The CVE Program is rapidly approaching the "hard 
 of the CVE Services<>/CVE JSON 
5.0<> automation upgrade.

The objective of hard deploy is to address issues that have been identified 
during the "soft 
 period (which began in October 2022), and to make available a CVE JSON 5.0 
Bulk Download capability (see the Transition 
FAQs<> for additional 

Important milestones since our last bulletin:

  *   The CVE JSON 5.0 Bulk Download function is currently undergoing testing 
and is almost complete. This function will make the full CVE List downloadable 
in CVE JSON 5.0 format. The deployment schedule for this capability will be 
announced at the upcoming CVE Global Summit - Spring 

IMPORTANT: A preview of the CVE JSON 5.0 Bulk Download Repository is available 
for review<>, but this is a PREVIEW ONLY 
and SHOULD NOT be considered the official CVE List. This new repository 
continues to undergo testing and has not been finalized. The official CVE List 
continues to be based on CVE JSON 4.0 and is found on the CVEList GitHub Pilot 
site<> and on the Downloads 
page<> on the CVE website.

  *   The highest priority issue on the Soft Deploy - Prioritized 
Issues<> list 
was corrected. With this fix, when version ranges are used in a CVE JSON 5.0 
 the record will now properly down-convert to a CVE JSON 4.0 record and be 
placed in the JSON 4.0 CVE List. Work continues on the remaining issues.

  *   CVE Services 2.1.2 was deployed in mid-February. This incremental release 
fixed a number of issues that had been reported and introduced functions to 
support the "bulk download" capability. The release notes are available 

  *   A new "CVE Services<>" page 
was added to the website to be the main resource center for access to 
information about CVE Services/CVE JSON 5.0. The new page includes an overview 
with current version and status, information on how to obtain credentials for 
using the services, a workflow tutorial, demos of the clients used to interact 
with the services, and more. A "Reserve IDs & Publish Records (CNAs 
Only)<>" page to help 
direct CNAs to the new CVE Services page was also added.

Moving to Hard Deploy - Next Steps

Over the next several weeks we will be staging the required components to 
support hard deploy. This entails updating the CVE Services software, the website, and the Secretariat's Content Management System (CPS), and 
finally, deploying the software for the bulk download capability. All of this 
work will be done without interruption of current services. This means you'll 
continue to be able to reserve CVE IDs and submit/update CVE Records as you 
have in the past, as well as download records for viewing.

Upon completion of these updates and deployment, the Secretariat will send out 
a notification that the CVE Services/CVE JSON 5.0 hard deploy is complete. This 
notice will signify that this major milestone of the CVE Program automation 
update is complete and highlight the program's next steps in automation upgrade.

Reminder about the CVE Global Summit - Spring 2023 on March 22 & 23

As a reminder, the CVE Global Summit - Spring 
2023<> is being held in-person for CNAs on 
March 22-23 at MITRE Corporation in McLean, Virginia, USA. There will also be a 
virtual component. Many of the topics mentioned above will be discussed in more 
detail at the summit.
Please refer to the meeting invite and follow-up messages you received for 
meeting details. We look forward to seeing everyone in person!

Questions? Please use the CVE Request Web Forms<> and 
select "Other" from the dropdown.

CVE Program Secretariat<>

[A picture containing text, clipart  Description automatically generated]

Reply via email to