CVE data is to be in the JSON 5.1 CVE Record format. Details of the JSON 5.1 schema are located here.
Contact the CVE Services team", "contact": { diff --git a/package-lock.json b/package-lock.json index 3a556810..527d4635 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "cve-services", - "version": "2.3.1", + "version": "2.3.2", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "cve-services", - "version": "2.3.1", + "version": "2.3.2", "license": "(CC0)", "dependencies": { "ajv": "^8.6.2", diff --git a/src/controller/cve.controller/cve.controller.js b/src/controller/cve.controller/cve.controller.js index be59db65..d8e62db7 100644 --- a/src/controller/cve.controller/cve.controller.js +++ b/src/controller/cve.controller/cve.controller.js @@ -723,9 +723,15 @@ async function rejectExistingCve (req, res, next) { const providerMetadata = createProviderMetadata(providerOrgObj.UUID, req.ctx.org, (new Date()).toISOString()) + // Update dataVersion to current schema version + if (result.cve.dataVersion !== CONSTANTS.SCHEMA_VERSION) { + result.cve.dataVersion = CONSTANTS.SCHEMA_VERSION + } + // update CVE record to rejected const updatedRecord = Cve.updateCveToRejected(id, providerMetadata, result.cve, req.ctx.body) const updatedCve = new Cve({ cve: updatedRecord }) + result = Cve.validateCveRecord(updatedCve.cve) if (!result.isValid) { logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })) diff --git a/src/swagger.js b/src/swagger.js index e412e0c9..31ac3841 100644 --- a/src/swagger.js +++ b/src/swagger.js @@ -14,7 +14,7 @@ const rejectedCreateCVERecord = require('../schemas/cve/rejected-create-cve-exam /* eslint-disable no-multi-str */ const doc = { info: { - version: '2.3.1', + version: '2.3.2', title: 'CVE Services API', description: "The CVE Services API supports automation tooling for the CVE Program. Credentials are \ required for most service endpoints. Representatives of \