OOM Certification Service Release Notes
***************************************
+.. contents::
+ :depth: 2
+..
+
+Version: 2.5.0
+==============
+
Abstract
-========
+--------
-This document provides the release notes for the Honolulu release.
+This document provides the release notes for the Jakarta release.
Summary
-=======
+-------
+
+Vulnerability Fix
+
+Release Data
+------------
+
++--------------------------------------+---------------------------------------------------------------------------------------+
+| **Project** | OOM |
+| | |
++--------------------------------------+---------------------------------------------------------------------------------------+
+| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.5.0 |
+| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 |
+| | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.5.0|
+| | |
++--------------------------------------+---------------------------------------------------------------------------------------+
+| **Release designation** | Jakarta |
+| | |
++--------------------------------------+---------------------------------------------------------------------------------------+
+
+
+New features
+------------
+
+**Bug fixes**
+
+**Known Issues**
+
+If Cert-Manager was down for some time and did not trigger certificate update on time, then updating an outdated certificate may require manual actions.
+The required actions are described in :ref:`Troubleshooting section <troubleshooting>`
+
+Deliverables
+------------
+
+Software Deliverables
+~~~~~~~~~~~~~~~~~~~~~
+Docker images mentioned in Release Date section.
+
+Documentation Deliverables
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- :ref:`CMPv2 certificate provider description <cmpv2_cert_provider>`
+
+Known Limitations, Issues and Workarounds
+-----------------------------------------
-Certification Service provides certificates signed by external CMPv2 server - such certificates are further called operators certificates. Operators certificates are meant to secure external ONAP traffic - traffic between network functions (xNFs) and ONAP.
+System Limitations
+~~~~~~~~~~~~~~~~~~
-This project was moved from Application Authorization Framework (AAF), to check previous release notes see, `AAF CertService release notes <https://docs.onap.org/projects/onap-aaf-certservice/en/frankfurt/sections/release-notes.html>`_ .
+Any known system limitations.
+Known Vulnerabilities
+~~~~~~~~~~~~~~~~~~~~~
+
+Any known vulnerabilities.
+
+
+Workarounds
+~~~~~~~~~~~
+
+Any known workarounds.
+
+
+Security Notes
+--------------
+
+**Fixed Security Issues**
+
+- `OOM-2903 <https://jira.onap.org/browse/OOM-2903>`_ Fix Apache Vulnerability [CVE-2021-44228] in CertService
+
+**Known Security Issues**
+
+None
+
+
+Test Results
+------------
+Not applicable
+
+
+References
+----------
+
+For more information on the ONAP Istanbul release, please see:
+
+#. `ONAP Home Page`_
+#. `ONAP Documentation`_
+#. `ONAP Release Downloads`_
+#. `ONAP Wiki Page`_
+
+Version: 2.4.0
+==============
+
+Abstract
+--------
+
+This document provides the release notes for the Istanbul release.
+
+Summary
+-------
+
+Certificate update use case is now available. For details go to:
+:ref:`How to use instructions<how_to_use_certificate_update>`
+
Release Data
-============
+------------
+--------------------------------------+---------------------------------------------------------------------------------------+
| **Project** | OOM |
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
-| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3 |
-| | * onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3 |
-| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3 |
-| | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.3|
+| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0 |
+| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 |
+| | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0|
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
-| **Release designation** | Honolulu |
+| **Release designation** | Istanbul |
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
New features
------------
-- `OOM-2560 <https://jira.onap.org/browse/OOM-2560>`_ Integrated CMPv2 certificate provider with Cert-Manager
+- `OOM-2754 <https://jira.onap.org/browse/OOM-2754>`_ Implement certificate update in CMPv2 external issuer
- An CMPv2 certificate provider is a part of PKI infrastructure. It consumes CertificateRequest custom resource from Cert-Manager and calls CertService API to enroll certificate from CMPv2 server.
- During ONAP deployment, the CMPv2 certificate provider is enabled when flags cmpv2Enabled, CMPv2CertManagerIntegration and platform.enabled equals true.
+- `OOM-2753 <https://jira.onap.org/browse/OOM-2753>`_ Implement certificate update in CMPv2 CertService
- More information can be found on dedicated `wiki page <https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration>`_
+- `OOM-2744 <https://jira.onap.org/browse/OOM-2744>`_ Remove CertService Client mechanism from ONAP
-- `OOM-2632 <https://jira.onap.org/browse/OOM-2632>`_ Extended CertService API and clients to correctly support SANs parameters such as: e-mails, URIs and IP addresses.
+- `OOM-2649 <https://jira.onap.org/browse/OOM-2649>`_ Update contrib/ejbca to 7.x
**Bug fixes**
-- `OOM-2656 <https://jira.onap.org/browse/OOM-2656>`_ Adjusted CertService API to RFC4210 - changed MAC protection algorithm and number of iteration for such algorithm.
+- `OOM-2771 <https://jira.onap.org/browse/OOM-2771>`_ Fix CertificateRequest resource was not found issue in CMPv2 external issuer
-- `OOM-2657 <https://jira.onap.org/browse/OOM-2657>`_ Enhanced CertServiceAPI response in order to include CMP server error messages.
-
-- `OOM-2658 <https://jira.onap.org/browse/OOM-2658>`_ Fixed KeyUsage extension sent to CMPv2 server
+- `OOM-2764 <https://jira.onap.org/browse/OOM-2764>`_ Fix sonar issues in CertService
**Known Issues**
-None
+If Cert-Manager was down for some time and did not trigger certificate update on time, then updating an outdated certificate may require manual actions.
+The required actions are described in :ref:`Troubleshooting section <troubleshooting>`
Deliverables
------------
Documentation Deliverables
~~~~~~~~~~~~~~~~~~~~~~~~~~
-- :doc:`CMPv2 certificate provider description <cmpv2-cert-provider>`
+- :ref:`CMPv2 certificate provider description <cmpv2_cert_provider>`
Known Limitations, Issues and Workarounds
-=========================================
+-----------------------------------------
System Limitations
-------------------
+~~~~~~~~~~~~~~~~~~
Any known system limitations.
Known Vulnerabilities
----------------------
+~~~~~~~~~~~~~~~~~~~~~
Any known vulnerabilities.
Workarounds
------------
+~~~~~~~~~~~
Any known workarounds.
Test Results
-============
+------------
Not applicable
References
-==========
+----------
-For more information on the ONAP Honolulu release, please see:
+For more information on the ONAP Istanbul release, please see:
#. `ONAP Home Page`_
#. `ONAP Documentation`_
#. `ONAP Release Downloads`_
#. `ONAP Wiki Page`_
-
.. _`ONAP Home Page`: https://www.onap.org
.. _`ONAP Wiki Page`: https://wiki.onap.org
.. _`ONAP Documentation`: https://docs.onap.org
-.. _`ONAP Release Downloads`: https://git.onap.org
+.. _`ONAP Release Downloads`: https://git.onap.org
\ No newline at end of file