Merge branch 'staging' into dev

david-rocca · web-flow · commit 788b22990a50 · 2026-03-11T11:05:49.000-04:00
diff --git a/api-docs/openapi.json b/api-docs/openapi.json
@@ -1,7 +1,7 @@
 {
   "openapi": "3.0.2",
-  "info": {
-    "version": "2.6.1",
+  "info": { 
+    "version": "2.7.0",
     "title": "CVE Services API",
     "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are     required for most service endpoints. Representatives of     <a href='https://www.cve.org/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> should     use one of the methods below to obtain credentials:    <ul><li>If your organization already has an Organizational Administrator (OA) account for the CVE     Services, ask your admin for credentials</li>     <li>Contact your Root (<a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/Google'>Google</a>,     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/INCIBE'>INCIBE</a>,     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC</a>, or     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/redhat'>Red Hat</a>) or     Top-Level Root (<a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS</a>     or <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/mitre'>MITRE</a>) to request credentials     </ul>     <p>CVE data is to be in the JSON 5.2 CVE Record format. Details of the JSON 5.2 schema are     located <a href='https://github.com/CVEProject/cve-schema/releases/tag/v5.2.0' target='_blank'>here</a>.</p>    <a href='https://cveform.mitre.org/' class='link' target='_blank'>Contact the CVE Services team</a>",
     "contact": {
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
     "name": "cve-services",
     "author": "Automation Working Group",
-    "version": "2.6.1",
+    "version": "2.7.0",
     "license": "(CC0)",
     "devDependencies": {
         "@faker-js/faker": "^7.6.0",
diff --git a/src/controller/org.controller/index.js b/src/controller/org.controller/index.js
@@ -639,6 +639,7 @@ router.put('/registry/org/:shortname',
   */
   mw.useRegistry(),
   mw.validateUser,
+  mw.onlySecretariat,
   parseError,
   parsePutParams,
   registryOrgController.UPDATE_ORG
diff --git a/src/swagger.js b/src/swagger.js
@@ -22,7 +22,7 @@ const fullCnaContainerRequest = require('../schemas/cve/create-cve-record-cna-re
 /* eslint-disable no-multi-str */
 const doc = {
   info: {
-    version: '2.6.1',
+    version: '2.7.0',
     title: 'CVE Services API',
     description: "The CVE Services API supports automation tooling for the CVE Program. Credentials are \
     required for most service endpoints. Representatives of \

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "cve-services",`
`3`	`3`	`"author": "Automation Working Group",`
`4`		`- "version": "2.6.1",`
	`4`	`+ "version": "2.7.0",`
`5`	`5`	`"license": "(CC0)",`
`6`	`6`	`"devDependencies": {`
`7`	`7`	`"@faker-js/faker": "^7.6.0",`