Merge pull request #3559 from CVEProject/int

5/13/25 Release: INT to MAIN

Author: jdaigneau5

src/assets/data/CNAsList.json

@@ -12909,7 +12909,7 @@
         "email": [
           {
             "label": "Email",
-            "emailAddr": "cve-full@somosafull.com.br"
+            "emailAddr": "contato@full.services"
           }
         ],
         "contact": [],
@@ -24510,7 +24510,7 @@
       {
         "label": "Policy",
         "language": "",
-        "url": "https://docs.imanage.com/security/Vulnerability_Disclosure_Policy.html"
+        "url": "https://imanage.com/about/vulnerability-report/"
       }
     ],
     "securityAdvisories": {
@@ -26073,5 +26073,175 @@
       ]
     },
     "country": "USA"
+  },
+  {
+    "shortName": "EEF",
+    "cnaID": "CNA-2025-0023",
+    "organizationName": "Erlang Ecosystem Foundation",
+    "scope": "Vulnerabilities in active packages hosted on <a href='https://hex.pm/' target='_blank'>Hex.pm</a>, and in active projects hosted under the GitHub organizations <a href='https://github.com/elixir-lang' target='_blank'>@elixir-lang</a>, <a href='https://github.com/erlang' target='_blank'>@erlang</a>, <a href='https://github.com/erlef-cna' target='_blank'>@erlef-cna</a>, <a href='https://github.com/erlef' target='_blank'>@erlef</a>, <a href='https://github.com/gleam-lang' target='_blank'>@gleam-lang</a>, and <a href='https://github.com/hexpm' target='_blank'>@hexpm</a>, unless covered by the scope of another CNA.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "cna@erlef.org"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://cna.erlef.org/security-policy"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://cna.erlef.org/cves"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Consortium",
+        "Open Source"
+      ]
+    },
+    "country": "USA"
+  },
+  {
+    "shortName": "SCHUTZWERK",
+    "cnaID": "CNA-2025-0024",
+    "organizationName": "SCHUTZWERK GmbH",
+    "scope": "Vulnerabilities discovered by, reported to, or coordinated by, SCHUTZWERK unless covered by another CNA.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "advisories@schutzwerk.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.schutzwerk.com/en/advisories/"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.schutzwerk.com/blog/tags/advisories/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Researcher"
+      ]
+    },
+    "country": "Germany"
+  },
+  {
+    "shortName": "Stackable",
+    "cnaID": "CNA-2025-0025",
+    "organizationName": "Stackable GmbH",
+    "scope": "Vulnerabilities in Stackable products including end-of-life or unsupported Stackable software, as well as open source projects that are not in another CNA’s scope.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "cve-coordination@stackable.tech"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://stackable.tech/en/vulnerability-disclosure-policy/"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://advisories.stackable.tech/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Vendor",
+        "Open Source"
+      ]
+    },
+    "country": "Germany"
   }
 ]

src/assets/data/metrics.json

@@ -1145,7 +1145,7 @@
         },
         {
           "month": "May",
-          "value": "TBA"
+          "value": "3"
         },
         {
           "month": "June",

src/assets/data/news.json

@@ -1,5 +1,89 @@
 {
   "currentNews": [
+    {
+      "id": 519,
+      "newsType": "news",
+      "title": "CNA Operational Rules Updated to Version 4.1.0",
+      "urlKeywords": "CNA Rules Updated to Version 4 1 0",
+      "date": "2025-05-13",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "“<a href='/Resources/Roles/Cnas/CNA_Rules_v4.1.0.pdf' target='_blank'>CNA Operational Rules Version 4.1.0</a>” was approved by the <a href='/ProgramOrganization/Board'>CVE Board</a> on May 14, 2025, and is effective as of May 14, 2025. <a href='/Resources/Roles/Cnas/CNA_Rules_v4.1.0.pdf' target='_blank'>CNA Rules v4.1.0</a>, which has no breaking changes and was updated to improve the clarity of requirements throughout the document, is available now as a <a href='/Resources/Roles/Cnas/CNA_Rules_v4.1.0.pdf' target='_blank'>PDF</a> (0.2MB)."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Non-breaking changes for CNA Rules v4.1.0 include: <ul><li>Improved clarity regarding end-of-life (EOL) assignments</li><li>Enhanced information about the year portion of the CVE ID</li><li>Updated requirements for references</li><li>Grammar fixes and other improvements throughout the document</li></ul>"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The <a href='/ResourcesSupport/AllResources/CNARules'>CNA Rules web page</a> on the CVE  website will be updated to the new version soon."
+        }
+      ]
+    },
+    {
+      "id": 518,
+      "newsType": "news",
+      "title": "Stackable Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Stackable Added as CNA",
+      "date": "2025-05-13",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/Stackable'>Stackable GmbH</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for vulnerabilities in Stackable products including end-of-life or unsupported Stackable software, as well as open source projects that are not in another CNA’s scope."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>456 CNAs</a> (453 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Stackable is the 23rd CNA from Germany."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Stackable’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 517,
+      "newsType": "news",
+      "title": "SCHUTZWERK Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "SCHUTZWERK Added as CNA",
+      "date": "2025-05-13",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/SCHUTZWERK'>SCHUTZWERK GmbH</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for vulnerabilities discovered by, reported to, or coordinated by, SCHUTZWERK unless covered by another CNA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>455 CNAs</a> (452 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. SCHUTZWERK is the 22nd CNA from Germany."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "SCHUTZWERK’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 516,
+      "newsType": "news",
+      "title": "Erlang Ecosystem Foundation Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Erlang Ecosystem Foundation Added as CNA",
+      "date": "2025-05-13",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/EEF'>Erlang Ecosystem Foundation</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for vulnerabilities in active packages hosted on <a href='https://hex.pm/' target='_blank'>Hex.pm</a>, and in active projects hosted under the GitHub organizations <a href='https://github.com/elixir-lang' target='_blank'>@elixir-lang</a>, <a href='https://github.com/erlang' target='_blank'>@erlang</a>, <a href='https://github.com/erlef-cna' target='_blank'>@erlef-cna</a>, <a href='https://github.com/erlef' target='_blank'>@erlef</a>, <a href='https://github.com/gleam-lang' target='_blank'>@gleam-lang</a>, and <a href='https://github.com/hexpm' target='_blank'>@hexpm</a>, unless covered by the scope of another CNA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>454 CNAs</a> (451 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Erlang Ecosystem Foundation is the 245th CNA from USA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Erlang Ecosystem Foundation’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
+        }
+      ]
+    },
     {
       "id": 515,
       "newsType": "blog",

src/views/ResourcesSupport/AllResources/CNARules.vue

@@ -7,6 +7,25 @@
       <div class="column is-8-desktop cve-main-column-content-width is-12-tablet">
         <main id="cve-main-page-content" role="main">
           <h1 class="title">CVE Numbering Authority (CNA) Operational Rules</h1>
+          <div role="alert" class="notification is-warning is-light">
+            <div class="is-flex">
+              <p id="alertIconCnaRules" class="is-hidden">alert</p>
+              <font-awesome-icon style="flex: 0 0 40px;" size="1x"  icon="exclamation-triangle" role="alert"
+                aria-labelledby="alertIconCnaRules" aria-hidden="false" />
+              <div>
+                <p>
+                  “CNA Operational Rules Version 4.1.0” was approved by the
+                  <a href='/ProgramOrganization/Board'>CVE Board</a>
+                  on May 14, 2025, and is effective as of May 14, 2025. The web page below will be updated soon to the new version.
+                </p>
+                <p>
+                  <a href='/Resources/Roles/Cnas/CNA_Rules_v4.1.0.pdf' target='_blank'>CNA Rules v4.1.0</a>
+                  is available now as a
+                  <a href='/Resources/Roles/Cnas/CNA_Rules_v4.1.0.pdf' target='_blank'>PDF</a> (0.2MB).
+                </p>
+              </div>
+            </div>
+          </div>
           <div id="cve-versionInformation">
             <p class="has-text-weight-bold">
               Document Version: <span>{{ versionNum }}</span>

src/views/ResourcesSupport/Resources.vue

@@ -125,7 +125,7 @@
                 <ul class="mt-0 tile-body cve-task-tile-list">
                   <li>
                     <router-link to="/ResourcesSupport/AllResources/CNARules" target="_blank">
-                      CVE Numbering Authority (CNA) Rules, Version 4.0
+                      CVE Numbering Authority (CNA) Rules
                     </router-link>
                   </li>
                   <li>