diff --git a/CHANGELOG.md b/CHANGELOG.md index 9723566..9b2137c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,8 +2,56 @@ All notable changes to NetCopy go here. Each release section follows [Keep a Changelog](https://keepachangelog.com) and the project uses -[Semantic Versioning](https://semver.org/) — though `0.x` is treated as -pre-1.0, so any release in this line may break compatibility. +[Semantic Versioning](https://semver.org/). From v1.0.0 onward the wire +formats and CLI flags are stable: removing or breaking either requires +a major bump (and we have `schemaVersion` on every persisted file as the +forward-compat backstop). Pre-1.0 (`0.x`) was free to break. + +## [1.0.0] — 2026-05-01 + +First production release. The 0.x line was a long ramp-up: protocol +work in 0.2, performance + UX iteration in 0.3, a comprehensive +release-readiness audit in 0.4 that closed every blocker, every high, +and every medium finding (security, licensing, ArchUnit invariant +enforcement, schemaVersion, multi-arch image, Docker hardening, doc +alignment). v0.4.x followed up with live-test fixes (TCP pool sizing, +sort + filter UI, symmetric Connect button + classified errors, version +chips in the topbar, two startup hotfixes for shipping bugs). + +### Stability commitments (v1.0+) + +- **Wire formats** (REST JSON, TCP framing, WebSocket events, + `.netcopy/*` and `/jobs/*.json`) are now stable; + breaking changes will bump the major version. The `schemaVersion` + field on persisted files lets future readers refuse a newer-format + file rather than misinterpret it. +- **CLI flags** documented in `README.md` are stable. New flags can be + added; existing ones won't be removed or renamed without a major + bump. +- **Security model**: no-delete invariant (ArchUnit-enforced), the + whitelist of four classes that may touch destructive APIs, the + `acknowledgeOverwrite` gate on `POST /api/transfers`, NOFOLLOW_LINKS + on every data-plane open, the small TokenGate constant-time + comparison — all part of the contract. + +### Changes since v0.4.0 + +- v0.4.0 itself shipped the full audit-fix bundle (see below). +- v0.4.1: TCP connection pool now sized to `chunksPerFile × + fileParallelism` instead of just `chunksPerFile` — eliminated the + ~280 ms pool-acquire-wait that 32 chunk workers contended on against + 8 sockets. Clickable sort columns + per-panel substring filter in + both file panels. Symmetric Connect button on the local-token side + with classified error messages. +- v0.4.2 hotfix: the post-audit cleanup PR added a `kubectl --previous` + reference to a comment in `logback.xml`. XML forbids `--` inside + comments; Logback aborted the parse on every JVM startup with + `SAXParseException`. The runtime kept going on a default appender so + the bug shipped as ~3 hours of degraded log formatting in v0.4.0 + through v0.4.1. Removed the offending text. +- v0.4.3: NetCopy version chips in the topbar (local + peer), populated + from `/api/peer/info`. Lets you spot mid-rollout version mismatch at + a glance. ## [0.4.0] — 2026-04-30 diff --git a/README.md b/README.md index a85ca92..7ae0d27 100644 --- a/README.md +++ b/README.md @@ -303,8 +303,8 @@ Two distribution channels, both populated by the same release workflow: | Tag | When updated | |---|---| -| `latest` | Highest tagged stable release (`vX.Y.Z`), once 1.x ships. | -| `` (e.g. `0.3.2`) | Pinned to that tag, never overwritten. | +| `latest` | Highest tagged stable release (`vX.Y.Z`); excludes `0.x` pre-1.0 line. | +| `` (e.g. `1.0.0`) | Pinned to that tag, never overwritten. | | `main` | Rolling — overwritten by every push to `main`. Pre-release. | **Plain jars** on diff --git a/pom.xml b/pom.xml index 46fb5d7..8aecc69 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ dev.netcopy netcopy - 0.4.0-SNAPSHOT + 1.0.0-SNAPSHOT jar NetCopy @@ -163,6 +163,20 @@ dev.netcopy.App + + + NetCopy + ${project.version} +