.. * This note must be removed after content has been added.
-Version: 1.5.2
+Version: 1.6.4
--------------
-:Release Date: 2019-6-6
+:Release Date: 2019-9-30
+
+The El Alto added the following feature, bug fixes and security enhancements:
+
+**New Features**
+
+ - Upgraded OpenDaylight (ODL) version to Fluorine SR2
+
+**Bug Fixes**
+
+ - `APPC-1319 <https://jira.onap.org/browse/APPC-1319>`_ - apidoc shows ""undefined"" when netconf successfully mounted
+ - `APPC-1584 <https://jira.onap.org/browse/APPC-1584>`_ - Incorrect Package name in Audit Directed Graph
+ - `APPC-1587 <https://jira.onap.org/browse/APPC-1587>`_ - Publish config field mismatch in onap documentaion & Audit DG
+ - `APPC-1588 <https://jira.onap.org/browse/APPC-1588>`_ - Publish config filed missing in Sync LCM in documentation
+ - `APPC-1589 <https://jira.onap.org/browse/APPC-1589>`_ - Cvaas directory is not mounted in docker image,Dublin Release
+ - `APPC-1590 <https://jira.onap.org/browse/APPC-1590>`_ - Sync & Audit Payload to include the file name
+ - `APPC-1604 <https://jira.onap.org/browse/APPC-1604>`_ - APPC Not Picking up Mesasges from Dmaap
+ - `APPC-1613 <https://jira.onap.org/browse/APPC-1613>`_ - Exception for LCM request with parameter read from A&AI
+ - `APPC-1627 <https://jira.onap.org/browse/APPC-1627>`_ - Daexim directory owned by root - access denied during boot
+ - `APPC-1634 <https://jira.onap.org/browse/APPC-1634>`_ - Mark the fields transient of RequestFailedException.java Serializable class to full-fill Serializable class contract,
+ - `APPC-1635 <https://jira.onap.org/browse/APPC-1635>`_ - Mark the fields transient of EventMessage.java Serializable class to full-fill Serializable class contract
+ - `APPC-1639 <https://jira.onap.org/browse/APPC-1639>`_ - Error during CDT SQL query
+ - `APPC-1713 <https://jira.onap.org/browse/APPC-1713>`_ - Appc eelf logging resource bundle error after ODL upgrade
+ - `APPC-1736 <https://jira.onap.org/browse/APPC-1736>`_ - change mountpoint for pax property file
+
+**Known Issues**
+
+ - `APPC-1710 <https://jira.onap.org/browse/APPC-1710>`_ - Need for "ReadWriteMany" access on storage when deploying on Kubernetes?
+ - to work around this is to add "accessMode: ReadWriteOnce" to values.yaml in APPC helm chart
+ - `APPC-1766 <https://jira.onap.org/browse/APPC-1766>`_ - openStackEncryptedPassword value is not encrypted
+ - to work around this is to change "provider1.tenant1.password={{.Values.config.openStackEncryptedPassword}}" to "provider1.tenant1.password=<non-encrypted plaintext password>" in APPC helm chart's appc.properties.
+
+
+**Security Notes**
+
+*Fixed Security Issues*
+
+ - `OJSI-25 <https://jira.onap.org/browse/OJSI-25>`_ - SQL Injection in APPC (CVE-2019-12316)
+ - `OJSI-104 <https://jira.onap.org/browse/OJSI-104>`_ - appc exposes plain text HTTP endpoint using port 30211
+ - `OJSI-113 <https://jira.onap.org/browse/OJSI-113>`_ - appc exposes plain text HTTP endpoint using port 30230
+ - `OJSI-146 <https://jira.onap.org/browse/OJSI-146>`_ - appc-cdt exposes plain text HTTP endpoint using port 30289
+ - `OJSI-185 <https://jira.onap.org/browse/OJSI-185>`_ - appc exposes ssh service on port 30231
+ SSH is exposed by ODL in order to use NETCONF within SSH session based on `RFC-6242 <https://tools.ietf.org/html/rfc6242>` so currently it cannot be avoided.
+ Taken into account that this design is well documented in RFC, we no longer consider this to be a security issue but only a hardening opportunity.
+
+Version: 1.5.3
+--------------
+
+:Release Date: 2019-6-19
**New Features**
**Bug Fixes**
+ - `APPC-1242 <https://jira.onap.org/browse/APPC-1242>`_ - vFWCL ModifyConfig only works on one node in an APPC cluster.
- `APPC-1263 <https://jira.onap.org/browse/APPC-1263>`_ - Two methods of Artifact Transformer in appc-config-params will always return null.
- `APPC-1264 <https://jira.onap.org/browse/APPC-1264>`_ - Errors in unit tests in config-generator package.
- `APPC-1270 <https://jira.onap.org/browse/APPC-1270>`_ - Unit tests in ccadaptor code not testing correctly.
**Known Issues**
- `APPC-1613 <https://jira.onap.org/browse/APPC-1613>`_ - Exception for LCM request with parameter read from A&AI.
+ - to work around this is to switch to the fixed parameter in the template or passed as configuration parameter in stead of using A&AI that APPC received the value from the request.
**Security Notes**
*Known Security Issues*
+ - CVE-2019-12316 `OJSI-25 <https://jira.onap.org/browse/OJSI-25>`_ - SQL Injection in APPC
+ - `OJSI-29 <https://jira.onap.org/browse/OJSI-29>`_ - Unsecured Swagger UI Interface in AAPC
+ - CVE-2019-12124 `OJSI-63 <https://jira.onap.org/browse/OJSI-63>`_ - APPC exposes Jolokia Interface which allows to read and overwrite any arbitrary file
+ - `OJSI-95 <https://jira.onap.org/browse/OJSI-95>`_ - appc-cdt allows to impersonate any user by setting USER_ID
+ - `OJSI-112 <https://jira.onap.org/browse/OJSI-112>`_ - In default deployment APPC (appc-dgbuilder) exposes HTTP port 30228 outside of cluster.
+ - `OJSI-113 <https://jira.onap.org/browse/OJSI-113>`_ - In default deployment APPC (appc) exposes HTTP port 30230 outside of cluster.
+ - `OJSI-185 <https://jira.onap.org/browse/OJSI-185>`_ - appc exposes ssh service on port 30231
+
*Known Vulnerabilities in Used Modules*
Quick Links:
Code Review / appc.git / blobdiff