X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=docs%2Frelease-notes.rst;h=01582f405927c92ee879eead2b9308c2d10f8d77;hb=refs%2Fheads%2Fmaster;hp=5ca3186c0ad782bc54c58ef576db0852c05273c7;hpb=e21015630eb54bc5fba3d147962ac1d92a1ac1c8;p=appc.git diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 5ca3186c0..2e9e22856 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -14,6 +14,7 @@ .. See the License for the specific language governing permissions and .. limitations under the License. .. ============LICENSE_END============================================ +.. _release_notes: Release Notes ============= @@ -26,10 +27,181 @@ Release Notes .. * This note must be removed after content has been added. -Version: 1.5.2 +Abstract +======== + +This document provides the release notes for the Application Controller Project's Frankfurt release. + +Summary +======= + +The Application Controller (APPC) performs functions to manage the lifecycle of VNFs and their components providing model driven configuration, abstracts cloud/VNF interfaces for repeatable actions, uses vendor agnostic mechanisms (NETCONF, Chef via Chef Server and Ansible) and enables automation. + +Release Data +============ + +Version: 1.7.2 +-------------- + +:Release Date: 2020-5-23 + + +New features +------------ + + - Upgraded OpenDaylight (ODL) version to Neon SR1 + + - Added support for the following LCM actions (a desciption of all of the above LCM actions can be found in the APPC LCM API Guide on readthedoc): + + - ActivateNESw + + - ConfigScaleIn + + - DownloadNESw + + - GetConfig + + - LicenseManagement + + - PostEvacuate + + - PostMigrate + + - PostRebuild + + - PreConfigure + + - PreEvacuate + + - PreMigrate + + - PreRebuild + + - Provisioning + + - StartTraffic + + - StatusTraffic + + - StopTraffic + + - Move northbound DMAAP adapter out from ODL OSGI Karaf base + + - vnfc/vf-module/v-server operations support for ansible LCMs + + - Resource resolution via CDS + + +Known Limitations, Issues and Workarounds +========================================= + +System Limitations +------------------ + + - OpenStack Restriction: + + - Currently APPC only supports OpenStack. + + - Admin level access for Tenant level operations. + + - OpenStack Hypervisorcheck is turned off by default. + + - Netconf Restriction: + + - Currently APPC only tested with Honeycomb. + +Known Vulnerabilities +--------------------- + +* `AAF-987 `_ - Bath function in AAF can not be functioned with different users and roles, which are associated with Opendaylight AAA users. + +Workarounds +----------- + + +Security Notes +-------------- + + - Password removal from helm charts + + - Allow overriding of keystore and truststore in APPC helm charts + + - All application processes are running non-root user in containers + +References +========== + +For more information on the ONAP Frankfurt release, please see: + +#. `ONAP Home Page`_ +#. `ONAP Documentation`_ +#. `ONAP Release Downloads`_ +#. `ONAP Wiki Page`_ + + +.. _`ONAP Home Page`: https://www.onap.org +.. _`ONAP Wiki Page`: https://wiki.onap.org +.. _`ONAP Documentation`: https://docs.onap.org +.. _`ONAP Release Downloads`: https://git.onap.org + + +.. ========================== +.. * * * EL ALTO * * * +.. ========================== + + +Version: 1.6.4 +-------------- + +:Release Date: 2019-9-30 + +The El Alto added the following feature, bug fixes and security enhancements: + +**New Features** + + - Upgraded OpenDaylight (ODL) version to Fluorine SR2 + +**Bug Fixes** + + - `APPC-1319 `_ - apidoc shows ""undefined"" when netconf successfully mounted + - `APPC-1584 `_ - Incorrect Package name in Audit Directed Graph + - `APPC-1587 `_ - Publish config field mismatch in onap documentaion & Audit DG + - `APPC-1588 `_ - Publish config filed missing in Sync LCM in documentation + - `APPC-1589 `_ - Cvaas directory is not mounted in docker image,Dublin Release + - `APPC-1590 `_ - Sync & Audit Payload to include the file name + - `APPC-1604 `_ - APPC Not Picking up Mesasges from Dmaap + - `APPC-1613 `_ - Exception for LCM request with parameter read from A&AI + - `APPC-1627 `_ - Daexim directory owned by root - access denied during boot + - `APPC-1634 `_ - Mark the fields transient of RequestFailedException.java Serializable class to full-fill Serializable class contract, + - `APPC-1635 `_ - Mark the fields transient of EventMessage.java Serializable class to full-fill Serializable class contract + - `APPC-1639 `_ - Error during CDT SQL query + - `APPC-1713 `_ - Appc eelf logging resource bundle error after ODL upgrade + - `APPC-1736 `_ - change mountpoint for pax property file + +**Known Issues** + + - `APPC-1710 `_ - Need for "ReadWriteMany" access on storage when deploying on Kubernetes? + - to work around this is to add "accessMode: ReadWriteOnce" to values.yaml in APPC helm chart + - `APPC-1766 `_ - openStackEncryptedPassword value is not encrypted + - to work around this is to change "provider1.tenant1.password={{.Values.config.openStackEncryptedPassword}}" to "provider1.tenant1.password=" in APPC helm chart's appc.properties. + + +**Security Notes** + +*Fixed Security Issues* + + - `OJSI-25 `_ - SQL Injection in APPC (CVE-2019-12316) + - `OJSI-104 `_ - appc exposes plain text HTTP endpoint using port 30211 + - `OJSI-113 `_ - appc exposes plain text HTTP endpoint using port 30230 + - `OJSI-146 `_ - appc-cdt exposes plain text HTTP endpoint using port 30289 + - `OJSI-185 `_ - appc exposes ssh service on port 30231 + SSH is exposed by ODL in order to use NETCONF within SSH session based on `RFC-6242 ` so currently it cannot be avoided. + Taken into account that this design is well documented in RFC, we no longer consider this to be a security issue but only a hardening opportunity. + +Version: 1.5.3 -------------- -:Release Date: 2019-6-6 +:Release Date: 2019-6-19 **New Features** @@ -70,6 +242,7 @@ The Dublin release added the following functionality: **Bug Fixes** + - `APPC-1242 `_ - vFWCL ModifyConfig only works on one node in an APPC cluster. - `APPC-1263 `_ - Two methods of Artifact Transformer in appc-config-params will always return null. - `APPC-1264 `_ - Errors in unit tests in config-generator package. - `APPC-1270 `_ - Unit tests in ccadaptor code not testing correctly. @@ -105,6 +278,7 @@ The Dublin release added the following functionality: **Known Issues** - `APPC-1613 `_ - Exception for LCM request with parameter read from A&AI. + - to work around this is to switch to the fixed parameter in the template or passed as configuration parameter in stead of using A&AI that APPC received the value from the request. **Security Notes** @@ -120,6 +294,8 @@ The Dublin release added the following functionality: - CVE-2019-12124 `OJSI-63 `_ - APPC exposes Jolokia Interface which allows to read and overwrite any arbitrary file - `OJSI-95 `_ - appc-cdt allows to impersonate any user by setting USER_ID - `OJSI-112 `_ - In default deployment APPC (appc-dgbuilder) exposes HTTP port 30228 outside of cluster. + - `OJSI-113 `_ - In default deployment APPC (appc) exposes HTTP port 30230 outside of cluster. + - `OJSI-185 `_ - appc exposes ssh service on port 30231 *Known Vulnerabilities in Used Modules*