Code Review / aaf / sms.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Document fixed OJSI-206 vulnerability
[aaf/sms.git] / docs / release_notes.rst
diff --git a/docs/release_notes.rst b/docs/release_notes.rst
index cb8295b..fb0ff46 100644 (file)
--- a/docs/release_notes.rst
+++ b/docs/release_notes.rst
@@ -18,6 +18,17 @@ The Dublin Release does not have any major updates to the Secret Management Serv
 
        - No new fixes were implemented for this release
 
+**Security Notes**
+
+*Fixed Security Issues*
+
+       - In default deployment AAF SMS (aaf-sms-db) exposes HTTP port 30244 outside of cluster. [`OJSI-121 <https://jira.onap.org/browse/OJSI-121>`_]
+       - Secret Management Service allows to access all stored data. [`OJSI-206 <https://jira.onap.org/browse/OJSI-206>`_]
+
+*Known Security Issues*
+
+*Known Vulnerabilities in Used Modules*
+
 **Upgrade Notes**
 
     Use the 4.0.0 image for SMS
Secret Management Service that will contain the webservice as well as client code for managing and accessing secrets.