.. See the License for the specific language governing permissions and
.. limitations under the License.
.. ============LICENSE_END============================================
+.. _release_notes:
Release Notes
=============
.. * This note must be removed after content has been added.
+Abstract
+========
+
+This document provides the release notes for the Application Controller Project's Frankfurt release.
+
+Summary
+=======
+
+The Application Controller (APPC) performs functions to manage the lifecycle of VNFs and their components providing model driven configuration, abstracts cloud/VNF interfaces for repeatable actions, uses vendor agnostic mechanisms (NETCONF, Chef via Chef Server and Ansible) and enables automation.
+
+Release Data
+============
+
+Version: 1.7.2
+--------------
+
+:Release Date: 2020-5-23
+
+
+New features
+------------
+
+ - Upgraded OpenDaylight (ODL) version to Neon SR1
+
+ - Added support for the following LCM actions (a desciption of all of the above LCM actions can be found in the APPC LCM API Guide on readthedoc):
+
+ - ActivateNESw
+
+ - ConfigScaleIn
+
+ - DownloadNESw
+
+ - GetConfig
+
+ - LicenseManagement
+
+ - PostEvacuate
+
+ - PostMigrate
+
+ - PostRebuild
+
+ - PreConfigure
+
+ - PreEvacuate
+
+ - PreMigrate
+
+ - PreRebuild
+
+ - Provisioning
+
+ - StartTraffic
+
+ - StatusTraffic
+
+ - StopTraffic
+
+ - Move northbound DMAAP adapter out from ODL OSGI Karaf base
+
+ - vnfc/vf-module/v-server operations support for ansible LCMs
+
+ - Resource resolution via CDS
+
+
+Known Limitations, Issues and Workarounds
+=========================================
+
+System Limitations
+------------------
+
+ - OpenStack Restriction:
+
+ - Currently APPC only supports OpenStack.
+
+ - Admin level access for Tenant level operations.
+
+ - OpenStack Hypervisorcheck is turned off by default.
+
+ - Netconf Restriction:
+
+ - Currently APPC only tested with Honeycomb.
+
+Known Vulnerabilities
+---------------------
+
+* `AAF-987 <https://jira.onap.org/browse/AAF-987>`_ - Bath function in AAF can not be functioned with different users and roles, which are associated with Opendaylight AAA users.
+
+Workarounds
+-----------
+
+
+Security Notes
+--------------
+
+ - Password removal from helm charts
+
+ - Allow overriding of keystore and truststore in APPC helm charts
+
+ - All application processes are running non-root user in containers
+
+References
+==========
+
+For more information on the ONAP Frankfurt release, please see:
+
+#. `ONAP Home Page`_
+#. `ONAP Documentation`_
+#. `ONAP Release Downloads`_
+#. `ONAP Wiki Page`_
+
+
+.. _`ONAP Home Page`: https://www.onap.org
+.. _`ONAP Wiki Page`: https://wiki.onap.org
+.. _`ONAP Documentation`: https://docs.onap.org
+.. _`ONAP Release Downloads`: https://git.onap.org
+
+
+.. ==========================
+.. * * * EL ALTO * * *
+.. ==========================
+
+
Version: 1.6.4
--------------
- `APPC-1713 <https://jira.onap.org/browse/APPC-1713>`_ - Appc eelf logging resource bundle error after ODL upgrade
- `APPC-1736 <https://jira.onap.org/browse/APPC-1736>`_ - change mountpoint for pax property file
+**Known Issues**
+
+ - `APPC-1710 <https://jira.onap.org/browse/APPC-1710>`_ - Need for "ReadWriteMany" access on storage when deploying on Kubernetes?
+ - to work around this is to add "accessMode: ReadWriteOnce" to values.yaml in APPC helm chart
+ - `APPC-1766 <https://jira.onap.org/browse/APPC-1766>`_ - openStackEncryptedPassword value is not encrypted
+ - to work around this is to change "provider1.tenant1.password={{.Values.config.openStackEncryptedPassword}}" to "provider1.tenant1.password=<non-encrypted plaintext password>" in APPC helm chart's appc.properties.
+
+
**Security Notes**
*Fixed Security Issues*
- `OJSI-25 <https://jira.onap.org/browse/OJSI-25>`_ - SQL Injection in APPC (CVE-2019-12316)
- `OJSI-104 <https://jira.onap.org/browse/OJSI-104>`_ - appc exposes plain text HTTP endpoint using port 30211
- `OJSI-113 <https://jira.onap.org/browse/OJSI-113>`_ - appc exposes plain text HTTP endpoint using port 30230
- - `OJSI-113 <https://jira.onap.org/browse/OJSI-146>`_ - appc-cdt exposes plain text HTTP endpoint using port 30289
- - `OJSI-176 <https://jira.onap.org/browse/OJSI-176>`_ - dev-appc-appc exposes JDWP on port 1830 which allows for arbitrary code execution
- - `OJSI-177 <https://jira.onap.org/browse/OJSI-177>`_ - dev-appc-appc exposes JDWP on port 8101 which allows for arbitrary code execution
+ - `OJSI-146 <https://jira.onap.org/browse/OJSI-146>`_ - appc-cdt exposes plain text HTTP endpoint using port 30289
- `OJSI-185 <https://jira.onap.org/browse/OJSI-185>`_ - appc exposes ssh service on port 30231
+ SSH is exposed by ODL in order to use NETCONF within SSH session based on `RFC-6242 <https://tools.ietf.org/html/rfc6242>` so currently it cannot be avoided.
+ Taken into account that this design is well documented in RFC, we no longer consider this to be a security issue but only a hardening opportunity.
Version: 1.5.3
--------------