X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=docs%2Frelease-notes.rst;h=5e56c6e7a9f242b003ebb2a56b17360fe094d4b4;hb=491ada3493bc1b201d8e9e490e506af3b3c72f8c;hp=67034c6b2931b52c47f625a270757424bb001de7;hpb=ebc8379659a23fb28cdf200bb653cf92ab606c0f;p=sdnc%2Foam.git diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 67034c6b..5e56c6e7 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -3,10 +3,11 @@ Release Notes ============= -Version 1.5.3 +Version 1.5.4 ------------- :Release Date: 2019-06-13 + **New Features** The full list of Dublin epics and user stories for SDNC maybe be found at . @@ -36,6 +37,10 @@ The full list of bug fixes in the SDNC Dublin release may be found at +One item of note is that the SDNC admin portal was determined to have a number of security vulnerabilities, +under Known Security Issues. As a temporary remediation, the admin portal is disabled in +Dublin. It will be re-enabled in El Alto once the security issues are addressed. + **Security Notes** *Fixed Security Issues* @@ -50,9 +55,17 @@ The full list of known issues in SDNC may be found in the ONAP Jira at `_ In default deployment SDNC (sdnc-portal) exposes HTTP port 30201 outside of cluster. Fixed temporarily by disabling admportal +- CVE-2019-12112 `OJSI-199 `_ SDNC service allows for arbitrary code execution in sla/upload form + Fixed temporarily by disabling admportal *Known Security Issues* +- `OJSI-34 `_ Multiple SQL Injection issues in SDNC +- `OJSI-99 `_ In default deployment SDNC (sdnc) exposes HTTP port 30202 outside of cluster. +- `OJSI-100 `_ In default deployment SDNC (sdnc-dgbuilder) exposes HTTP port 30203 outside of cluster. +- `OJSI-179 `_ dev-sdnc-sdnc exposes JDWP on port 1830 which allows for arbitrary code execution +- `OJSI-183 `_ SDNC exposes ssh service on port 30208 + *Known Vulnerabilities in Used Modules* Quick Links: