Document OJSI-122 vulnerability

[optf/osdf.git] / docs / sections / release-notes.rst

diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst
index 2cca5d1..4c4bd9c 100644 (file)
--- a/docs/sections/release-notes.rst
+++ b/docs/sections/release-notes.rst
@@ -42,6 +42,14 @@ The Dublin release for OOF delivered the following Epics.
 
 **Security Notes**
 
+*Fixed Security Issues*
+
+*Known Security Issues*
+
+    * [`OJSI-122 <https://jira.onap.org/browse/OJSI-122>`_] In default deployment OPTFRA (oof-osdf) exposes HTTP port 30248 outside of cluster.
+
+*Known Vulnerabilities in Used Modules*
+
 OPTFRA osdf code has been formally scanned during build time using NexusIQ and no Critical vulnerability was found.
 The OPTF open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=64005463>`_.
 
@@ -113,7 +121,7 @@ A summary of features includes
 
 * Platform Maturity Level 1
     * ~65.1+ unit test coverage
-    
+
 The Casablanca release for OOF delivered the following Epics.
 
     * [OPTFRA-273] - Epic Name: OOF Casablanca S3P Manageability enhancement