Releases
This page tracks TMI releases across the core components: TMI Server (tmi) and TMI Web Application (tmi-ux).
TMI is actively patched weekly or more often. Patch releases address bug fixes and incremental improvements.
Development for each minor release happens on a dev/X.Y.0 branch. When the release is ready, a release/X.Y.0 branch is cut, stabilized, and then merged into main. After the merge, the release branch may be kept (as with release/1.2.0) or deleted (as with release/1.3.0).
Patch releases are tagged on main after the merge. TMI-UX uses version tags (vX.Y.Z) tracked in the repository; TMI Server tracks versions in api/version.go and does not currently use git tags.
Status: In development (branch: dev/1.4.0)
Release 1.4.0 includes a number of refactors and breaking changes to the API. The OpenAPI spec version has been bumped to 1.4.0, and a new set of clients will be published with the release.
Changes in progress:
-
Timmy -- groundwork for the AI chat-with-threat-model feature (
timmy_enabledfield added to all entity types, backend design spec written; chat functionality is not yet implemented) - Webhook delivery unification -- webhook and addon deliveries now share a single Redis-backed storage and pipeline, replacing the previous Postgres-based delivery tables and separate addon invocation infrastructure
-
Security reviewer filter -- threat model lists can be filtered by
security_reviewerusing shared operator parsing (is:null,is:notnull) - Client credential restrictions -- creation of client credentials is now restricted to admin and security reviewer roles
- Triage improvements -- server-side filters on the reviews tab, reviewer filter controls in the UX
- User pages -- new user-facing Teams and Projects pages in the UX
- Test suite cleanup -- removed misplaced integration tests, empty stubs, and incorrect skip guards
Status: Released (branch: main, current patch: server 1.3.4 / UX 1.3.18)
Release 1.3.0 is a feature release focusing on increased ability to classify threats with CWE and CVSS scoring, and adds more administrative functionality in the UX, terraform templates for deployment, better triage capability, and other improvements.
The release/1.3.0 branch was merged into main and deleted.
Status: Released (branch: release/1.2.0)
Release 1.2.0 is a quality-focused release with stability improvements and bug fixes, with few additional features. The release/1.2.0 branch is still present in both repositories.
Status: Released
Release 1.1.0 introduced intake survey functionality, enabling teams to gather structured information at the start of the threat modeling process. This release also added support for additional databases. Currently only PostgreSQL and Oracle ADB are fully tested; support for MySQL and MSSQL is experimental.
Note: Build numbers for both TMI Server and TMI-UX were reset to 1.1.0 with this release.
Status: Released
The original release of TMI, establishing the core threat modeling platform with collaborative editing, data flow diagrams, and threat management.
Baby picture:
- Dependency-Upgrade-Plans - Major dependency upgrade history
- API-Specifications - API specification versions
- Contributing - Contribution guidelines