Prepare v1.0.0 release and document stability policy.#5286
Open
renaudhartert-db wants to merge 2 commits into
Open
Prepare v1.0.0 release and document stability policy.#5286renaudhartert-db wants to merge 2 commits into
renaudhartert-db wants to merge 2 commits into
Conversation
Adds a Stability Policy section to README covering feature stability, SemVer versioning rules, and security patches; documents extended support for the 0.299.x line in SECURITY.md; and updates NEXT_CHANGELOG.md for the v1.0.0 release. Co-authored-by: Isaac
Contributor
Waiting for approvalBased on git history, these people are best suited to review:
Eligible reviewers: Suggestions based on git history. See OWNERS for ownership rules. |
simonfaltum
approved these changes
May 20, 2026
Comment on lines
+3
to
+6
| We appreciate any security concerns brought to our attention and encourage | ||
| you to notify us of any potential vulnerabilities discovered in our systems | ||
| or products. If you believe you have found a security vulnerability, please | ||
| report it to us at [security@databricks.com](mailto:security@databricks.com). |
Member
There was a problem hiding this comment.
Do we want this split intentionally over 4 lines? Other than that its fine
pietern
reviewed
May 20, 2026
| * Breaking change: OAuth tokens for interactive logins (`auth_type = databricks-cli`) are now stored in the OS-native secure store by default (Keychain on macOS, Credential Manager on Windows, Secret Service on Linux) instead of `~/.databricks/token-cache.json`. After upgrading, run `databricks auth login` once per profile to re-authenticate; cached tokens from older versions are not migrated. To keep the previous file-backed storage, set `DATABRICKS_AUTH_STORAGE=plaintext` or add `auth_storage = plaintext` under `[__settings__]` in `~/.databrickscfg` (the env var takes precedence over the config setting), then re-run `databricks auth login`. On systems where the OS keyring is not reachable (e.g. Linux containers without a D-Bus session bus), the CLI transparently falls back to the file cache when reading tokens so legacy `token-cache.json` entries remain accessible without manual configuration. | ||
| * The Databricks CLI is now generally available with version v1.0.0 as the first major release 🚀. From this version on, the CLI follows semantic versioning (see [README](README.md)). This change does not impact DABs or other existing commands beyond the changes listed below. | ||
| * The 0.299.x line continues to receive security-critical patches through May 20, 2027; see [SECURITY](SECURITY.md) for the support policy. | ||
| * Starting with v1.0.0, the CLI will use immutable release tags, providing users with better security guarantees. |
Contributor
There was a problem hiding this comment.
"providing users with better security guarantees" this is vague. Can link to https://docs.github.com/en/code-security/concepts/supply-chain-security/immutable-releases instead.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a Stability Policy section to README covering feature stability, SemVer versioning rules, and security patches; documents extended support for the 0.299.x line in SECURITY.md; and updates NEXT_CHANGELOG.md for the v1.0.0 release.