OVAL v2 Announcement
Introduction
In 2019, the v2 version of our Open Vulnerability and Assessment Language (OVAL) security data was made available. However, the security data landscape is constantly changing, and making adjustments and improvements to meet new industry standards and customer requirements is necessary. In July of 2024, Red Hat Product Security published and announced generally available Vulnerability Exploitability eXchange (VEX) files. With the VEX files now being ready for public consumption, the decision was made to officially move all OVAL v2 content into maintenance mode. Red Hat will continue to support OVAL v2 content for all active streams of RHEL 8 and 9 until they reach the end of maintenance. All remaining OVAL v2 content will be archived at that time.OVAL v2 Deprecation
OVAL data will not receive new features and will be limited to critical bug fixes only. OVAL v2 content will not be published for future RHEL releases, 10 and onward, as well as any other new products based on earlier versions of RHEL, released after RHEL 10. All customers and scanning vendors are highly encouraged to start using the current CSAF and VEX security data produced by Red Hat Product Security.Please contact Red Hat Product Security with any questions about these changes at secalert@redhat.com or file an issue in the SECDATA Jira project.
Quick Links
Help
Site Info
Related Sites
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Inclusion at Red Hat
- Cool Stuff Store
- Red Hat Summit