Code Review / oom.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Document OJSI-202 (CVE-2019-12127) vulnerability
[oom.git] / docs / release-notes.rst
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 4972492..3d61e73 100644 (file)
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -49,6 +49,16 @@ Summary
 
 **Security Notes**
 
+*Fixed Security Issues*
+
+*Known Security Issues*
+
+* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_]
+* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+* CVE-2019-12127 - OOM exposes unprotected API/UI on port 30270 [`OJSI-202 <https://jira.onap.org/browse/OJSI-202>`_]
+
+*Known Vulnerabilities in Used Modules*
+
 OOM code has been formally scanned during build time using NexusIQ and no
 Critical vulnerability was found.
 
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).