What versioning scheme does the CycloneDX specification use? #365
-
|
I've been looking throughout the documentation, but I can't find anything detailing how the specification does versioning. The version only has two numbers, so surely it is not semver, which has three. What assumptions can be made about a release based on its version? For example, when upgrading from 1.4 to 1.5, can I assume that there won't be any breaking changes? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
The XML: xmlns:bom="http://cyclonedx.org/schema/bom/1.5"JSON: "$id": "http://cyclonedx.org/schema/bom-1.5.schema.json",All 1.x releases are forward compatible. A CycloneDX v1.0 document will validate with the latest v1.5 specification. Features introduced in recent versions of the spec(e.g 1.5) however, will not be backward compatible since those features were not previously available. We have had no breaking changes in the 1.x series and do not intend to introduce any. There are some ideas for breaking changes documented in the 2.0 milestone. |
Beta Was this translation helpful? Give feedback.
The
1.5string in the JSON and XML schemas specify the specification version not the schema version. The schema version of the XML does use semver. JSON schema does not have an equivalent.XML:
JSON:
All 1.x releases are forward compatible. A CycloneDX v1.0 document will validate with the latest v1.5 specification. Features introduced in recent versions of the spec(e.g 1.5) however, will not be backward compatible since those features were not previously available. We have had no breaking changes in the 1.x series and do not intend to introduce any.
There are some ideas for breaking c…