X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=docs%2Frelease-notes.rst;h=b1b0266b29fd38b6b556b5e15c7e5d36cbb65ce3;hb=88db33c6a8e2a03e72a0c676f51937418ee84912;hp=871c7d5b0ea7a5ae33be907d8f834a61ed50c984;hpb=fc4442976411f28a214898a3261e698c48dda31d;p=portal.git diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 871c7d5b..b1b0266b 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -19,8 +19,11 @@ We worked on SDK upgrade to integrate with AAF. We partially implemented multi-l * Use of CADI * 68% JUnit Test Coverage * Addressing security issues - * Internationalization language support - partially implemented + * Angular 6 upgrade delivered foundation code with sample screen + * Documentation on the Angular 6 upgrade can be found `here `_ + * Internationalization language support - partially implemented. * Reporting feature enhancement in portal/sdk - design and partial code changes + * There is more information about new features at `DEMOS - R4 Dublin Demos `_ **Bug Fixes** * Fixed Sonar reported critical issues. @@ -29,6 +32,7 @@ We worked on SDK upgrade to integrate with AAF. We partially implemented multi-l * Mismatch while displaying active online user in Portal. * Internationalization Language component partially completed. * Functional Menu change requires manual refresh. + * Modifying Onboarded App configurations from the onboarding page malfunctions but changes to the App configuration can be done through accessing the database (portal:fn_app table) directly. **Security Notes** @@ -36,12 +40,14 @@ We worked on SDK upgrade to integrate with AAF. We partially implemented multi-l *Known Security Issues* - * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 `_] - * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 `_] - * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 `_] - * In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 `_] - * In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 `_] - * In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 `_] + * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 `_] + * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 `_] + * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 `_] + * In default deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 `_] + * In default deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 `_] + * In default deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 `_] + * CVE-2019-12318 - Number of SQL Injections in Portal [`OJSI-174 `_] + * Portal stores users passwords encrypted instead of hashed [`OJSI-190 `_] *Known Vulnerabilities in Used Modules* @@ -57,7 +63,8 @@ Quick Links: **Upgrade Notes** * For https Apps onboarded to portal, a certificate has to be downloaded in the browser when first trying to access the landing page of the App. * For onboarded Apps using http (since Portal is using https) the browser asks the user to click to Proceed to the unsafe URL. - * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts. + * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts. + * The first time some apps are selected in the Applications panel, an error stating the webpage might be temporarily down, copy the presented URL to a new browser; once that is done, the application will open in the Portal. **Deprecation Notes**