Automation adds release-notes.rst

[appc.git] / docs / release-notes.rst

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 04bc4c4..ae6db98 100644 (file)
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -14,6 +14,7 @@
 .. See the License for the specific language governing permissions and
 .. limitations under the License.
 .. ============LICENSE_END============================================
+.. _release_notes:
 
 Release Notes
 =============
@@ -58,6 +59,8 @@ The El Alto added the following feature, bug fixes and security enhancements:
 
       - `APPC-1710 <https://jira.onap.org/browse/APPC-1710>`_ - Need for "ReadWriteMany" access on storage when deploying on Kubernetes?
          - to work around this is to add "accessMode: ReadWriteOnce" to values.yaml in APPC helm chart
+      - `APPC-1766 <https://jira.onap.org/browse/APPC-1766>`_ - openStackEncryptedPassword value is not encrypted
+         - to work around this is to change "provider1.tenant1.password={{.Values.config.openStackEncryptedPassword}}" to "provider1.tenant1.password=<non-encrypted plaintext password>" in APPC helm chart's appc.properties.
 
 
 **Security Notes**
@@ -69,6 +72,8 @@ The El Alto added the following feature, bug fixes and security enhancements:
       - `OJSI-113 <https://jira.onap.org/browse/OJSI-113>`_ - appc exposes plain text HTTP endpoint using port 30230
       - `OJSI-146 <https://jira.onap.org/browse/OJSI-146>`_ - appc-cdt exposes plain text HTTP endpoint using port 30289
       - `OJSI-185 <https://jira.onap.org/browse/OJSI-185>`_ - appc exposes ssh service on port 30231
+       SSH is exposed by ODL in order to use NETCONF within SSH session based on `RFC-6242 <https://tools.ietf.org/html/rfc6242>` so currently it cannot be avoided.
+       Taken into account that this design is well documented in RFC, we no longer consider this to be a security issue but only a hardening opportunity.
 
 Version: 1.5.3
 --------------