# Product Identification & Versioning This page explains how to **unambiguously identify** the Flopsar product and the exact version of each of its components, and how to **verify the authenticity** of the artifacts you install. Providing the information that lets a user identify the product is an essential requirement of the Cyber Resilience Act (Annex II, point (c)); this page is how we meet it. ## Product identity * **Product name:** Flopsar * **Manufacturer:** Flopsar Technology Sp. z o.o. * **Product type:** fault detection and diagnosis software for JVM systems (software with digital elements). "Flopsar" as a product is made up of three separately installable components, which together form the product: * the **Flopsar Server**, * the **Flopsar Agent** (loaded into monitored JVMs), * the **Flopsar Workstation** (the web interface, served by the server). When identifying a deployment — in an advisory, a support case, or a conformity record — identify the **component** and its **version**, because the components are versioned and released together as a line but reported individually. ## Versioning scheme Flopsar uses **semantic versioning**: `MAJOR.MINOR.PATCH` (for example `7.0.0`). A build may also carry **build metadata** after a `+`, for example `7.0.0+dev100`; this identifies the specific build and is informational. Each build additionally records a **build date**. * **MAJOR** identifies the **product line** (the `7.x` line). Major releases may change behavior and compatibility. * **MINOR** adds functionality within a line. * **PATCH** delivers fixes, including security fixes, within a line. The version string is fixed at build time and is reported by the product (see below), so what you read from a running component is authoritative. ## Compatibility model It is important to distinguish two independent kinds of "version" in Flopsar: * The **product version** (`MAJOR.MINOR.PATCH`, e.g. `7.0.0`) identifies the release. Use it for advisories, the support lifecycle, and reporting issues. * The **agent–server wire protocol version** is a **separate version number** (the current generation is **protocol v2**). It is carried in the protocol header on the wire and is **decoupled from the product version**. Agent–server interoperability is governed by the **protocol version**, not by the product's semantic version. An agent and a server interoperate when they implement the **same protocol version**. Because the protocol version only changes when the wire format itself changes — not on every release — a single protocol version typically spans many product releases. This is what allows agent and server builds from different product versions to work together, as long as they share the protocol version. Do **not** infer agent–server compatibility from the semantic version alone. Where a release changes the protocol version or imposes a specific agent/server pairing, that requirement is stated in the release notes and the relevant security advisory. Plan upgrades that cross a protocol-version boundary as a coordinated change of both the agent and the server. ## Determining the version of each component ### Flopsar Server The server reports its version on the command line and at startup: ```bash $ flopsar-server --version ``` The startup banner also prints the version and build date, and the `info` subcommand prints deployment/storage information. On a packaged installation you can additionally query the package manager: {% code expandable="true" %} ```shellscript # Debian/Ubuntu $ dpkg -l flopsar-server # RHEL family $ rpm -q flopsar-server ``` {% endcode %} ### Flopsar Agent **On Linux, the agent library is directly executable** — much like `libc.so.6`, which prints its version when run. Execute the agent shared object to print its version and build date: ```bash ./libflopsar.so ``` It prints, then exits: {% code expandable="true" %} ``` Flopsar Agent Built: