X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=docs%2Frelease-notes.rst;h=216b192f7f735d6f8131e2b5555d26f1da83a818;hb=60329a51a58e578008c4bf4aa5d291ca64050760;hp=f4ea951a8b1f5a3fab4ecc99e18c56cf3f438364;hpb=88e912e5cc371f5fe37f6a7d6d609de8ca538232;p=sdnc%2Foam.git diff --git a/docs/release-notes.rst b/docs/release-notes.rst index f4ea951a..216b192f 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -40,8 +40,26 @@ The full list of known issues in SDNC may be found in the ONAP Jira at `_ SDNC service allows for arbitrary code execution in sla/dgUpload form + Fixed temporarily by disabling admportal +- CVE-2019-12123 `OJSI-42 `_ SDNC service allows for arbitrary code execution in sla/printAsXml form + Fixed temporarily by disabling admportal +- CVE-2019-12113 `OJSI-43 `_ SDNC service allows for arbitrary code execution in sla/printAsGv form + Fixed temporarily by disabling admportal +- `OJSI-91 `_ SDNC exposes unprotected API for user creation + Fixed temporarily by disabling admportal +- `OJSI-98 `_ In default deployment SDNC (sdnc-portal) exposes HTTP port 30201 outside of cluster. + Fixed temporarily by disabling admportal +- CVE-2019-12112 `OJSI-199 `_ SDNC service allows for arbitrary code execution in sla/upload form + Fixed temporarily by disabling admportal + *Known Security Issues* +- `OJSI-34 `_ Multiple SQL Injection issues in SDNC +- `OJSI-99 `_ In default deployment SDNC (sdnc) exposes HTTP port 30202 outside of cluster. +- `OJSI-100 `_ In default deployment SDNC (sdnc-dgbuilder) exposes HTTP port 30203 outside of cluster. +- `OJSI-179 `_ dev-sdnc-sdnc exposes JDWP on port 1830 which allows for arbitrary code execution + *Known Vulnerabilities in Used Modules* Quick Links: @@ -240,5 +258,3 @@ in release 1.2.1: **Other** NA - -