X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=docs%2Frelease-notes.rst;h=a65070e9c23372e4fc690a4f9b22a1f609474609;hb=b6ed78b501ad9ca0e3dbce02d7aae723ff6278b5;hp=fa838686957f61dd80d77b37bdd76819e12749e0;hpb=fce70f9e94e79083d9635b5cb32eb1df31332d04;p=sdnc%2Foam.git diff --git a/docs/release-notes.rst b/docs/release-notes.rst index fa838686..a65070e9 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -3,10 +3,11 @@ Release Notes ============= -Version 1.5.3 +Version 1.5.4 ------------- :Release Date: 2019-06-13 + **New Features** The full list of Dublin epics and user stories for SDNC maybe be found at . @@ -46,9 +47,21 @@ The full list of known issues in SDNC may be found in the ONAP Jira at `_ SDNC service allows for arbitrary code execution in sla/printAsGv form Fixed temporarily by disabling admportal +- `OJSI-91 `_ SDNC exposes unprotected API for user creation + Fixed temporarily by disabling admportal +- `OJSI-98 `_ In default deployment SDNC (sdnc-portal) exposes HTTP port 30201 outside of cluster. + Fixed temporarily by disabling admportal +- CVE-2019-12112 `OJSI-199 `_ SDNC service allows for arbitrary code execution in sla/upload form + Fixed temporarily by disabling admportal *Known Security Issues* +- `OJSI-34 `_ Multiple SQL Injection issues in SDNC +- `OJSI-99 `_ In default deployment SDNC (sdnc) exposes HTTP port 30202 outside of cluster. +- `OJSI-100 `_ In default deployment SDNC (sdnc-dgbuilder) exposes HTTP port 30203 outside of cluster. +- `OJSI-179 `_ dev-sdnc-sdnc exposes JDWP on port 1830 which allows for arbitrary code execution +- `OJSI-183 `_ SDNC exposes ssh service on port 30208 + *Known Vulnerabilities in Used Modules* Quick Links: