From 5aa09d5cd30abf569e236356a1cedf27a1ae7b41 Mon Sep 17 00:00:00 2001
From: simon <simon.faltum@databricks.com>
Date: Tue, 19 May 2026 20:30:27 +0200
Subject: [PATCH] Bump NEXT_CHANGELOG to v1.0.0 and add SECURITY.md support
 policy

Mark the upcoming release as v1.0.0 (first major / GA) and document the
support window for the 0.299.x line.

Co-authored-by: Isaac
---
 NEXT_CHANGELOG.md |  4 +++-
 SECURITY.md       | 10 ++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/NEXT_CHANGELOG.md b/NEXT_CHANGELOG.md
index c58fd3ffb13..62309e983c4 100644
--- a/NEXT_CHANGELOG.md
+++ b/NEXT_CHANGELOG.md
@@ -1,9 +1,11 @@
 # NEXT CHANGELOG
 
-## Release v0.300.0
+## Release v1.0.0
 
 ### Notable Changes
 
+* The Databricks CLI is now generally available. v1.0.0 is the first major release. From this version on, the CLI follows semantic versioning: breaking changes will only ship in a new major version. The 0.299.x line continues to receive security-critical patches through June 2027; see SECURITY.md for the support policy.
+
 ### CLI
 
 * Added `databricks aitools` command group for installing Databricks skills into your coding agents (Claude Code, Cursor, Codex CLI, OpenCode, GitHub Copilot, Antigravity). Skills are fetched from [github.com/databricks/databricks-agent-skills](https://github.com/databricks/databricks-agent-skills) and either symlinked into each agent's skills directory or copied into the current project. Use `databricks aitools install` to set up, `update` to pull newer versions, `list` to see what's available, and `uninstall` to remove them.
diff --git a/SECURITY.md b/SECURITY.md
index 54ee11213af..51ad22026db 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,3 +1,13 @@
+## Supported Versions
+
+| Version | Supported                                         |
+| ------- | ------------------------------------------------- |
+| 1.x     | Full support                                      |
+| 0.299.x | Security-critical patches only, through June 2027 |
+| < 0.299 | Not supported                                     |
+
+New features and non-critical fixes land on the 1.x line only. The 0.299.x line receives security-critical patches for one year after the v1.0.0 release to give users on the 0.x line time to migrate.
+
 ## Reporting a Vulnerability
 
 We appreciate any security concerns brought to our attention and encourage you to notify us of any potential vulnerabilities discovered in our systems or products.