Colleagues, The CVE Program is rapidly approaching the "hard deploy<https://cveproject.github.io/automation-cve-services-faqs#what-is-meant-by-cve-services-21-hard-deploy>" of the CVE Services<https://www.cve.org/AllResources/CveServices>/CVE JSON 5.0<https://www.cve.org/AllResources/CveServices#cve-json-5> automation upgrade.
The objective of hard deploy is to address issues that have been identified during the "soft deploy<https://cveproject.github.io/automation-cve-services-faqs#what-is-meant-by-cve-services-21-soft-deploy>" period (which began in October 2022), and to make available a CVE JSON 5.0 Bulk Download capability (see the Transition FAQs<https://cveproject.github.io/automation-cve-services-faqs> for additional information). Important milestones since our last bulletin: * The CVE JSON 5.0 Bulk Download function is currently undergoing testing and is almost complete. This function will make the full CVE List downloadable in CVE JSON 5.0 format. The deployment schedule for this capability will be announced at the upcoming CVE Global Summit - Spring 2023<https://www.cve.org/Media/Events>. IMPORTANT: A preview of the CVE JSON 5.0 Bulk Download Repository is available for review<https://github.com/CVEProject/cvelistV5>, but this is a PREVIEW ONLY and SHOULD NOT be considered the official CVE List. This new repository continues to undergo testing and has not been finalized. The official CVE List continues to be based on CVE JSON 4.0 and is found on the CVEList GitHub Pilot site<https://github.com/CVEProject/cvelist> and on the Downloads page<https://www.cve.org/Downloads> on the CVE website. * The highest priority issue on the Soft Deploy - Prioritized Issues<https://cveproject.github.io/automation-cve-services-known-issues> list was corrected. With this fix, when version ranges are used in a CVE JSON 5.0 record<https://cveproject.github.io/cve-schema/schema/v5.0/docs/#oneOf_i0_containers_cna_affected_items_versions> the record will now properly down-convert to a CVE JSON 4.0 record and be placed in the JSON 4.0 CVE List. Work continues on the remaining issues. * CVE Services 2.1.2 was deployed in mid-February. This incremental release fixed a number of issues that had been reported and introduced functions to support the "bulk download" capability. The release notes are available here<https://github.com/CVEProject/cve-services/releases/tag/v2.1.2-sd>. * A new "CVE Services<https://www.cve.org/AllResources/CveServices>" page was added to the cve.org website to be the main resource center for access to information about CVE Services/CVE JSON 5.0. The new page includes an overview with current version and status, information on how to obtain credentials for using the services, a workflow tutorial, demos of the clients used to interact with the services, and more. A "Reserve IDs & Publish Records (CNAs Only)<https://www.cve.org/AllResources/ReserveIDsPublishRecords>" page to help direct CNAs to the new CVE Services page was also added. Moving to Hard Deploy - Next Steps Over the next several weeks we will be staging the required components to support hard deploy. This entails updating the CVE Services software, the cve.org website, and the Secretariat's Content Management System (CPS), and finally, deploying the software for the bulk download capability. All of this work will be done without interruption of current services. This means you'll continue to be able to reserve CVE IDs and submit/update CVE Records as you have in the past, as well as download records for viewing. Upon completion of these updates and deployment, the Secretariat will send out a notification that the CVE Services/CVE JSON 5.0 hard deploy is complete. This notice will signify that this major milestone of the CVE Program automation update is complete and highlight the program's next steps in automation upgrade. Reminder about the CVE Global Summit - Spring 2023 on March 22 & 23 As a reminder, the CVE Global Summit - Spring 2023<https://www.cve.org/Media/Events> is being held in-person for CNAs on March 22-23 at MITRE Corporation in McLean, Virginia, USA. There will also be a virtual component. Many of the topics mentioned above will be discussed in more detail at the summit. Please refer to the meeting invite and follow-up messages you received for meeting details. We look forward to seeing everyone in person! Questions? Please use the CVE Request Web Forms<https://cveform.mitre.org/> and select "Other" from the dropdown. Respectfully, CVE Program Secretariat cve-prog-secretar...@mitre.org<mailto:cve-prog-secretar...@mitre.org> [A picture containing text, clipart Description automatically generated]
