1 .. This work is licensed under a Creative Commons Attribution 4.0
3 .. http://creativecommons.org/licenses/by/4.0
4 .. (c) ONAP Project and its contributors
15 This document provides the release notes for the Frankfurt release of the Software Defined
16 Network Controller (SDNC)
21 The Frankfurt release of SDNC introduces new functionality to support PNFs (Physical Network Functions), extends support
22 for Netconf/TLS to support CMPv2, and adds support for the Multi Domain Optical Network Service use case.
29 +-------------------------+-------------------------------------------+
30 | **Project** | SDNC |
32 +-------------------------+-------------------------------------------+
33 | **Docker images** | See :ref:`dockercontainers` section below |
34 +-------------------------+-------------------------------------------+
35 | **Release designation** | Frankfurt |
37 +-------------------------+-------------------------------------------+
38 | **Release date** | 06/04/2020 |
40 +-------------------------+-------------------------------------------+
46 The SDNC Frankfurt release includes the following features:
48 * ORAN-compliant A1 adaptor (Jira `SDNC-965 <https://jira.onap.org/browse/SDNC-965>`_)
49 * Multi-Domain Optical Service (Jira `SDNC-928 <https://jira.onap.org/browse/SDNC-928>`_)
50 * Python 2 -> Python 3 migration (Jira `SDNC-967 <https://jira.onap.org/browse/SDNC-967>`_)
51 * Upgrade to new Policy lifecycle API (Jira `SDNC-968 <https://jira.onap.org/browse/SDNC-968>`_)
55 For the complete list of `SDNC Frankfurt release epics <https://jira.onap.org/issues/?filter=12322>`_ and
56 `SDNC Frankfurt release user stories <https://jira.onap.org/issues/?filter=12323>`_ , please see the `ONAP Jira`_.
60 The full list of `bugs fixed in the SDNC Frankfurt release <https://jira.onap.org/issues/?filter=12324>`_ is maintained on the `ONAP Jira`_.
64 The full list of `known issues in SDNC <https://jira.onap.org/issues/?filter=11119>`_ is maintained on the `ONAP Jira`_.
72 The SDNC portal is considered deprecated in the Frankfurt release, due
73 to resource contraints. This functionality is delivered dormant
74 in Frankfurt (i.e. it is disabled in the Frankfurt helm charts) and we
75 plan to remove the code entirely in the Guilin release.
79 The functionality provided by the VNF-API is now provided as part
80 of the GENERIC-RESOURCE-API. Therefore, the VNF-API is deprecated
81 in Frankfurt and will be removed in Guilin.
95 The following table lists the docker containers comprising the SDNC Frankfurt
96 release along with the current stable Frankfurt version/tag. Each of these is
97 available on the ONAP nexus3 site (https://nexus3.onap.org) and can be downloaded
98 with the following command::
100 docker pull nexus3.onap.org:10001/{image-name}:{version}
103 Note: users that want to use the latest in-development Frankfurt version may use the
104 tag 0.7-STAGING-latest to pull the latest daily Frankfurt build
106 +--------------------------------+-----------------------------------------------------+---------+
107 | Image name | Description | Version |
108 +================================+=====================================================+=========+
109 | onap/sdnc-aaf-image | SDNC controller image, integrated with AAF for RBAC | 1.8.3 |
110 +--------------------------------+-----------------------------------------------------+---------+
111 | onap/sdnc-ansible-server-image | Ansible server | 1.8.3 |
112 +--------------------------------+-----------------------------------------------------+---------+
113 | onap/sdnc-dmaap-listener-image | DMaaP listener | 1.8.3 |
114 +--------------------------------+-----------------------------------------------------+---------+
115 | onap/sdnc-image | SDNC controller image, without AAF integration | 1.8.3 |
116 +--------------------------------+-----------------------------------------------------+---------+
117 | onap/sdnc-ueb-listener-image | SDC listener | 1.8.3 |
118 +--------------------------------+-----------------------------------------------------+---------+
119 | onap/sdnc-web-image | Web tier (currently only used by SDN-R persona) | 1.8.3 |
120 +--------------------------------+-----------------------------------------------------+---------+
123 Documentation Deliverables
124 ~~~~~~~~~~~~~~~~~~~~~~~~~~
126 * `SDN Controller for Radio user guide`_
128 Known Limitations, Issues and Workarounds
129 =========================================
134 No system limitations noted.
137 Known Vulnerabilities
138 ---------------------
140 Any known vulnerabilities for ONAP are tracked in the `ONAP Jira`_ in the OJSI project. Any outstanding OJSI issues that
141 pertain to SDNC are listed in the :ref:`secissues` section below.
153 Fixed Security Issues
154 ~~~~~~~~~~~~~~~~~~~~~
156 The following security issues have been addressed in the Frankfurt SDNC release:
158 * `OSJI-34 <https://jira.onap.org/browse/OJSI-34>`_ : Multiple SQL Injection issues in SDNC
159 * `OSJI-40 <https://jira.onap.org/browse/OJSI-40>`_ : SDNC service allows for arbitrary code execution
160 * `OSJI-41 <https://jira.onap.org/browse/OJSI-41>`_ : SDNC service allows for arbitrary code execution in sla/dgUpload form (CVE-2019-12132)
161 * `OSJI-42 <https://jira.onap.org/browse/OJSI-42>`_ : SDNC service allows for arbitrary code execution in sla/printAsXml form (CVE-2019-12123)
162 * `OSJI-43 <https://jira.onap.org/browse/OJSI-43>`_ : SDNC service allows for arbitrary code execution in sla/printAsGv form (CVE-2019-12113)
163 * `OSJI-199 <https://jira.onap.org/browse/OJSI-199>`_ : SDNC service allows for arbitrary code execution in sla/upload form (CVE-2019-12112)
164 * `SDNC-1145 <https://jira.onap.org/browse/SDNC-1145>`_ : Pods still run as root
165 * `SDNC-970 <https://jira.onap.org/browse/SDNC-970>`_ : Password removal from OOM Helm charts
169 Known Security Issues
170 ~~~~~~~~~~~~~~~~~~~~~
172 There is currently one known SDNC security issue, related to the SDNC portal
174 * `OJSI-91 <https://jira.onap.org/browse/OJSI-91>`_ : SDNC exposes unprotected API for user creation
176 The current implementation of the SDNC portal - which was intended purely
177 as a test tool - has a self-subscription model - so anyone can create an
178 account by going to the setup link. This is not appropriate for production
179 deployment and we strongly recommend that the SDNC portal NOT be used in
182 The SDNC portal is disabled in the Frankfurt helm charts and will be removed
183 entirely in the Guilin release.
195 For more information on the ONAP Frankfurt release, please see:
198 #. `ONAP Documentation`_
199 #. `ONAP Release Downloads`_
203 .. _`ONAP Home Page`: https://www.onap.org
204 .. _`ONAP Wiki Page`: https://wiki.onap.org
205 .. _`ONAP Documentation`: https://docs.onap.org
206 .. _`ONAP Release Downloads`: https://git.onap.org
207 .. _`ONAP Jira`: https://jira.onap.org
208 .. _`SDN Controller for Radio user guide`: https://docs.onap.org/en/frankfurt/submodules/ccsdk/features.git/docs/guides/onap-user/home.html