1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
8 :Release Date: 2019-10-24
15 The following table lists the SDNC docker containers and their versions.
17 +--------------------------------+---------------------------------------------+-----------+
18 | Image name | Description | Version(s)|
19 +================================+=============================================+===========+
20 | onap/network-discovery | POMBA : network discovery microservice | 1.7.3 |
21 +--------------------------------+---------------------------------------------+-----------+
22 | onap/service-decomposition | POMBA : service decomposition microservice | 1.7.3 |
23 +--------------------------------+---------------------------------------------+-----------+
24 | onap/sdnc-ansible-server-image | Ansible server | 1.7.4 |
25 +--------------------------------+---------------------------------------------+-----------+
26 | onap/sdnc-aaf-image | SDNC controller image, with AAF integration | 1.7.4 |
27 +--------------------------------+---------------------------------------------+-----------+
28 | onap/sdnc-image | SDNC controller image, standalone (no AAF) | 1.7.4 |
29 +--------------------------------+---------------------------------------------+-----------+
30 | onap/sdnc-ueb-listener-image | SDC listener | 1.7.4 |
31 +--------------------------------+---------------------------------------------+-----------+
32 | onap/sdcn-dmaap-listener-image | DMAAP listener | 1.7.4 |
33 +--------------------------------+---------------------------------------------+-----------+
38 The full list of El Alto epics and user stories for SDNC may be found at <https://jira.onap.org/issues/?filter=12044>.
40 The following list summarizes some of the most significant epics:
42 +------------+-------------------------------------------------------------------------------------+
44 +============+=====================================================================================+
45 | [SDNC-825] | OpenDaylight Neon upgrade |
46 +------------+-------------------------------------------------------------------------------------+
47 | [SDNC-858] | Tune OpenDaylight Java settings for NETCONF |
48 +------------+-------------------------------------------------------------------------------------+
49 | [SDNC-822] | Add aggregate-route-policy in GR-API and async changes |
50 +------------+-------------------------------------------------------------------------------------+
51 | [SDNC-431] | Implement config DB and REST API |
52 +------------+-------------------------------------------------------------------------------------+
53 | [SDNC-433] | Receive netconf notification from RAN, update config DB and publish change on DMAAP |
54 +------------+-------------------------------------------------------------------------------------+
59 The full list of bug fixes in the SDNC El Alto release may be found at <https://jira.onap.org/issues/?filter=12045>
62 The full list of known issues in SDNC may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119>
64 One specific issue of concern is the following
66 +------------+---------------------------------------------------------------------------------+
68 +============+=================================================================================+
69 | [SDNC-949] | GR-API Macro Orchestration fails while waiting on vnf-topology-operation status |
70 +------------+---------------------------------------------------------------------------------+
72 This issue is fixed in Gerrit, but not in the released 1.7.4 version of the SDNC docker container. This issue
73 can be manually fixed by installing the following 2 directed graphs via directed graph builder:
75 - `GENERIC-RESOURCE-API_vf-module-topology-operation.json <https://gerrit.onap.org/r/gitweb?p=sdnc/oam.git;a=blob_plain;f=platform-logic/generic-resource-api/src/main/json/GENERIC-RESOURCE-API_vf-module-topology-operation.json;hb=refs/heads/elalto>`_ vf-module-topology-operation directed graph
76 - `GENERIC-RESOURCE-API_vnf-topology-operation.json <https://gerrit.onap.org/r/gitweb?p=sdnc/oam.git;a=blob_plain;f=platform-logic/generic-resource-api/src/main/json/GENERIC-RESOURCE-API_vnf-topology-operation.json;hb=refs/heads/elalto>`_ vnf-topology-operation directed graph
80 One item of note is that the SDNC admin portal was determined to have a number of security vulnerabilities,
81 under Known Security Issues. As a temporary remediation, the admin portal was disabled in
82 Dublin. These issues have been resolved in El Alto.
88 *Fixed Security Issues*
90 - CVE-2019-12132 `OJSI-41 <https://jira.onap.org/browse/OJSI-41>`_ SDNC service allows for arbitrary code execution in sla/dgUpload form
91 Fixed temporarily by disabling admportal.
92 - CVE-2019-12123 `OJSI-42 <https://jira.onap.org/browse/OJSI-42>`_ SDNC service allows for arbitrary code execution in sla/printAsXml form
93 Fixed temporarily by disabling admportal.
94 - CVE-2019-12113 `OJSI-43 <https://jira.onap.org/browse/OJSI-43>`_ SDNC service allows for arbitrary code execution in sla/printAsGv form
95 Fixed by removing this API endpoint.
96 - `OJSI-91 <https://jira.onap.org/browse/OJSI-91>`_ SDNC exposes unprotected API for user creation
97 Fixed temporarily by disabling admportal.
98 - `OJSI-98 <https://jira.onap.org/browse/OJSI-98>`_ In default deployment SDNC (sdnc-portal) exposes HTTP port 30201 outside of cluster.
99 Port 30201 now uses HTTPS protocol.
100 - CVE-2019-12112 `OJSI-199 <https://jira.onap.org/browse/OJSI-199>`_ SDNC service allows for arbitrary code execution in sla/upload form
101 Fixed temporarily by disabling admportal.
102 - `OJSI-34 <https://jira.onap.org/browse/OJSI-34>`_ Multiple SQL Injection issues in SDNC
103 - `OJSI-99 <https://jira.onap.org/browse/OJSI-99>`_ In default deployment SDNC (sdnc) exposes HTTP port 30202 outside of cluster.
104 Port 30202 is no longer used.
105 - `OJSI-100 <https://jira.onap.org/browse/OJSI-100>`_ In default deployment SDNC (sdnc-dgbuilder) exposes HTTP port 30203 outside of cluster.
106 Port 30203 now uses HTTPS protocol.
107 - `OJSI-179 <https://jira.onap.org/browse/OJSI-179>`_ dev-sdnc-sdnc exposes JDWP on port 1830 which allows for arbitrary code execution
108 Ticket has been closed as no one was able to reproduce the issue.
109 - `OJSI-183 <https://jira.onap.org/browse/OJSI-183>`_ SDNC exposes ssh service on port 30208
110 Port 30202 is no longer used.
112 *Known Security Issues*
114 For CVE-2019-12132, CVE-2019-12123 and CVE-2019-12112 only temporary fix has been applied.
115 This fix simply prevents admportal from being started and exposed.
116 If admportal is to be used in your deployment, please be very cautious and remember to fix those vulnerabilities on your own.
118 *Known Vulnerabilities in Used Modules*
122 - `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
123 - `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
124 - `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_
129 :Release Date: 2019-06-13
134 The full list of Dublin epics and user stories for SDNC maybe be found at <https://jira.onap.org/issues/?filter=11803>.
136 The following list summarizes some of the most significant epics:
138 +------------+----------------------------------------------------------------------------+
139 | Jira # | Abstract |
140 +============+============================================================================+
141 | [SDNC-551] | OpenDaylight Fluorine Support |
142 +------------+----------------------------------------------------------------------------+
143 | [SDNC-564] | 5G Use Case |
144 +------------+----------------------------------------------------------------------------+
145 | [SDNC-565] | CCVPN Use Case Extension |
146 +------------+----------------------------------------------------------------------------+
147 | [SDNC-570] | SDN-R: Server side component |
148 +------------+----------------------------------------------------------------------------+
149 | [SDNC-579] | SDN-R : UX-Client |
150 +------------+----------------------------------------------------------------------------+
151 | [SDNC-631] | SDNC support for the PNF Use Case Network Assign for Plug and Play feature |
152 +------------+----------------------------------------------------------------------------+
156 The full list of bug fixes in the SDNC Dublin release may be found at <https://jira.onap.org/issues/?filter=11805>
159 The full list of known issues in SDNC may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119>
161 One item of note is that the SDNC admin portal was determined to have a number of security vulnerabilities,
162 under Known Security Issues. As a temporary remediation, the admin portal is disabled in
163 Dublin. It will be re-enabled in El Alto once the security issues are addressed.
167 *Fixed Security Issues*
169 - CVE-2019-12132 `OJSI-41 <https://jira.onap.org/browse/OJSI-41>`_ SDNC service allows for arbitrary code execution in sla/dgUpload form
170 Fixed temporarily by disabling admportal
171 - CVE-2019-12123 `OJSI-42 <https://jira.onap.org/browse/OJSI-42>`_ SDNC service allows for arbitrary code execution in sla/printAsXml form
172 Fixed temporarily by disabling admportal
173 - CVE-2019-12113 `OJSI-43 <https://jira.onap.org/browse/OJSI-43>`_ SDNC service allows for arbitrary code execution in sla/printAsGv form
174 Fixed temporarily by disabling admportal
175 - `OJSI-91 <https://jira.onap.org/browse/OJSI-91>`_ SDNC exposes unprotected API for user creation
176 Fixed temporarily by disabling admportal
177 - `OJSI-98 <https://jira.onap.org/browse/OJSI-98>`_ In default deployment SDNC (sdnc-portal) exposes HTTP port 30201 outside of cluster.
178 Fixed temporarily by disabling admportal
179 - CVE-2019-12112 `OJSI-199 <https://jira.onap.org/browse/OJSI-199>`_ SDNC service allows for arbitrary code execution in sla/upload form
180 Fixed temporarily by disabling admportal
182 *Known Security Issues*
184 - `OJSI-34 <https://jira.onap.org/browse/OJSI-34>`_ Multiple SQL Injection issues in SDNC
185 - `OJSI-99 <https://jira.onap.org/browse/OJSI-99>`_ In default deployment SDNC (sdnc) exposes HTTP port 30202 outside of cluster.
186 - `OJSI-100 <https://jira.onap.org/browse/OJSI-100>`_ In default deployment SDNC (sdnc-dgbuilder) exposes HTTP port 30203 outside of cluster.
187 - `OJSI-179 <https://jira.onap.org/browse/OJSI-179>`_ dev-sdnc-sdnc exposes JDWP on port 1830 which allows for arbitrary code execution
188 - `OJSI-183 <https://jira.onap.org/browse/OJSI-183>`_ SDNC exposes ssh service on port 30208
190 *Known Vulnerabilities in Used Modules*
194 - `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
195 - `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
196 - `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_
203 The following bugs are fixed in the SDNC Casablanca January 2019 maintenance release:
205 +------------+------------------------------------------------------------------------------------------+
206 | Jira # | Abstract |
207 +============+==========================================================================================+
208 | [SDNC-405] | SDNC API documentation is missing on ReadTheDocs |
209 +------------+------------------------------------------------------------------------------------------+
210 | [SDNC-523] | vnf-information.vnf-id validation check should not be mandatory in validate-vnf-input DG |
211 +------------+------------------------------------------------------------------------------------------+
212 | [SDNC-532] | oof query failed due to hostname change, returning unknown host |
213 +------------+------------------------------------------------------------------------------------------+
214 | [SDNC-534] | wrong "input" field in DMaaP message template |
215 +------------+------------------------------------------------------------------------------------------+
216 | [SDNC-536] | Upgrade zjsonpatch version to remediate vulnerabilities |
217 +------------+------------------------------------------------------------------------------------------+
218 | [SDNC-537] | Update to spring-boot 2.1.0-RELEASE |
219 +------------+------------------------------------------------------------------------------------------+
220 | [SDNC-540] | CCVPN closed loop testing failed. |
221 +------------+------------------------------------------------------------------------------------------+
222 | [SDNC-542] | [PORT] Network Discovery microservice does not log |
223 +------------+------------------------------------------------------------------------------------------+
224 | [SDNC-546] | CCVPN bugs fix for manual free integration test |
225 +------------+------------------------------------------------------------------------------------------+
226 | [SDNC-549] | Retain MD-SAL data on pod recreate |
227 +------------+------------------------------------------------------------------------------------------+
235 :Release Date: 2018-11-30
239 The Casablanca release of SDNC introduces the following new features:
241 - Network Discovery, in support of POMBA
242 - Support for CCVPN use case
243 - Change Management enhancements
247 The list of bugs fixed in the SDNC Casablanca release may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11544>
252 The list of known issues in the SDNC project may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119>
257 SDNC code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The SDNC open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_.
261 - `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
262 - `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
263 - `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_
268 **Deprecation Notes**
278 :Release Date: 2018-07-06
282 The full list of SDNC Beijing Epics and user stories can be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=10791>. The
283 following table lists the major features included in the Beijing release.
285 +------------+-------------------------------------------------------------------------------------------------------------+
286 | Jira # | Abstract |
287 +============+=============================================================================================================+
288 | [SDNC-278] | Change management in-place software upgrade execution using Ansible <https://jira.onap.org/browse/SDNC-278> |
289 +------------+-------------------------------------------------------------------------------------------------------------+
290 | [SDNC-163] | Deploy a SDN-C high availability environment - Kubernetes <https://jira.onap.org/browse/SDNC-163> |
291 +------------+-------------------------------------------------------------------------------------------------------------+
296 The list of bugs fixed in the SDNC Beijing release may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11118>
301 +------------+----------------------------------------------------------------------------------------------------------------------------------+
302 | Jira # | Abstract |
303 +============+==================================================================================================================================+
304 | [SDNC-324] | IPV4_ADDRESS_POOL is empty <https://jira.onap.org/browse/SDNC-324> |
305 +------------+----------------------------------------------------------------------------------------------------------------------------------+
306 | [SDNC-321] | dgbuilder won't save DG <https://jira.onap.org/browse/SDNC-321> |
307 +------------+----------------------------------------------------------------------------------------------------------------------------------+
308 | [SDNC-304] | SDNC OOM intermittent Healthcheck failure - JSONDecodeError - on different startup order <https://jira.onap.org/browse/SDNC-304> |
309 +------------+----------------------------------------------------------------------------------------------------------------------------------+
310 | [SDNC-115] | VNFAPI DGs contain plugin references to software not part of ONAP <https://jira.onap.org/browse/SDNC-115> |
311 +------------+----------------------------------------------------------------------------------------------------------------------------------+
312 | [SDNC-114] | Generic API DGs contain plugin references to software not part of ONAP <https://jira.onap.org/browse/SDNC-114> |
313 +------------+----------------------------------------------------------------------------------------------------------------------------------+
314 | [SDNC-106] | VNFAPI DGs contain old openecomp and com.att based plugin references <https://jira.onap.org/browse/SDNC-106> |
315 +------------+----------------------------------------------------------------------------------------------------------------------------------+
316 | [SDNC-64] | SDNC is not setting FromApp identifier in logging MDC <https://jira.onap.org/browse/SDNC-64> |
317 +------------+----------------------------------------------------------------------------------------------------------------------------------+
322 SDNC code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The SDNC open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=28379582>`_.
326 - `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
327 - `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
328 - `Project Vulnerability Review Table for SDNC <https://wiki.onap.org/pages/viewpage.action?pageId=28379582>`_
333 **Deprecation Notes**
342 :Release Date: 2018-01-18
346 - `SDNC-145 <https://jira.onap.org/browse/SDNC-145>`_ Error message refers to wrong parameters
347 - `SDNC-195 <https://jira.onap.org/browse/SDNC-195>`_ UEB listener doesn't insert correct parameters for allotted resources in DB table ALLOTTED_RESOURCE_MODEL
348 - `SDNC-198 <https://jira.onap.org/browse/SDNC-198>`_ CSIT job fails
349 - `SDNC-201 <https://jira.onap.org/browse/SDNC-201>`_ Fix DG bugs from integration tests
350 - `SDNC-202 <https://jira.onap.org/browse/SDNC-202>`_ Search for service -data null match, set vGW LAN IP via Heat
351 - `SDNC-211 <https://jira.onap.org/browse/SDNC-211>`_ Update SDNC Amsterdam branch to use maintenance release versions
352 - `SDNC-212 <https://jira.onap.org/browse/SDNC-212>`_ Duplicate file name
357 :Release Date: 2017-11-16
361 The ONAP Amsterdam release introduces the following changes to SDNC from
362 the original openECOMP seed code:
363 - Refactored / moved common platform code to new CCSDK project
364 - Refactored code to rename openecomp to onap
365 - Introduced new GENERIC-RESOURCE-API api, used by vCPE and VoLTE use cases
366 - Introduced new docker containers for SDC and DMAAP interfaces
371 The following known high priority issues are being worked and are expected to be delivered
373 - `SDNC-179 <https://jira.onap.org/browse/SDNC-179>`_ Failed to make HTTPS connection in restapicall node
374 - `SDNC-181 <https://jira.onap.org/browse/SDNC-181>`_ Change call to brg-wan-ip-address vbrg-wan-ip brg topo activate DG
375 - `SDNC-182 <https://jira.onap.org/browse/SDNC-182>`_ Fix VNI Consistency: Add vG vxlan tunnel setup and bridge domain setup to brg-topo-activate DG
383 **Deprecation Notes**