At any point in time, we have a number of maintained branches consisting of:
We use Semantic Versioning. In particular, we maintain API compatibility in the development branch between major version changes. We also maintain ABI compatibility within LTS branches; see the next section for details.
If you have code that‘s working and secure with Mbed TLS x.y.z, then you should be able to re-compile it without modification with any later release x.y’.z' with the same major version number, and your code will still build, be secure, and work - unless it was relying on something that became insecure in the meantime (for example, crypto that was found to be weak). In case security comes in conflict with backwards compatibility, we will put security first, but always attempt to provide a compatibility option.
For the LTS branches, additionally we try very hard to also maintain ABI compatibility (same definition as API except with re-linking instead of re-compiling) and to avoid any increase in code size or RAM usage, or in the minimum version of tools needed to build the code. The only exception, as before, is in case those goals would conflict with fixing a security issue, we will put security first but provide a compatibility option. (So far we never had to break ABI compatibility in an LTS branch, but we occasionally had to increase code size for a security fix.)
The following branches are currently maintained:
Users are urged to always use the latest version of a maintained branch.