SARIF file (schema defined in [sarif.peb]), `cweId` will be replaced by list of cwe ids in `cwes`. And name of the SARIF rule will be vulnerability's `vulnId` instead of `cweName`.