Update license enumeration to include SMAIL-GPL and other licenses from SPDX 3.26.0

[AlperCezibarakLeanix]

The CycloneDX 1.6 specification's SPDX license enumeration is missing recently added licenses, causing validation failures for valid SPDX license identifiers.

Issue
SMAIL-GPL is a valid SPDX license (https://spdx.org/licenses/SMAIL-GPL.html) added in SPDX 3.26.0 (December 30, 2024), but it's missing from the CycloneDX schema enumeration.

Proposed Solution
Update license enumeration to include licenses from SPDX 3.26.0.
Missing licenses from SPDX 3.26.0 include SMAIL-GPL, any-OSI-perl-modules, Boehm-GC-without-fee, CC-PDM-1.0, and others.

Here is the link for the current list of SPDX ids in the cyclonedx 1.6 schema
https://cyclonedx.org/docs/1.6/json/#components_items_licenses_oneOf_i0_items_license_id

Here is the link for SPDX 3.26.0
https://github.com/spdx/license-list-XML/releases/tag/v3.26.0

[jkowalleck]

should be fixed via #683

[jkowalleck]

an update was done in tis repo, and made available via

• http://cyclonedx.org/schema/spdx.schema.json
• http://cyclonedx.org/schema/spdx

[AlperCezibarakLeanix]

@jkowalleck @stevespringett We indirectly use this specifications via cyclonedx-core-java. What else needs to be done to publish this fix in the core library? We can also support you on this if necessary.

[jkowalleck]

@jkowalleck @stevespringett We indirectly use this specifications via cyclonedx-core-java. What else needs to be done to publish this fix in the core library? We can also support you on this if necessary.

you might pullrequest the propagation of the changes to the core java lib:

• https://github.com/CycloneDX/cyclonedx-core-java/blob/master/src/main/resources/spdx.schema.json
• https://github.com/CycloneDX/cyclonedx-core-java/blob/master/src/main/resources/spdx.xsd