Major new additions include support for Data Provenance & Citations, Intellectual Property Transparency, Cryptographic Assurance (CBOM), extended License Details. and external components (SBOM).
Announcement: https://cyclonedx.org/news/cyclonedx-v1.7-released/
Fixed
- XML schema: add type for
ComponentDatasub-elements (#600 via #601) - JSON schema: added the correct
deprecatedmark for already deprecated structures (via a973a6b)
Deprecated
- Deprecated various fields and structures related to cryptographic transparency - CBOM . (via #657)
Use the newly added structures and fields for detailing the information instead.
Changed
- Extended the scope of formulations. (via #647)
From now on, formulations may be used to describe how any referencable object within the BOM came together, including components, services, metadata, declarations, or the BOM itself.
Before, it was restricted to components and services.
Added
- Support for external components with version-ranges (#321 via #586)
- Support for multiple SPDX License Expressions alongside with other licenses (#454 via #582)
- Support for Streebog hashing algorithm (#485 via #525)
- Support for license expression details and properties (#549, #554 via #599)
- Support for expressing BOM distribution constraints with the Traffic Light Protocol (TLP) in metadata (#595 via #604, #653)
- Support for representing patent information (#596 via #597)
- Support for properties on external-references (#608 via #610)
- Support for citations (#630 via #629)
- Support for detailing cryptographic transparency information - CBOM (#569 via #657)
Documentation
- Elaborated component classification "platform", explicitly expressed that it includes just-in-time compilers and interpreters (#233 via #647)
- Removed the term "optional" from the schema where the definition was already unambiguous (#616, #649 via #680)
Test data
- Add test data for CycloneDX 1.7 implementations in XML, JSON, Protobuf
What's Changed
- chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.4.0 to 3.5.1 in /tools by @dependabot[bot] in #527
- chore(deps): bump commons-io:commons-io from 2.16.1 to 2.17.0 in /tools by @dependabot[bot] in #523
- Adapt test samples to ensure consistency between the different formats by @andreas-hilti in #514
- fix: typos in schemas 1.6 by @weaversa in #550
- chore(dev-deps): tools use cyclonedx-core-java v10.0.0 by @jkowalleck in #552
- remove unused config file by @jkowalleck in #558
- chore(deps): update opis/json-schema requirement from 2.3 to 2.4.1 in /tools/src/test/php by @dependabot[bot] in #560
- docs: align media types in table by @jkowalleck in #561
- docs: Recognized file patterns by @jkowalleck in #562
- docs: fix some docs image-urls by @jkowalleck in #566
- docs: docsgen restructure output for website by @jkowalleck in #570
- docs: docgen proto with
protoc-gen-docby @jkowalleck in #557 - docs: docsgen theme and linkd for proto by @jkowalleck in #571
- docs: docsge fix title in
<meta>elements by @jkowalleck in #572 - docs: docsgen proto html scroll fixes by @jkowalleck in #573
- chore: introduce PR template by @jkowalleck in #579
- pull_request_template tell about rules by @jkowalleck in #580
- tests: testcases initial 1.7 by @jkowalleck in #583
- docs: docsgen latest first by @jkowalleck in #584
- feat(DX): add xml catalog for XSD by @Nicolas-Peiffer in #479
- fix: version range spec url by @jkowalleck in #581
- docs: allow SchemaDocs HTML generator run for one(specific) CDX version by @jkowalleck in #587
- chore: bump tools buf 1.50.0 by @jkowalleck in #588
- chore: test protobuf acknowledged BC by @jkowalleck in #589
- tests: php QA tests run offline by @jkowalleck in #594
- tests(Java): run test against actual schema files by @ppkarwasz in #592
- Fix missing type definitions for ComponentData subelements in XML by @andreas-hilti in #601
- Add support for Streebog hashing algorithm by @volkdm in #525
- feat: support for external components with version-ranges by @jkowalleck in #586
- docs: modernize build workflow badges by @jkowalleck in #625
- Update cryptography-defs.json by @bhess in #622
- Extends cryptography-defs.json by @bhess in #644
- feat: Add support for TLP marking in metadata by @anthonyharrison in #604
- feat: add custom properties to external references by @Urist-McGit in #610
- feat: license expression details and properties - text attachment, licensing, etc by @jkowalleck in #599
- Add support for representing patent information by @stevespringett in #597
- Improve wording of issue templates by @sschuberth in #651
- JIT compilers & interpreters are "platforms" by @jkowalleck in #647
- Add python script to generate algorithm families by @n1ckl0sk0rtge in #645
- Review algorithm list, apply rules for patterns by @bhess in #646
- Add missing changes by @n1ckl0sk0rtge in #658
- CBOM 1.7: Update test cases & a few schema fixes/extensions by @bhess in #661
- feat: support multi license mix by @jkowalleck in #582
- [1.7] citation: proposed changes 2 by @jkowalleck in #667
- Extend crypto definitions by @bhess in #672
- [1.7] Added citation support and test cases. by @stevespringett in #630
- refactor: metadata distribution to be an object by @jkowalleck in #653
- fix: remove the word "optional", align some docs by @jkowalleck in #680
- Extend crypto definitions by @bhess in #676
- [1.7] - Updates from CBOM working group - remove any BREAKING CHANGES for ProtoBuf by @jkowalleck in #677
- [1.7] - Updates from CBOM working group by @stevespringett in #657
- Updating SPDX license list to 3.27.0 by @jkowalleck in #683
- fix(XML): fixed
aggregateTypedocs forincomplete_first_party_*by @lime in #684 - fix(XML): fixed
aggregateTypedocs forincomplete_first_party_*by @jkowalleck in #686 - chore(deps): bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 in /tools by @dependabot[bot] in #687
- chore(deps): bump actions/setup-java from 4 to 5 by @dependabot[bot] in #695
- chore(deps): bump actions/setup-python from 5 to 6 by @dependabot[bot] in #694
- chore(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #693
- chore(deps): bump actions/setup-node from 4 to 5 by @dependabot[bot] in #692
- chore: GH workflow permissions by @jkowalleck in #655
- reorder readme header by @jkowalleck in #701
- [1.7] docs: update link to version-range-spec by @jkowalleck in #700
- docs: update link to version-range-spec by @jkowalleck in #699
- chore(deps): update opis/json-schema requirement from 2.4.1 to 2.6.0 in /tools/src/test/php by @dependabot[bot] in #707
- chore(deps): bump actions/setup-node from 5 to 6 by @dependabot[bot] in #706
- v1.7 by @jkowalleck in #511
New Contributors
- @weaversa made their first contribution in #550
- @ppkarwasz made their first contribution in #592
- @volkdm made their first contribution in #525
- @anthonyharrison made their first contribution in #604
- @Urist-McGit made their first contribution in #610
- @sschuberth made their first contribution in #651
- @n1ckl0sk0rtge made their first contribution in #645
- @lime made their first contribution in #684
Full Changelog: 1.6.1...1.7
Contributors
bhess, sschuberth, and 12 other contributors