From 11b8a9f2374e581832f7d2e79aecea1e54e1b729 Mon Sep 17 00:00:00 2001 From: David Waltermire Date: Mon, 16 May 2022 09:31:10 -0400 Subject: [PATCH] Simplify Release Management on OSCAL Github repo and website (#1264) * Migrated most release notes to the Github releases page for easier maintenance. Co-authored-by: Alexander Stein --- CONTRIBUTING.md | 4 +- README.md | 6 +- docs/content/contribute/roadmap.md | 190 +----------------------- docs/content/reference/release-notes.md | 95 +----------- versioning-and-branching.md | 2 +- 5 files changed, 12 insertions(+), 285 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 9e7cb49af5..5c12059a0a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -59,10 +59,10 @@ There are two mailing lists for the project: Contributions can be made to the following branches in this repository: -- **release-\***: The release branches are used to provide patches to a major or minor version of OSCAL. The branches are named release-*major*.*minor*. You should provide changes only to the highest numbered *minor* release for a given *major* release. Patch releases are made more frequenly than *major* or *minor* releases. +- **release-\***: The release branches are used to provide patches to a major or minor version of OSCAL. The branches are named release-*major*.*minor*. You should provide changes only to the highest numbered *minor* release for a given *major* release. Patch releases are made more frequently than *major* or *minor* releases. - **develop**: This branch is used to queue changes for the next *major*/*minor* release of OSCAL. A *major*/*minor* release will result in the creation of a new release branch, once the development has been completed and the update is to be staged for release. -More information about how releases are managed in this repository can be found in the [versioning and branching guide](./versioning-and-branching.md). +More information about how [releases](../../releases) are managed in this repository can be found in the [versioning and branching guide](./versioning-and-branching.md). The OSCAL project uses a typical GitHub fork and pull request [workflow](https://guides.github.com/introduction/flow/). To establish a development environment for contributing to the OSCAL project, you must do the following: diff --git a/README.md b/README.md index fe7e5cfad6..f6c69b1180 100644 --- a/README.md +++ b/README.md @@ -6,15 +6,15 @@ NIST is developing the [Open Security Controls Assessment Language](https://csrc With this effort, we are stressing the agile development of a set of *minimal* formats that are both generic enough to capture the breadth of data in scope (controls specifications), while also capable of ad-hoc tuning and extension to support peculiarities of both (industry or sector) standard and new control types. -The [OSCAL website](https://www.nist.gov/oscal) provides an overview of the OSCAL project, including an XML and JSON [schema reference](https://pages.nist.gov/OSCAL/docs/schemas/), [examples](https://pages.nist.gov/OSCAL/resources/examples/), and other resources. +The [OSCAL website](https://www.nist.gov/oscal) provides an overview of the OSCAL project, including an XML and JSON [schema reference](https://pages.nist.gov/OSCAL/reference/), [examples](https://pages.nist.gov/OSCAL/concepts/examples/), and other resources. If you are interested in contributing to the development of OSCAL, refer to the [contributor guidance](/~https://github.com/usnistgov/OSCAL/blob/main/CONTRIBUTING.md) for more information. ## Project Status -To view the latest release of OSCAL check out [GitHub releases](/~https://github.com/usnistgov/OSCAL/releases). The [release notes](https://pages.nist.gov/OSCAL/reference/release-notes/) are also available on the NIST OSCAL website, and contain a summary of the changes between the different releases. +To view the latest release of OSCAL check out [GitHub releases](../../releases). Each release on that page provides a complete summary of the changes made in each release. -All changes are made based on the excellent feedback and contributions that are received from the OSCAL community. The NIST OSCAL team is very thankful for all of it. +The changes made in each release are based on the excellent feedback and contributions that are received from the OSCAL community. The NIST OSCAL team is very thankful for all of it. Any feedback may be emailed to the NIST OSCAL team at [oscal@nist.gov](mailto:oscal@nist.gov) or by [creating an issue](/~https://github.com/usnistgov/OSCAL/issues) on the GitHub repository. diff --git a/docs/content/contribute/roadmap.md b/docs/content/contribute/roadmap.md index 087fe8d2de..f45760bd73 100644 --- a/docs/content/contribute/roadmap.md +++ b/docs/content/contribute/roadmap.md @@ -18,196 +18,10 @@ Each [milestone](/~https://github.com/usnistgov/OSCAL/milestones) will result in a ## OSCAL v1 -The first major version of OSCAL, OSCAL v1, will be developed over a series of milestone releases, culminating in a a [full release](#oscal-100-full-release) of OSCAL v1. - -OSCAL release history, in reverse chronological order: - -- [OSCAL 1.0.2 Patch Release](/contribute/roadmap/#oscal-102) - March 3, 2022 -- [OSCAL 1.0.1 Patch Release](/contribute/roadmap/#oscal-101) - January 30, 2022 -- [OSCAL 1.0.0 Full Release](/contribute/roadmap/#oscal-100-full-release) - June 7, 2021 -- [OSCAL 1.0.0 Release Candidate 2](/contribute/roadmap/#oscal-100-release-candidate-2) - April 12, 2021 -- [OSCAL 1.0.0 Release Candidate 1](/contribute/roadmap/#oscal-100-release-candidate-1) - December 21, 2020 -- [OSCAL 1.0.0 Milestone 3](/contribute/roadmap/#oscal-100-milestone-3) - June 3, 2020 -- [OSCAL 1.0.0 Milestone 2](/contribute/roadmap/#oscal-100-milestone-2) - October 1, 2019 -- [OSCAL 1.0.0 Milestone 1](/contribute/roadmap/#oscal-100-milestone-1) - June 15, 2019 - -These releases are listed below in reverse chronological order. - -### OSCAL 1.0.2 - -{{}}Development Milestone{{}} OSCAL [1.0.2 Release](/~https://github.com/usnistgov/OSCAL/milestone/13) - -{{}}Status{{}} [Released](/~https://github.com/usnistgov/OSCAL/releases/tag/v1.0.1) (March 3, 2022) - -{{}}Focus{{}} Bug fixes and documentation improvements. - -{{}}Release Notes{{}} [OSCAL 1.0.2 Release Notes](/reference/release-notes/#oscal-102-release) - -The NIST Open Security Controls Assessment Language (OSCAL) team is pleased to announce the release of OSCAL 1.0.2. This patch release of OSCAL 1.0 provides bug fixes and documentation enhancements. - -This release [incorporates changes](https://pages.nist.gov/OSCAL/reference/release-notes/#oscal-102-release) based on feedback from the OSCAL community. The NIST OSCAL team is very thankful for all of the great ideas and feedback we have received. - -### OSCAL 1.0.1 - -{{}}Development Milestone{{}} OSCAL [1.0.1 Release](/~https://github.com/usnistgov/OSCAL/milestone/12) - -{{}}Status{{}} [Released](/~https://github.com/usnistgov/OSCAL/releases/tag/v1.0.2) (January 30, 2022) - -{{}}Focus{{}} Bug fixes, documentation improvements, and Metaschema constraint improvements. - -{{}}Release Notes{{}} [OSCAL 1.0.1 Release Notes](/reference/release-notes/#oscal-101-release) - -The NIST Open Security Controls Assessment Language (OSCAL) team is pleased to announce the release of OSCAL 1.0.1. This first patch release of OSCAL 1.0 provides bug fixes and documentation enhancements. - -This release [incorporates changes](https://pages.nist.gov/OSCAL/reference/release-notes/#oscal-101-release) based on feedback from the OSCAL community. The NIST OSCAL team is very thankful for all of the great ideas and feedback we have received. - -### OSCAL 1.0.0 Full Release - -{{}}Development Milestone{{}} OSCAL [1.0.0 Release](/~https://github.com/usnistgov/OSCAL/milestone/4) - -{{}}Status{{}} [Released](/~https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0) (June 7, 2021) - -{{}}Focus{{}} Provide a stable OSCAL 1.0.0 for wide-scale implementation. - -{{}}Release Notes{{}} [OSCAL 1.0.0 Release Notes](/reference/release-notes/#oscal-100-release) - -The NIST Open Security Controls Assessment Language (OSCAL) team is pleased to announce the release of OSCAL 1.0.0. This first official, major release of OSCAL provides a stable OSCAL 1.0.0 for wide-scale implementation. This release marks an important milestone for the OSCAL project and for the earlier adopters and implementers of security automation with OSCAL. - -This release [incorporates changes](/reference/release-notes/#oscal-100-release) based on feedback from the OSCAL community. The NIST OSCAL team is very thankful for all of the great ideas and feedback we have received to date. - -Looking forward, the NIST OSCAL team is excited to work with the [OSCAL community](/contribute/) to continue to enhance OSCAL through [additional minor releases](#beyond-the-oscal-100-full-release). - -For additional information on the OSCAL project, please see the NIST’s Cybersecurity Insights blog: [*“The Foundation for Interoperable and Portable Security Automation is Revealed in NIST’s OSCAL Project”*](https://www.nist.gov/blogs/cybersecurity-insights/foundation-interoperable-and-portable-security-automation-revealed) and the [OSCAL website](/). - -### OSCAL 1.0.0 Release Candidate 2 - -{{}}Development Milestone{{}} OSCAL 1.0.0 [Release Candidate 2](/~https://github.com/usnistgov/OSCAL/milestone/10) - -{{}}Status{{}} [Released](/~https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-rc2) (April 12, 2021) - -{{}}Focus{{}} Promote review of draft OSCAL 1.0.0 documentation and formats ahead of finalizing OSCAL 1.0.0 - -{{}}Release Notes{{}} [OSCAL 1.0.0 Release Notes](/reference/release-notes/#oscal-100-release-candidate-2) - -This development phase provided updated stable versions of all OSCAL models, with a focus on the following areas of change: - -- Simplification of key OSCAL features - - Properties and annotations have been merged into a single `prop` that now allows an optional `remarks` and `uuid`. - - In the assessment plan and assessment results models, the concepts of a `task` and `action` have been combined. - - Use of `local-definitions` in the assessment plan, assessment results, and POA&M models has been simplified and made more consistent. -- Model documentation improvements - - Some usage descriptions were enhanced to provide more detail and to be more consistent overall. - - Formal names were updated in some places where the names did not match the data element. - - Many spelling errors were corrected. -- Removed the use of XML `` and JSON `additonalProperties` for arbitrary extensions based on community discussion. Extended data can still be provided using `link` declarations to external content. This decision can be revisited in future revisions once there is more implementation experience with the OSCAL models. -- Added the following `link` relations: `latest-version`, `predecessor-version`, and `successor-version` to allow an OSCAL document to link to latest, previous, and next document revisions. -- Fixed a few bugs in the profile resolver code and updated the resolver to work with new profile import/insert structures. -- Provided support for data insertion points for data other than parameters in markup content. - -These changes were made based on all the excellent feedback we received from the OSCAL community. The NIST OSCAL team is very thankful for all of the great feedback we have received. - -Updated tools to convert between OSCAL [XML](/~https://github.com/usnistgov/OSCAL/tree/main/xml) and [JSON](/~https://github.com/usnistgov/OSCAL/tree/main/json) formats, and to [up convert](/~https://github.com/usnistgov/OSCAL/tree/main/src/release/content-upgrade) content from previous releases to RC2. - -This will be the final release candidate before the full release of OSCAL 1.0.0. - -### OSCAL 1.0.0 Release Candidate 1 - -{{}}Development Milestone{{}} OSCAL 1.0.0 [Release Candidate 1](/~https://github.com/usnistgov/OSCAL/milestone/8) - -{{}}Status{{}} [Released](/~https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-rc1) (December 21, 2020) - -{{}}Focus{{}} Promote review of draft OSCAL 1.0.0 documentation and formats ahead of finalizing OSCAL 1.0.0 - -{{}}Release Notes{{}} [OSCAL 1.0.0 Release Notes](/reference/release-notes/#oscal-100-release-candidate-1) - -This development phase focused on producing: - -- Updated stable versions of [catalog](/concepts/layer/control/catalog/) and [profile](/concepts/layer/control/profile/) models which provide a structured representation of control catalogs and baselines or overlays. -- Updated stable version of the [system security plan](/concepts/layer/implementation/ssp/) model which provides a structured representations of a system's control-based implementation. This model has been enhanced to support documenting how controls from an existing authorized system can be leveraged in another information system, which supports common control provider and platform as a service (PaaS) use cases. -- Updated stable version of the [component definition](/concepts/layer/implementation/component-definition/) model which provides a structured representation of the controls that are supported in a given implementation of a hardware, software, service, policy, process, procedure, or compliance artifact (e.g., FIPS 140-2 validation). -- Revised drafts of the [assessment plan](/concepts/layer/assessment/assessment-plan/), [assessment results](/concepts/layer/assessment/assessment-results/), [plan of action and milestones](/concepts/layer/assessment/poam/) (POA&M) models, which support the structured representation of information used for planning and documenting the results of an information system assessment or continuous monitoring activity. These models have been enhanced to better support continuous assessment; to provide more traceability between the assessment schedule, specific assessment activities, collected data, and resulting findings and identified risks; and to improve the extensibility of these models. -- Updated tools to convert between OSCAL [XML](/~https://github.com/usnistgov/OSCAL/tree/main/xml) and [JSON](/~https://github.com/usnistgov/OSCAL/tree/main/json) formats, and to [up convert](/~https://github.com/usnistgov/OSCAL/tree/main/src/release/content-upgrade) content from milestone 3 to RC1. - -These changes were made based on all the excellent feedback we received from the OSCAL community. The NIST OSCAL team is very thankful for all of the great feedback we have received. - -### OSCAL 1.0.0 Milestone 3 - -{{}}Development Milestone{{}} OSCAL 1.0.0 [Milestone 3](/~https://github.com/usnistgov/OSCAL/milestone/3) - -{{}}Status{{}} [Released](/~https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-milestone3) (June 3, 2020) - -{{}}Focus{{}} Development of the OSCAL Component Definition model and drafts of the assessment and assessment result layer models. - -{{}}Release Notes{{}} [OSCAL 1.0.0 Release Notes](/reference/release-notes/#oscal-100-milestone-3) - -This development phase focused on three major areas: - -1. The OSCAL [component definition model](/concepts/layer/implementation/component-definition/), which is part of the [implementation layer](/concepts/layer/implementation/) of the OSCAL architecture. -1. Creation of draft models for the [assessment](/concepts/layer/assessment/) layer. Drafts of the [assessment plan](/concepts/layer/assessment/assessment-plan/), [assessment results](/concepts/layer/assessment/assessment-results/), and [plan of action and milestones](/concepts/layer/assessment/poam/) (POA&M) models were created. -1. Updates to the [catalog](/concepts/layer/control/catalog/), [profile](/concepts/layer/control/profile/), and [SSP](/concepts/layer/implementation/ssp/) models are also provided with this release. - -The following additional stakeholders can benefit from component definitions formatted based on the OSCAL component definitions model. They include the following producers of OSCAL catalogs, profiles, and/or tools: - -- **Security and privacy personnel:** Documenting system implementations can import component information related to hardware, software, services, policies, and procedures used to implement their systems saving time and effort -- **Policy personnel:** Can publish information about their policies as a component formatted using the OSCAL component definition model. -- **Tool vendors:** Creating tools that help organizations document and assess security and privacy control implementations using OSCAL formatted component and system implementation information to support risk assessment, continuous monitoring, compliance reporting, and other purposes - -### OSCAL 1.0.0 Milestone 2 - -{{}}Development Milestone{{}} OSCAL 1.0.0 [Milestone 1](/~https://github.com/usnistgov/OSCAL/milestone/2) - -{{}}Status{{}} [Released](/~https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-milestone2) (October 1, 2019) - -{{}}Focus{{}} Development of the OSCAL System Security Plan (SSP) Model. - -{{}}Release Notes{{}} [OSCAL 1.0.0 Release Notes](/reference/release-notes/#oscal-100-milestone-2) - -In this development phase the system security plan (SSP) model was developed as part of the [implementation layer](/concepts/layer/implementation/) of the OSCAL architecture. Updates to the [catalog](/concepts/layer/control/catalog/) and [profile](/concepts/layer/control/profile/) models are also provided with this release. - -The following additional stakeholders can benefit from SSPs formatted based on the OSCAL SSP model. - -- **Security and privacy personnel:** Documenting system implementations, and automatically identifying and addressing security and privacy implementation gaps before loss or damage occur -- **Operations personnel:** Rapidly verifying that systems comply with organizational security requirements -- **Auditors/assessors:** Performing audits/assessments on demand with minimal effort based on rich OSCAL formatted system implementation information. -- **Policy personnel:** Identifying systemic problems that necessitate changes to organizational security policies -- **Tool vendors:** Creating tools that help organizations document and assess security and privacy control implementations using OSCAL formatted system implementation information to support risk assessment, continuous monitoring, compliance reporting, and other purposes - -### OSCAL 1.0.0 Milestone 1 - -{{}}Development Milestone{{}} OSCAL 1.0.0 [Milestone 1](/~https://github.com/usnistgov/OSCAL/milestone/1) - -{{}}Status{{}} [Released](/~https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-milestone1) (June 15, 2019) - -{{}}Focus{{}} Development of the OSCAL Catalog and Profile Models. - -{{}}Release Notes{{}} [OSCAL 1.0.0 Release Notes](/reference/release-notes/#oscal-100-milestone-1) - -This initial OSCAL work encompasses the [catalog](/concepts/layer/control/catalog/) and [profile](/concepts/layer/control/profile/) concepts of the OSCAL architecture. - -The following stakeholders can benefit from control catalogs and control baselines defined using the OSCAL catalog and profile models respectively. - -- **Catalog maintainers:** Publishing control catalogs in OSCAL using OSCAL catalog XML, JSON, or YAML formats (e.g., NIST, ISO, ISACA) -- **Standard baseline maintainers:** Publishing control baselines using OSCAL profile XML, JSON, or YAML formats (e.g., NIST, FedRAMP), which can be used by many organizations consuming OSCAL formatted catalogs and baselines -- **Custom profile maintainers:** Developing new control baselines or customizing existing control baselines for organization-specific use (e.g., cloud service providers, integrators, agencies, businesses) using OSCAL profile XML, JSON, or YAML formats -- **Security and privacy personnel:** That need to select controls and implement security and privacy baselines to address security and privacy risks. -- **Tool vendors:** Creating tools that import and produce information in OSCAL formats to support risk assessment, continuous monitoring, compliance reporting, and other purposes - -### Beyond the OSCAL 1.0.0 Full Release +OSCAL version 1 is currently being maintained and enhanced over a series of [releases](/~https://github.com/usnistgov/OSCAL/releases), the [latest](/~https://github.com/usnistgov/OSCAL/releases/latest) of which can be found on Github. We will continue to address any defects, improve documentation, and add features where possible over a series of minor and defect fix releases. Minor releases will be be indicated as `1.x.0`, where `x` will be incremented for each minor release. This may include backporting features being worked on in the OSCAL 2.0.0 release epics. Defect fix releases will be indicated as `1.x.y`, where `x` will be the current minor release and `y` will be incremented for each defect fix release. This will allow adopters to benefit from releases against a stable and supported OSCAL v1, while we work on significant new features in OSCAL v2. ## OSCAL v2 -Similar to OSCAL v1, the second major version of OSCAL, OSCAL v2, will be developed over a series of milestone releases. We have not yet planned a specific number of milestones in the OSCAL v2 epic. We will start planning OSCAL v2 as are near wrapping up the [final development milestone](#oscal-100-full-release) of OSCAL v1. - -### OSCAL 2.0.0 Milestone 1 - -{{}}Development Milestone{{}} OSCAL 2.0.0 [Milestone 1](/~https://github.com/usnistgov/OSCAL/milestone/5) - -{{}}Status{{}} Planned - -{{}}Focus{{}} Further development of the OSCAL Assessment and Assessment Results models. - -The OSCAL Assessment and Assessment Results layers of the OSCAL architecture will continue to be developed as part of the OSCAL 2.0.0 release. This phase of development will focus on integrating automated means of collecting assessment data using existing assessment technologies. - -This assessment development work has been split from the earlier OSCAL v1 epic to allow a stable version of OSCAL formats to be released and maintained that provide a solid foundation for publishing control catalog and baseline information, and to allow organizations to automate the documentation, maintenance, and human-focused assessment of system implementations. This will allow tool vendors to develop against stable OSCAL v1 releases, while ongoing development of OSCAL v2 continues. +Similar to OSCAL v1, the second major version of OSCAL, OSCAL v2, will be developed over a series of milestone releases. We have not yet planned a specific set of milestones in the OSCAL v2 epic. We will start planning OSCAL v2 as are near wrapping up OSCAL v1. An initial [milestone](/~https://github.com/usnistgov/OSCAL/milestone/5) has been established to organize issues for future work on OSCAL v2. diff --git a/docs/content/reference/release-notes.md b/docs/content/reference/release-notes.md index 58dd23f7f0..fe30c73796 100644 --- a/docs/content/reference/release-notes.md +++ b/docs/content/reference/release-notes.md @@ -10,97 +10,10 @@ toc: headingselectors: "h2, h3, h4, h5, h6" --- -## OSCAL 1.0.2 Release - -The following changes were made in this patch release. - -- #1035 Upgrade Saxon version used in CI/CD to 10.6 (#PR 1187) @david-waltermire-nist -- #1093 Parameterize insertion of xsi:schemaLocation attribute in the content upgrader XSLTs; this feature is disabled by default (#1162) @aj-stein-nist, @wendellpiez - - Parameterized insertion of xsi:schemaLocation in RC2->1.0.0 content upgrader. - - Created README for content upgraders, document schema-location param. - - Added pointer from README.txt to content-upgrade docs, per @david-waltermire-nist's sync meeting review. -- #1121 Added embeded diagram of CI/CD workflow. (PR #1165) @aj-stein-nist -- #1130 Changed remarks fields from define-field to ref. (PR #1138) @guyzyl -- #1137 Replace `define-assembly` for `include-all` with `assembly ref` (PR #1144) @guyzyl, @david-waltermire-nist -- A bunch of updates to the Profile Resolution Specififcation to clarify and improve the specification. (PR #1172) @stephenbanghart, @aj-stein-nist - - #1140 Significant improvements around resolution of internal references. Behavior is now defined for resolving resources with different combinations of "rlink" and "base64". As these /should/ all be equal to one another, there is no standardized order or priority given in the specification at this time. - - #1141 Enhanced prose around Group handling, especially around expected behavior of the "keep always" prop. - - #1142 Core issue obsoleted by general OSCAL requirements on valid OSCAL documents. Cleaned up prose in the formats section. - - #1152 Added Metaschema entries for the new Mapping assembly and it's associated fields/flags. Verified the veracity of existing Profile documentation, making minor-moderate edits to bring documentation up to speed with the current specification. - - #1155 Fixed incorrect notation in metadata section: props are now properly refereed to as such, rather than using the value of their "name" field. -- #1153 Added README explaining content validation concepts. (PR #1170) @aj-stein-nist, @wendellpiez, @david-waltermire-nist -- #1153 Added information about content well-formedness and validation to the website. (PR #1169) @aj-stein-nist, @wendellpiez, @david-waltermire-nist -- #1176 Removed stale `NEW CONTENT`, `END NEW CONTENT`, and `NEW` comment blocks from Metaschemas. (PR #1179) @guyzyl -- Multiple changes to the Profile Resolution Specification. (PR #1089) @stephenbanghart, @aj-stein-nist - - Tagged Requirements (updated .rnc), Added Draft Status, several small fixes in modify section - - Applying AJ's fixes, other various small fixes - pending larger automated formating - - Intro purpose rewrite. Editorial fixes from comments. Small edits to "Processing" page on site. -- Added DRT Strategies Inc GRC tool to tools page (PR #1122) @vmangat -- Add Rules Presentation from January 21, 2022 Meeting (PR #1125) @aj-stein-nist -- Add tool oscal4neo4j to tools page (#1128) @Agh42, @bradh -- Remove extra `>` which shows in the built schemas (PRs #1133, #1147) @guyzyl -- Fix broken links to FedRAMP baselines (PR #1143) @rosskarchner -- Bumped nokogiri from 1.12.5 to 1.13.3 in /docs (PR #1154) @dependabot -- Updated core repo documentation (PR #1157) @david-waltermire-nist, @aj-stein-nist - - Updated readmes with more current and relevant information. - - Added CODEOWNERS to drive reviews. - - Updated .github/PULL_REQUEST_TEMPLATE.md -- Removed duplicated risk status construct in the assessment commonm Metaschema (PR #1159) @david-waltermire-nist -- Updated Tools with Additional Open Source Projects (PR #1164) @rgauss -- Fixed broken links in `README.md` (PR #1181) @guyzyl -- Renamed `.github/README.md` file to `ABOUT.md` to fix the main index page in the GitHub repo (#1182) @guyzyl -- Added mailing list names to contact page. - -The following compatibility breaking change was made: -- In all JSON schemas, the name "props" is used to signify the list of metadata properties. There was one case where the name prop is used instead of props. Fixes this obvious typo in the assessment results metaschema. (PR #1148) @guyzyl - -## OSCAL 1.0.1 Release - -The following changes were made in this patch release. - -- #635, #966 Cleaned up src/utils directory and added documentation (PR #970, #1014) @wendellpiez -- #956 Enhanced the schema production pipeline to ensure that high-order Unicode characters are properly escaped (PR usnistgov/ metaschema#165) @wendellpiez -- #958 Fixed an issue in the content upconverter used for updating OSCAL content from 1.0.0 RC2 to 1.0.0 (PR #960) @wendellpiez -- #983 Fix Dockerfile entrypoint using best practices for entrypoint. (PR #984) @ohsh60 -- #986 Updated dependency versions for Saxon and AJV in the Docker config. Added dependencies for yargs. (PR #987) @ohsh60 -- #1001 Fixed bad metapath. @david-waltermire-nist -- #1004 Refactored dockerfiles for the build and docs folders. Updated use documentation. Added missing dependency for calabash. (PR #1005) @david-waltermire-nist -- #1020 Updated documentation around using the content converters. (PR #1027, #1055) @wendellpiez -- #1025 Fixed SyntaxWarning for content validator oscal-content-validator.py (PR #1026) @bradh, @david-waltermire-nist -- #1037 Clarify data types docs for param insert (PR #1112) -- #1039, #1040, #1041, #1042, #1046 Updated the profile resolution specification (PR #1014, #1017) @stephenbanghart -- #1044 Added warnings for non-required UUID flags. @david-waltermire-nist -- #1053 Make @control-id for alter statements in profile required (PR #1111) @aj-stein-nist -- #1067 Fix enum typo from inteneral->internal (PR #1110) @aj-stein-nist -- #1102 Some Docker container improvements for local web development and testing for PRs (PR #1103) @aj-stein-nist -- #1107 Incorporating processing directives that support schematron validation of Metaschema-based models (#1108) @aj-stein-nist -- usnistgov/oscal-content/#59 Convert File Type for Files or Remote Hyperlinks in Continuous Deployment (PR #1010, 1070) @ohsh6o, @david-waltermire-nist -- Fixed broken branch configuration for the metaschema submodule (PR #991) @ohsh60 -- Fixed OSCAL constraints in Metaschemas. Fixing Metapath syntax errors. (PR #1012, #1065) @david-waltermire-nist -- Repaired a bug report on a missed control; adding test files (PR #1013) @wendellpiez -- Removed duplicate json import in oscal-content-validator.py (PR #1077) @flickerfly -- Improvements to XSLT-based profile resolver (PR #1071) @wendellpiez -- Added requirements.txt for oscal-content-validator.py (PR #1077) @guyzyl -- Add support for yaml OSCAL files validation (PR #1091) @guyzyl, @aj-stein-nist -- Updated contributing and pull request documentation for External Developers (#1094) @aj-stein-nist -- Bump addressable from 2.7.0 to 2.8.0 in /docs (PR #994) @dependabot -- Bump nokogiri from 1.11.5 to 1.12.5 in /docs (PR #1029) @dependabot -- Bump lxml from 4.6.3 to 4.6.5 in /build/ci-cd/python (PR #1096) @dependabot - -### Website changes - -- #739 Fixed 404 error when using the "Improve this page" link. (PR #995) @EasyDynamics, @david-waltermire-nist -- #854 Added a Component Tutorial to Website (PR #935, #1015) @Rene2mt, @david-waltermire-nist -- #860 Updated model reference documentation to better clarify the scope and uniqueness of identifiers used within the OSCAL models. (PR #941) @Rene2mt, @david-waltermire-nist, @aj-stein-nist -- #947 Fixed a number of typos (PR #955) @david-waltermire-nist -- #968 Fixed broken and stale links in model documentation. (PR #973) @david-waltermire-nist -- #993 Updating tools page to use a table. Added Compliance Tressle. @iMichaela, @david-waltermire-nist -- #996 Added blogs to website. @david-waltermire-nist -- #1049 Added control freak to the OSCAL tools page (PR #1104) @aj-stein-nist -- Fixed prop syntax in validation component tutorial. (PR #999) @ohsh60 -- Added link to EasyDynamics OSCAL tools (PR #1009) @afeld -- Adding link to XML Jelly Sandwich OSCAL demos (PR #1016) @wendellpiez -- Updated the Lunch with Devs meeting info and Tools page to include new meeting info (PR #1045) @iMichaela, @david-waltermire-nist + +Detailed release notes are provided with each OSCAL [release](/~https://github.com/usnistgov/OSCAL/releases). + +The following are extra release notes for some older OSCAL releases. ## OSCAL 1.0.0 Release diff --git a/versioning-and-branching.md b/versioning-and-branching.md index cc26a88f5f..7f5b0342c4 100644 --- a/versioning-and-branching.md +++ b/versioning-and-branching.md @@ -20,7 +20,7 @@ This guide provides information on how [release versions](#versioning) and [bran ## Versioning -This repository uses [semantic versioning](https://semver.org/spec/v2.0.0.html) to version releases. +This repository uses [semantic versioning](https://semver.org/spec/v2.0.0.html) to version [releases](../../releases). Semantic versions are in the form of `MAJOR.MINOR.PATCH`. Given a version number, increment the: