X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=docs%2Frelease-notes.rst;h=0fdbe80794eca06d69f4fae5f29fe9fd11e4af4d;hb=e93abc707191be45c18175c73904796df31b2654;hp=fbaf675e5977ec7f4356ef8afd7a5e8732c7b810;hpb=af68d030bd7f66b680c2b44cd60a19a35aaf9223;p=portal.git

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index fbaf675e..0fdbe807 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -38,9 +38,11 @@ We worked on SDK upgrade to integrate with AAF. We partially implemented multi-l
 
 	* CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 <https://jira.onap.org/browse/OJSI-15>`_]
 	* CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 <https://jira.onap.org/browse/OJSI-65>`_]
+	* CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 <https://jira.onap.org/browse/OJSI-92>`_]
 	* In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 <https://jira.onap.org/browse/OJSI-97>`_]
 	* In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 <https://jira.onap.org/browse/OJSI-105>`_]
 	* In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 <https://jira.onap.org/browse/OJSI-106>`_]
+	* CVE-2019-12318 - Number of SQL Injections in Portal [`OJSI-174 <https://jira.onap.org/browse/OJSI-174>`_]
 
 *Known Vulnerabilities in Used Modules*