X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=docs%2Frelease-notes.rst;h=49e6c1d5a681eb37392b09d20ad6c07473d6da73;hb=528b0da2a990fd0aaa257cb45dac7fb67c9e19a2;hp=40192addf34544ac1ebc33d9a1e0367eac4b1b89;hpb=2e6c39d128f675739bc6359301a653e1a1985f58;p=sdnc%2Foam.git diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 40192add..49e6c1d5 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -3,10 +3,132 @@ Release Notes ============= -Version 1.5.3 +Version 1.7.4 +------------- +:Release Date: 2019-10-24 + +El Alto release + +**Artifact Versions** + + +The following table lists the SDNC docker containers and their versions. + ++--------------------------------+---------------------------------------------+-----------+ +| Image name | Description | Version(s)| ++================================+=============================================+===========+ +| onap/network-discovery | POMBA : network discovery microservice | 1.7.3 | ++--------------------------------+---------------------------------------------+-----------+ +| onap/service-decomposition | POMBA : service decomposition microservice | 1.7.3 | ++--------------------------------+---------------------------------------------+-----------+ +| onap/sdnc-ansible-server-image | Ansible server | 1.7.4 | ++--------------------------------+---------------------------------------------+-----------+ +| onap/sdnc-aaf-image | SDNC controller image, with AAF integration | 1.7.4 | ++--------------------------------+---------------------------------------------+-----------+ +| onap/sdnc-image | SDNC controller image, standalone (no AAF) | 1.7.4 | ++--------------------------------+---------------------------------------------+-----------+ +| onap/sdnc-ueb-listener-image | SDC listener | 1.7.4 | ++--------------------------------+---------------------------------------------+-----------+ +| onap/sdcn-dmaap-listener-image | DMAAP listener | 1.7.4 | ++--------------------------------+---------------------------------------------+-----------+ + + +**New Features** + +The full list of El Alto epics and user stories for SDNC may be found at . + +The following list summarizes some of the most significant epics: + ++------------+-------------------------------------------------------------------------------------+ +| Jira # | Abstract | ++============+=====================================================================================+ +| [SDNC-825] | OpenDaylight Neon upgrade | ++------------+-------------------------------------------------------------------------------------+ +| [SDNC-858] | Tune OpenDaylight Java settings for NETCONF | ++------------+-------------------------------------------------------------------------------------+ +| [SDNC-822] | Add aggregate-route-policy in GR-API and async changes | ++------------+-------------------------------------------------------------------------------------+ +| [SDNC-431] | Implement config DB and REST API | ++------------+-------------------------------------------------------------------------------------+ +| [SDNC-433] | Receive netconf notification from RAN, update config DB and publish change on DMAAP | ++------------+-------------------------------------------------------------------------------------+ + + + +**Bug Fixes** +The full list of bug fixes in the SDNC El Alto release may be found at + +**Known Issues** +The full list of known issues in SDNC may be found in the ONAP Jira at + +One specific issue of concern is the following + ++------------+---------------------------------------------------------------------------------+ +| Jira # | Abstract | ++============+=================================================================================+ +| [SDNC-949] | GR-API Macro Orchestration fails while waiting on vnf-topology-operation status | ++------------+---------------------------------------------------------------------------------+ + +This issue is fixed in Gerrit, but not in the released 1.7.4 version of the SDNC docker container. This issue +can be manually fixed by installing the following 2 directed graphs via directed graph builder: + +- `GENERIC-RESOURCE-API_vf-module-topology-operation.json `_ vf-module-topology-operation directed graph +- `GENERIC-RESOURCE-API_vnf-topology-operation.json `_ vnf-topology-operation directed graph + + + +One item of note is that the SDNC admin portal was determined to have a number of security vulnerabilities, +under Known Security Issues. As a temporary remediation, the admin portal was disabled in +Dublin. These issues have been resolved in El Alto. + + + +**Security Notes** + +*Fixed Security Issues* + +- CVE-2019-12132 `OJSI-41 `_ SDNC service allows for arbitrary code execution in sla/dgUpload form + Fixed temporarily by disabling admportal. +- CVE-2019-12123 `OJSI-42 `_ SDNC service allows for arbitrary code execution in sla/printAsXml form + Fixed temporarily by disabling admportal. +- CVE-2019-12113 `OJSI-43 `_ SDNC service allows for arbitrary code execution in sla/printAsGv form + Fixed by removing this API endpoint. +- `OJSI-91 `_ SDNC exposes unprotected API for user creation + Fixed temporarily by disabling admportal. +- `OJSI-98 `_ In default deployment SDNC (sdnc-portal) exposes HTTP port 30201 outside of cluster. + Port 30201 now uses HTTPS protocol. +- CVE-2019-12112 `OJSI-199 `_ SDNC service allows for arbitrary code execution in sla/upload form + Fixed temporarily by disabling admportal. +- `OJSI-34 `_ Multiple SQL Injection issues in SDNC +- `OJSI-99 `_ In default deployment SDNC (sdnc) exposes HTTP port 30202 outside of cluster. + Port 30202 is no longer used. +- `OJSI-100 `_ In default deployment SDNC (sdnc-dgbuilder) exposes HTTP port 30203 outside of cluster. + Port 30203 now uses HTTPS protocol. +- `OJSI-179 `_ dev-sdnc-sdnc exposes JDWP on port 1830 which allows for arbitrary code execution + Ticket has been closed as no one was able to reproduce the issue. +- `OJSI-183 `_ SDNC exposes ssh service on port 30208 + Port 30202 is no longer used. + +*Known Security Issues* + +For CVE-2019-12132, CVE-2019-12123 and CVE-2019-12112 only temporary fix has been applied. +This fix simply prevents admportal from being started and exposed. +If admportal is to be used in your deployment, please be very cautious and remember to fix those vulnerabilities on your own. + +*Known Vulnerabilities in Used Modules* + +Quick Links: + +- `SDNC project page `_ +- `Passing Badge information for SDNC `_ +- `Project Vulnerability Review Table for Casablanca Release `_ + + +Version 1.5.4 ------------- :Release Date: 2019-06-13 + **New Features** The full list of Dublin epics and user stories for SDNC maybe be found at . @@ -36,15 +158,35 @@ The full list of bug fixes in the SDNC Dublin release may be found at +One item of note is that the SDNC admin portal was determined to have a number of security vulnerabilities, +under Known Security Issues. As a temporary remediation, the admin portal is disabled in +Dublin. It will be re-enabled in El Alto once the security issues are addressed. + **Security Notes** *Fixed Security Issues* - CVE-2019-12132 `OJSI-41 `_ SDNC service allows for arbitrary code execution in sla/dgUpload form Fixed temporarily by disabling admportal +- CVE-2019-12123 `OJSI-42 `_ SDNC service allows for arbitrary code execution in sla/printAsXml form + Fixed temporarily by disabling admportal +- CVE-2019-12113 `OJSI-43 `_ SDNC service allows for arbitrary code execution in sla/printAsGv form + Fixed temporarily by disabling admportal +- `OJSI-91 `_ SDNC exposes unprotected API for user creation + Fixed temporarily by disabling admportal +- `OJSI-98 `_ In default deployment SDNC (sdnc-portal) exposes HTTP port 30201 outside of cluster. + Fixed temporarily by disabling admportal +- CVE-2019-12112 `OJSI-199 `_ SDNC service allows for arbitrary code execution in sla/upload form + Fixed temporarily by disabling admportal *Known Security Issues* +- `OJSI-34 `_ Multiple SQL Injection issues in SDNC +- `OJSI-99 `_ In default deployment SDNC (sdnc) exposes HTTP port 30202 outside of cluster. +- `OJSI-100 `_ In default deployment SDNC (sdnc-dgbuilder) exposes HTTP port 30203 outside of cluster. +- `OJSI-179 `_ dev-sdnc-sdnc exposes JDWP on port 1830 which allows for arbitrary code execution +- `OJSI-183 `_ SDNC exposes ssh service on port 30208 + *Known Vulnerabilities in Used Modules* Quick Links: