Patch release 3.0.1

This patch release includes fixes for issues found in the 3.0.0 release and updates required for submission to the OMG and ISO standards.

Changes are described in the changelog.

The SHACL / OWL model file for this release is attached.

Additional release notes from the commit records:

What's Changed

• Doc: Use new IRIs (spdx.org) in serialization examples by @bact in #725
• Doc: Update IRI of JSON-LD context file in json-ld.md by @bact in #724
• Bump actions/checkout from 4.1.2 to 4.1.4 by @dependabot in #729
• Make Summary and Description consistent. by @vargenau in #734
• Make Summary and Description consistent. by @vargenau in #732
• Doc: Fix list and nested list rendering issues in spec webpages + other Markdown format cleanup by @bact in #723
• Use ASCII characters by @zvr in #731
• Start the sentence with a capital letter. by @vargenau in #737
• Doc: Diagram: Fix typo in DatasetPackage; Fix arrow label positions in Licensing; Sort properties by @bact in #722
• Add .editorconfig and .gitattributes to enforce newline and whitespace consistency by @bact in #739
• README.md: Remove refs to gh-pages and Ontospy by @bact in #740
• root Element(s) of a tree of elements contained in a BOM (not SBOM) by @vargenau in #748
• Formatting: remove extraneous blank line by @edelsohn in #759
• Use consistent case. by @vargenau in #750
• Element in upper case as it is a class. by @vargenau in #755
• Add spacing for better readability. by @vargenau in #757
• Core: Update ProfileIdentifierType entries by @bact in #742
• Bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in #763
• Add document to describe how to validate documents by @JPEWdev in #765
• Be more precise: give the number of the annex. by @vargenau in #756
• Fix license relationship type by @bact in #779
• Bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in #775
• Fix spelling: encoding and RDF document --> encoding an RDF document by @vargenau in #774
• fix all jsonld examples by @maxhbr in #762
• Relationships: Note class contraints on security types by @puerco in #764
• Bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #784
• Fix list in NamespaceMap by @bact in #760
• Remove Software/contentType (duplicative) by @bact in #789
• Fix broken lines in vocabularies by @zvr in #786
• Update EpssVulnAssessmentRelationship properties by @bact in #795
• Bump actions/setup-python from 5.1.0 to 5.1.1 by @dependabot in #798
• AI: autonomyType: Indicate what yes and no mean by @bact in #741
• Use a list to make the paragraph more readable. by @vargenau in #753
• Add link SPDX License List by @bact in #777
• AI: Energy consumption: Add examples and update desc by @bact in #780
• trainedOn relationship type desc: "trained by" -> "trained on" by @bact in #791
• Fix "low" entry of CvssSeverityType by @bact in #793
• Add SPDX in glossary as its meaning has changed between SPDX 2 and 3 by @vargenau in #801
• Fix types in Security example snippets by @bact in #794
• Remove unnecessary restrictions by @zvr in #797
• Licensing: Move up note on declared vs concluded license disagreement by @bact in #787
• Remove redundant maxCount of EpssVulnAssessmentRelationship by @bact in #807
• Update modelExplainability prop description by @bact in #814
• Change URIs to 3.0.1 by @zvr in #800
• Update cpe23 link in ExternalIdentifierType by @bact in #806
• [Core] Add text labels to bare URLs by @bact in #810
• [Build] Specify v0.2 version number for SLSA Provenance by @bact in #808
• [Licensing] Add text labels to bare URLs by @bact in #811
• Fix typos: hasPrerequsite -> hasPrerequisite, and others by @bact in #817
• AI and Data: Shorten AI and Data profile summaries in README by @bact in #743
• licenseXml: Link license-list-XML to a specific version (v3.24.0) by @bact in #819
• Recommend to use licenseXml, instead of Legacy Text Template properties by @bact in #820
• Add more description to hasDataFile relationship type by @bact in #815
• [Software] Update ref links/text labels by @bact in #813
• Make pseudocode indents even - PackageVerificationCode by @bact in #809
• Add VS Code validation and common errors by @bact in #790
• [Security] Add text labels to bare URLs by @bact in #812
• NamespaceMap: fix TODO; "ElementID" -> "Element ID" by @bact in #821
• Fix link to serialization by @goneall in #823
• JSON-LD Serialization doc: Fix relationship type name, Add validation info by @bact in #802
• Add Adler32 to hash algorithms by @goneall in #826
• Remove spaces from image filenames, put images into its own folder by @bact in #825
• Fix casing: "package URL" -> "Package URL" at the beginning of sentence by @bact in #828
• Add 1 missing closing ` for NamespaceMap in serialization/README by @bact in #824
• Update CHANGELOG 2024-08-10 by @bact in #829
• Add ISO number to SWHID by @bact in #831
• Add patch information for specVersion by @bact in #832
• Make "parameters" singular by @zvr in #836
• Fixes for PDF generation by @zvr in #834
• Fix reference to parameter by @goneall in #838
• Update CHANGELOG for parameters -> parameter by @bact in #839
• Lowercasing all filename ref to spdx-spec by @bact in #840
• Revert PackageVerificationCode.md to original algorithm, and improve readability/formatting. by @kestewart in #842
• Bom and SpdxDocument must have element and rootElement by @zvr in #845
• Update Lite profile by @zvr in #843
• SPDXDocument -> SpdxDocument by @bact in #851
• Change property name imports to import by @goneall in #847
• RelationshipType: hasInputs/hasOutputs -> hasInput/hasOutput by @bact in #854
• Revert PR 845 - allow empty Bom and SpdxDocument element lists by @goneall in #853
• Standardize phrase "each to Element" in RelationshipType by @bact in #856
• Update Build.md to remove separate definition of properties by @lumjjb in #862
• Update SPDX License List link to v3.25.0 by @bact in #863
• Fix model desc inconsistencies; CdxPropertiesExtension mention non-existing class/property by @bact in #859
• Remove an outdated/duplicative serialization/lite.md by @bact in #858
• Update diagrams for v3.0.1 by @bact in #852
• Update RelationshipType.md by @kestewart in #866
• ExternalMap: Replace "Document" with "SpdxDocument" by @bact in #872
• Bump actions/setup-python f...

3.0 final release

What's Changed since RC-2

• model: Fix several properties to use ObjectProperty instead of DataProperty by @JPEWdev in #654
• Fix rephrasing errors in the License profile and Contributing.md by @TimothyGillespie in #660
• small modication from software to general lifecycle as per Issue Make LifecycleScopedRelationship & LifecycleScopeType neutral to what they are a lifecycle of #664 by @sbarnum in #665
• Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #667
• AI/Dataset: Rename sensitivePersonalInformation to make them unique by @bact in #656
• Add deployed support type by @goneall in #668
• Change isDirectory to fileKind enumeration by @goneall in #666
• model: Core: DateTime: Inherit from xsd:dateTime by @JPEWdev in #661
• AI: Update safetyRiskAssessment property desc to refer to general risk assessment by @bact in #675
• Dataset: Rename Dataset class to DatasetPackage and update properties desc. by @bact in #671
• Update to.md to reflect what min:0 means by @kestewart in #623
• Glossary.md: Sort terms alphabetically (A-Z) by @bact in #680
• Clarify meaning of empty copyrightText string by @swinslow in #688
• New Element Individuals to handle NONE and NOASSERTION scenarios for the 'to' property of Relationships by @sbarnum in #629
• Update autonomyType.md by @kestewart in #681
• Bump actions/setup-python from 5.0.0 to 5.1.0 by @dependabot in #678
• Update AIPackage.md by @rgopikrishnan91 in #692
• AI: Update safetyRiskAssessment description by @bact in #683
• Reference License Expressions annex and cleanup by @swinslow in #687
• Update DatasetPackage.md by @rgopikrishnan91 in #693
• Proposed extension classes to support CDX properties by @goneall in #672
• New IRIs by @zvr in #698
• Update PackageVerificationCode.md by @kestewart in #699
• Update README.md by @kestewart in #700
• Changes to AI profile to accommodate expressing energyConsumption by @rgopikrishnan91 in #697
• Update EpssVulnAssessmentRelationship.md by @VenkatTechnologist in #644
• To address #702 and explicitly state maxCount constraints on properties borrowed from other profiles by @rgopikrishnan91 in #704
• Update URL to final version of docs in ExternalRefType.md by @bact in #708
• Small Security profile corrections by @rnjudge in #709
• Change energyConsumption type to EnergyConsumption by @bact in #706
• Content Identifiers for Software Artifacts by @zvr in #701
• Clarify ExternalIdentifier and ExternalRef by @rnjudge in #710
• Add cwe as ExternalRefType by @rnjudge in #711
• Updated model diagrams for changes 02-15-24 to 04-11-24 by @sbarnum in #703
• AI and Dataset: Sort entries A-Z by @bact in #713
• Change security externalIdentifierType in example by @rnjudge in #716
• Fix-typo-(crystalskyber)-in-diagrams by @sbarnum in #717
• Change gitoid to contentIdentifier in PackageVerificationCode by @goneall in #715
• Fixed type spacing and adding missing Extension prefixes by @sbarnum in #718
• Updates integrity verification docs in Core by @zvr in #609

New Contributors

• @TimothyGillespie made their first contribution in #660
• @dependabot made their first contribution in #667

Full Changelog: 3.0-rc2...3.0

Pre-release version 3.0-rc2

Last change has been applied.

What's Changed

• Update Contributing for review of the release candidate by @goneall in #315
• Update Contributing.md adding Profile Maintainers by @mkdolan in #317
• delete unnecessary external property restriction by @meretp in #318
• Security: Fix markdown and add external property restriction for "to" by @meretp in #329
• Security: change Boolean to xsd:boolean and fix justification type by @armintaenzertng in #314
• fix references to LicenseField by @meretp in #333
• Update Contributing.md by @MordodeMaru in #337
• Add cve & securityOther as ExternalIdentifierType by @rnjudge in #322
• Security: Simplify assessment relationships by @puerco in #338
• Security profile: add markdown files for properties by @meretp in #334
• Meeting with Kate 2022-05-22 by @iamwillbar in #349
• For NamespaceMap should be both fields mandatory by @maxhbr in #326
• Fix cardinality of (primary)Purpose by @goneall in #307
• core: Replace Entity with Agent by @nishakm in #340
• Add definingDocument property by @goneall in #313
• Add json-ld serialization examples by @armintaenzertng in #355
• Update RelationshipType.md to add in AI & Dataset useful relationships by @kestewart in #358
• add machine learning model as a software purpose by @willarmiros in #366
• add list of serialization use cases by @armintaenzertng in #364
• Add security-related ExternalReference types by @tsteenbe in #352
• Add description and summary to packageUrl property by @rnjudge in #378
• Security: Add descriptions and summary to actionStatementTime by @puerco in #371
• Added dataset types vocabulary by @willarmiros in #379
• add summary and description for contentIdentifier property by @jeff-schutt in #381
• Update SoftwarePurpose.md by @kestewart in #382
• Update RelationshipType.md by @kestewart in #383
• Make AnyLicenseInfo inherit from Element by @goneall in #369
• Change purpose references to primaryPurpose by @armintaenzertng in #385
• Automatically generate the Ontospy documentation by @meretp in #344
• Correct name property of LicenseExpression by @goneall in #395
• licensing use cases for serialization by @zvr in #400
• Change SBOMType to SbomType by @davaya in #405
• Consolidate the JSON-LD format by @armintaenzertng in #406
• Mandatory creationInfo by @davaya in #401
• Change nature to ObjectProperty for enums and object range by @goneall in #410
• Remove Payload from logical model by @davaya in #404
• Add several new external references by @tsteenbe in #398
• set maxCount: 1 for specVersion, created and dataLicense by @armintaenzertng in #420
• make specVersion mandatory by @armintaenzertng in #422
• Remove namespaces from the logical model by @goneall in #411
• move DateTime, SemVer and MediaType to Datatypes directory by @armintaenzertng in #424
• Remove redefinition of name property in SpdxDocument by @armintaenzertng in #435
• Restructure licensing profile by @armintaenzertng in #399
• add CreationInfo to all Elements in json-ld examples by @armintaenzertng in #414
• Adds serialization security use cases and improves formatting by @jeff-schutt in #425
• Update MediaType to RFC 6838, add SpdxId by @davaya in #426
• Delete SpdxId by @zvr in #442
• creation info required fields by @davaya in #455
• Change cardinality for attributionText to [0..*] by @goneall in #453
• Change declared and concluded licenses to relationships by @goneall in #448
• Add snippetFromFile property to Snippet class by @goneall in #459
• Move PresenceType to core by @goneall in #450
• Rename ExternalReference to ExternalRef by @goneall in #457
• Update definitions of isFsfLibre and isOsiApprovied values by @goneall in #458
• Add licenseXml property to License and LicenseAddition by @goneall in #451
• Indicate maxCount for Artifact's suppliedBy by @rnjudge in #474
• update Vulnerability.md by @jeff-schutt in #473
• Update suppliedBy.md by @jeff-schutt in #472
• Add customIdToUri Map to LicenseExpression by @goneall in #444
• add documentation on how to parse JSON-LD as pure JSON by @armintaenzertng in #441
• Remove non-ASCII chars by @zvr in #476
• Add licenseListVersion to LicenseExpression by @goneall in #481
• Update Individual values for NONE and NOASSERTION licenses by @goneall in #456
• Change ExternalRef locator to be of type xsd:string by @goneall in #487
• Add missing SPDX2 external reference types by @armintaenzertng in #484
• add clarity to RelationshipCompleteness.md by @jeff-schutt in #496
• Update security model diagram by @jeff-schutt in #497
• Add generated context file and model.jsonld to the uploaded artifacts by @goneall in #502
• Add the model.jsonld and context.json to the github.io pages by @goneall in #504
• Update profile to be a property on collections and specify conformance by @goneall in #447
• update security vector.md to vectorString.md by @jeff-schutt in #513
• add CvssV4VulnAssessmentRelationship.md and CvssSeverityType.md by @jeff-schutt in #501
• update CvssV3VulnAssessmentRelationship.md by @jeff-schutt in #511
• remove severity property from CvssV2VulnAssessmentRelationship.md by @jeff-schutt in #510
• Update Security EPSS Support by @jeff-schutt in #514
• Update README to the current state of generated files by @goneall in #506
• Fixing typos/syntax errors by @zvr in #520
• fix context location in jsonld examples by @maxhbr in #541
• Fix capitalization for CVSS severity values by @rnjudge in #535
• Example of conformance in plain language by @zvr in #524
• Replace describes relationship with rootElement property by @goneall in #508
• Document 'XCollection' serialization specifics by @goneall in #509
• Update ExternalMap and relationships to reference Artifacts by @goneall in #542
• json-ld context is currently invalid, add another check that validates the context for jsonld by @maxhbr in #538
• Rename externalId to externalSpdxId by @goneall in #519
• Add diskImage and filesystemImage SoftwarePurpose by @JPEWdev in #554
• Add missing software purposes for CDX 1.5 compat by @puerco in #555
• Allow ElementCollection to have 0 elements by @JPEWdev in #552
• Clarify RelationshipTypes by @JPEWdev in #548
• Update AIPackage.md to express constraints by @rgopikrishnan91 in #536
• Cle...

Release Candidate 1

The first in a series of releases that will lead to the general availability of SPDX 3.0.