mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-10-27 12:15:33 +03:00
Ronald Cron
26
BRANCHES.md
26
BRANCHES.md
@@ -6,9 +6,8 @@ At any point in time, we have a number of maintained branches, currently consist
|
||||
this always contains the latest release, including all publicly available
|
||||
security fixes.
|
||||
- The [`development`](https://github.com/Mbed-TLS/mbedtls/tree/development) branch:
|
||||
this is where the next major version of Mbed TLS (version 4.0) is being
|
||||
prepared. It has API changes that make it incompatible with Mbed TLS 3.x,
|
||||
as well as all the new features and bug fixes and security fixes.
|
||||
this is where the next minor version of Mbed TLS 4 is prepared. It contains
|
||||
new features, bug fixes, and security fixes.
|
||||
- One or more long-time support (LTS) branches: these only get bug fixes and
|
||||
security fixes. Currently, the supported LTS branches are:
|
||||
- [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6).
|
||||
@@ -19,7 +18,7 @@ These branches will not receive any changes or updates.
|
||||
|
||||
We use [Semantic Versioning](https://semver.org/). In particular, we maintain
|
||||
API compatibility in the `main` branch across minor version changes (e.g.
|
||||
the API of 3.(x+1) is backward compatible with 3.x). We only break API
|
||||
the API of 4.(x+1) is backward compatible with 4.x). We only break API
|
||||
compatibility on major version changes (e.g. from 3.x to 4.0). We also maintain
|
||||
ABI compatibility within LTS branches; see the next section for details.
|
||||
|
||||
@@ -66,25 +65,6 @@ crypto that was found to be weak) may need to be changed. In case security
|
||||
comes in conflict with backwards compatibility, we will put security first,
|
||||
but always attempt to provide a compatibility option.
|
||||
|
||||
## Backward compatibility for the key store
|
||||
|
||||
We maintain backward compatibility with previous versions of the
|
||||
PSA Crypto persistent storage since Mbed TLS 2.25.0, provided that the
|
||||
storage backend (PSA ITS implementation) is configured in a compatible way.
|
||||
We intend to maintain this backward compatibility throughout a major version
|
||||
of Mbed TLS (for example, all Mbed TLS 3.y versions will be able to read
|
||||
keys written under any Mbed TLS 3.x with x <= y).
|
||||
|
||||
Mbed TLS 3.x can also read keys written by Mbed TLS 2.25.0 through 2.28.x
|
||||
LTS, but future major version upgrades (for example from 2.28.x/3.x to 4.y)
|
||||
may require the use of an upgrade tool.
|
||||
|
||||
Note that this guarantee does not currently fully extend to drivers, which
|
||||
are an experimental feature. We intend to maintain compatibility with the
|
||||
basic use of drivers from Mbed TLS 2.28.0 onwards, even if driver APIs
|
||||
change. However, for more experimental parts of the driver interface, such
|
||||
as the use of driver state, we do not yet guarantee backward compatibility.
|
||||
|
||||
## Long-time support branches
|
||||
|
||||
For the LTS branches, additionally we try very hard to also maintain ABI
|
||||
|
||||
Reference in New Issue
Block a user