search

CycloneDX / cyclonedx-core-java

CycloneDX SBOM Model and Utils for Creating and Validating BOMs
https://cyclonedx.org/
Apache License 2.0
71 stars 54 forks source link

Version 9.0.0 serialized licenses in XML as separate `<licenses>` tags #408

Closed sschuberth closed 1 week ago

sschuberth commented 2 weeks ago

Our test in ORT fails after the upgrade to release 9.0.0 as that version seems to serialize licenses for the XML format differently that release 8.0.3 before:

  <licenses>
    <license>
      <id>MIT</id>
    </license>
    <license>
      <name>MIT WITH Libtool-exception</name><ort:origin xmlns:ort="http://www.w3.org/1999/xhtml">concluded license</ort:origin>
    </license>
  <licenses>

becomes now

  <licenses>
    <license>
      <id>MIT</id>
    </license>
  </licenses>
  <licenses>
    <license>
      <name>MIT WITH Libtool-exception</name><ort:origin xmlns:ort="http://www.w3.org/1999/xhtml">concluded license</ort:origin>
    </license>
  </licenses>

so each <license></license> pair is individually wrapped in a <licenses></licenses> pair, despite all licenses being listed in a single list as before.

sschuberth commented 2 weeks ago

JSON serialization does not seem to be affected.

sschuberth commented 1 week ago

Let's close this in favor of just keeping https://github.com/CycloneDX/cyclonedx-core-java/issues/409 as these two issues have the same root cause.