From b020460b404e9e4102dfdb4b250930a623a3cb56 Mon Sep 17 00:00:00 2001 From: Konstantina Mameletzi <97295508+mameletzi@users.noreply.github.com> Date: Mon, 18 May 2026 14:37:34 +0200 Subject: [PATCH 1/3] Update marketplace-content.yaml --- static/openapi-spec/marketplace-content.yaml | 164 ++++++++++++++++++- 1 file changed, 157 insertions(+), 7 deletions(-) diff --git a/static/openapi-spec/marketplace-content.yaml b/static/openapi-spec/marketplace-content.yaml index 1a3157dae83..4dc57f1be48 100644 --- a/static/openapi-spec/marketplace-content.yaml +++ b/static/openapi-spec/marketplace-content.yaml @@ -20,6 +20,7 @@ paths: parameters: - $ref: '#/components/parameters/name' - $ref: '#/components/parameters/isPrivate' + - $ref: '#/components/parameters/isCompanyApproved' - $ref: '#/components/parameters/publishedSince' - $ref: '#/components/parameters/limitContent' - $ref: '#/components/parameters/offsetContent' @@ -89,6 +90,24 @@ paths: $ref: '#/components/responses/error401' '500': $ref: '#/components/responses/error500' + /versions/{versionId}/download: + get: + tags: + - content + summary: Downloads the sourcefile of a specific version. + description: "Downloads the original source file associated with the specified version" + operationId: getVersionDownload + parameters: + - $ref: '#/components/parameters/versionId' + responses: + '200': + description: Downloads package version successfully + '400': + $ref: '#/components/responses/error400' + '404': + $ref: '#/components/responses/error404' + '500': + $ref: '#/components/responses/error500' components: parameters: @@ -133,6 +152,13 @@ components: required: false schema: type: string + isCompanyApproved: + name: isCompanyApproved + in: query + description: "Allows you to filter on company-approved content. This filter is only applicable if the company has enabled the company-approved badge functionality. See more information, https://docs.mendix.com/control-center/company-approved/. Supported values are `true` or `false`. If the value is `true`, it returns only the last published versions of the company-approved content. If the value is `false`, it returns only the last published versions of the non-company-approved content. If no value is passed, then it returns the last published versions of both company-approved and non-company-approved content." + required: false + schema: + type: string publishedSince: name: publishedSince in: query @@ -320,6 +346,9 @@ components: isPrivate: type: boolean description: "This indicates whether the content is public or private." + isCompanyApproved: + type: boolean + description: "This indicates whether the content is company-approved. This attribute is only returned if the company has enabled the company-approved badge functionality. See more information, https://docs.mendix.com/control-center/company-approved/." latestVersion: $ref: '#/components/schemas/version' content: @@ -362,15 +391,136 @@ components: type: string format: yyyy-MM-ddTHH-mm-ssZ example: '2023-09-01T09:04:00Z' - contentVersion: - allOf: - - $ref: '#/components/schemas/version' - properties: - releaseNotes: + downloadURL: type: string - example: "These are the release notes for this version." - description: "These are the release notes for the published versions." + format: uri + example: "https://example.com/content/versions/{versionId}/download" + description: "This is the URL used to download the specific version of the component." + versionReference: + type: object + description: "A reference to a version with basic identifying information." + required: + - versionId + - versionNumber + - minSupportedMendixVersion + properties: + versionId: + type: string + format: uuid + description: "This is the UUID of the version." + versionNumber: + type: string + pattern: "^\\b((?:\\d{1,3}|1000)(?:\\.\\d{1,3}|\\.1000){0,2})(?:-[a-zA-Z]+)?\\b$" + example: '10.1.1' + description: "This is the version number. The format of the version number is major.minor.patch, for example: `1.0.0`." + minSupportedMendixVersion: + type: string + pattern: "^\\b((?:\\d{1,3}|1000)(?:\\.\\d{1,3}|\\.1000){0,2})\\b$" + example: '10.1.1' + description: "This is the Studio Pro version selected during the onboarding. This means any Studio Pro version equal to or greater than this version is compatible with the latest version of the content." + securityIssue: + type: object + required: + - code + properties: + code: + type: string + example: "CVE-2023-12345" + description: "This is the CVE or CWE identifier for the security issue." + + regularVersion: + allOf: + - $ref: '#/components/schemas/version' + - type: object + required: + - releaseNotes + - versionType + properties: + releaseNotes: + type: string + example: "These are the release notes for this version." + description: "These are the release notes for the published versions." + versionType: + type: string + enum: + - Regular + example: "Regular" + description: "This is the version type. It indicates that this is a regular version with no known vulnerabilities." + + vulnerableVersion: + allOf: + - $ref: '#/components/schemas/version' + - type: object + required: + - releaseNotes + - versionType + - vulnerabilities + - securityFixVersions + properties: + releaseNotes: + type: string + example: "These are the release notes for this version." + description: "These are the release notes for the published versions." + versionType: + type: string + enum: + - Vulnerable + example: "Vulnerable" + description: "This is the version type. It indicates that this version has known vulnerabilities." + vulnerabilities: + type: array + description: "This lists the CVE or CWE identifiers for the vulnerabilities present in this version." + items: + $ref: '#/components/schemas/securityIssue' + securityFixVersions: + type: array + description: "This lists the security fix versions that address the vulnerabilities in this version." + items: + $ref: '#/components/schemas/versionReference' + + securityFixVersion: + allOf: + - $ref: '#/components/schemas/version' + - type: object + required: + - releaseNotes + - versionType + - fixedSecurityIssues + - affectedVersions + properties: + releaseNotes: + type: string + example: "These are the release notes for this version." + description: "These are the release notes for the published versions." + versionType: + type: string + enum: + - SecurityFix + example: "SecurityFix" + description: "This is the version type. It indicates that this version fixes one or multiple security issues." + fixedSecurityIssues: + type: array + description: "This lists the CVE or CWE identifiers for the security issues that were fixed in this version." + items: + $ref: '#/components/schemas/securityIssue' + affectedVersions: + type: array + description: "This lists the vulnerable versions that are fixed by this security fix version." + items: + $ref: '#/components/schemas/versionReference' + + contentVersion: + oneOf: + - $ref: '#/components/schemas/regularVersion' + - $ref: '#/components/schemas/vulnerableVersion' + - $ref: '#/components/schemas/securityFixVersion' + discriminator: + propertyName: versionType + mapping: + Regular: '#/components/schemas/regularVersion' + Vulnerable: '#/components/schemas/vulnerableVersion' + SecurityFix: '#/components/schemas/securityFixVersion' securitySchemes: Personal Access Token: name: Authorization From ad5191efbda9e5798170efbe71f39d633417cfcb Mon Sep 17 00:00:00 2001 From: nicoletacoman Date: Mon, 18 May 2026 14:43:37 +0200 Subject: [PATCH 2/3] TW review --- static/openapi-spec/marketplace-content.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/static/openapi-spec/marketplace-content.yaml b/static/openapi-spec/marketplace-content.yaml index 4dc57f1be48..afc10b1f698 100644 --- a/static/openapi-spec/marketplace-content.yaml +++ b/static/openapi-spec/marketplace-content.yaml @@ -94,7 +94,7 @@ paths: get: tags: - content - summary: Downloads the sourcefile of a specific version. + summary: Downloads the source file of a specific version. description: "Downloads the original source file associated with the specified version" operationId: getVersionDownload parameters: @@ -155,7 +155,7 @@ components: isCompanyApproved: name: isCompanyApproved in: query - description: "Allows you to filter on company-approved content. This filter is only applicable if the company has enabled the company-approved badge functionality. See more information, https://docs.mendix.com/control-center/company-approved/. Supported values are `true` or `false`. If the value is `true`, it returns only the last published versions of the company-approved content. If the value is `false`, it returns only the last published versions of the non-company-approved content. If no value is passed, then it returns the last published versions of both company-approved and non-company-approved content." + description: "Allows you to filter on company-approved content. This filter is only applicable if the company has enabled the company-approved badge functionality. For more information, refer to https://docs.mendix.com/control-center/company-approved/. Supported values are `true` or `false`. If the value is `true`, it returns only the last published versions of the company-approved content. If the value is `false`, it returns only the last published versions of the non-company-approved content. If no value is passed, it returns the last published versions of both company-approved and non-company-approved content." required: false schema: type: string @@ -348,7 +348,7 @@ components: description: "This indicates whether the content is public or private." isCompanyApproved: type: boolean - description: "This indicates whether the content is company-approved. This attribute is only returned if the company has enabled the company-approved badge functionality. See more information, https://docs.mendix.com/control-center/company-approved/." + description: "This indicates whether the content is company-approved. This attribute is only returned if the company has enabled the company-approved badge functionality. For more information, refer to https://docs.mendix.com/control-center/company-approved/." latestVersion: $ref: '#/components/schemas/version' content: @@ -412,7 +412,7 @@ components: type: string pattern: "^\\b((?:\\d{1,3}|1000)(?:\\.\\d{1,3}|\\.1000){0,2})(?:-[a-zA-Z]+)?\\b$" example: '10.1.1' - description: "This is the version number. The format of the version number is major.minor.patch, for example: `1.0.0`." + description: "This is the version number. The format of the version number is major.minor.patch; for example, `1.0.0`." minSupportedMendixVersion: type: string pattern: "^\\b((?:\\d{1,3}|1000)(?:\\.\\d{1,3}|\\.1000){0,2})\\b$" From a18c9322161642ab2a93df64c4b26f2d70c47a8f Mon Sep 17 00:00:00 2001 From: nicoletacoman Date: Tue, 19 May 2026 08:41:02 +0200 Subject: [PATCH 3/3] MP Content API release --- .../marketplace/general-marketplace/2026.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/content/en/docs/releasenotes/marketplace/general-marketplace/2026.md b/content/en/docs/releasenotes/marketplace/general-marketplace/2026.md index 10f9526cfce..935252cd3db 100644 --- a/content/en/docs/releasenotes/marketplace/general-marketplace/2026.md +++ b/content/en/docs/releasenotes/marketplace/general-marketplace/2026.md @@ -7,6 +7,23 @@ weight: 1 numberless_headings: true --- +## May 2026 + +### May 21, 2026 + +#### New Features + +* You can now accomplish the following additional actions through the [Marketplace Content API](/apidocs-mxsdk/apidocs/content-api/#api-reference): + + * Retrieve company-approved status information. The `isCompanyApproved` attribute is included in content responses when the company-approved functionality is enabled. + * Access detailed security vulnerability information for component versions. + + * Vulnerable versions include a list of CVE or CWE identifiers and references to security fix versions that address these issues. + * Security fix versions include information about which vulnerabilities they resolve and which versions are affected. + * Version types clearly indicate whether a version is a regular release, contains known vulnerabilities, or provides security fixes. + + * Download specific versions of Marketplace components directly through the Content API. The `downloadURL` attribute provides the endpoint to retrieve component packages programmatically. + ## April 2026 ### April 18, 2026