We will make regular LTS releases on an 18-month cycle, each of which
will have a 3 year support lifetime. On this basis, 3.6 LTS (released
March 2024) will be supported until March 2027. The next LTS release
will be a 4.x release, which is planned for September 2025.
Past history shows that our policies might change on that time scale,
although we're trying to align with other Trusted Firmware projects,
which should give more stability. But in any case, we definitely want to
ensure that every LTS lasts at least 3 years, and there is always at
least one LTS at any given time.
--
Gilles Peskine
Mbed TLS developer
On 29/04/2024 19:42, Björn Strömberg via mbed-tls wrote:
> I have been looking around for a answer to how long the LTS branches
> are supported?
> are we talking 2-3 years or more? 2.28 lived for ~3years, and had an
> EOL date defined on release, 3.6.0 does not have a defined EOL-date on
> github?
>
> the happy path scenario is that the 3.6 branch is supported at-least
> until a LTS is released on 4.x-series, no matter if that takes 3, 5 or
> 10 years to get there, but that information would be a nice to have
> for planning ahead.
>
> thanks in advance.
> /Björn
>
>
> On Mon, Apr 29, 2024 at 4:46 PM Nathan Sircombe via mbed-tls
>
mbed-tls@lists.trustedfirmware.org wrote:
>
> Dear Mbed TLS users,
>
> We recently announced the release of Mbed TLS 3.6.0, starting the
> 3.6 long-term support branch. We intend for this to be the last
> 3.x feature release. Mbed TLS 3.6.x will as usual receive bug
> fixes (including security improvements), but no new features. This
> will allow the Mbed TLS team to focus on preparing the next major
> release, Mbed TLS 4.0, planned for 2025 (expect further updates
> when the timeline becomes more precise).
>
> The main focus of Mbed TLS 4.0 is to complete the migration to PSA
> crypto APIs. This means that most mbedtls_xxx cryptography APIs
> will be removed. We expect mbedtls_x509 and mbedtls_ssl to change
> in relatively minor, but sometimes incompatible ways. Alongside
> this technical change, the crypto APIs will be published as a
> separate product,TF-PSA-Crypto
>
https://github.com/Mbed-TLS/TF-PSA-Crypto(very early preview so
> far), while the X.509 and TLS libraries will continue to be called
> Mbed TLS.
>
> The work on 4.0 will happen on the development branch in the
> mbedtls repository, so you can expect more instability than usual
> on that branch. Thembedtls-3.6
>
https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6branch is
> available if you want the latest patches on Mbed TLS 3.6 LTS.
>
> As usual, you can see our high-level plans in theroadmap
>
https://mbed-tls.readthedocs.io/en/latest/project/roadmap/, and
> in more detailon GitHub
>
https://github.com/Mbed-TLS/mbedtls/issues. Look forissues
> labeled api-break
>
https://github.com/Mbed-TLS/mbedtls/issues?q=is%3Aissue+is%3Aopen+label%3Aapi-break(note
> that we haven't filed issues on all topics yet).
>
> We will launch some consultations on thembed-tls mailing list
>
https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org/
> soon, to gather community input on some topics.
>
> Many Thanks,
>
> Nathan Sircombe
>
> (On behalf of the Mbed TLS development team)
>
> --
> mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org
> To unsubscribe send an email to
> mbed-tls-leave@lists.trustedfirmware.org
>
>
