From: Krzysztof Opasiak <k.opasiak@samsung.com>
Date: Wed, 23 Oct 2019 10:41:46 +0000 (+0200)
Subject: Improve OJSI-185 documentation
X-Git-Tag: 5.0.2-ONAP^0
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;ds=sidebyside;h=8dfcaf2db45f4145e2bcd5c0eec669e294fa0f6a;hp=5a8e50d34181109294e5cd024d810167d3aa9e74;p=appc.git

Improve OJSI-185 documentation

Add some more details why we no longer consider OJSI-185 as a security
issue.

Issue-ID: OJSI-185
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ifd8a9c42abab82e56a7f87891f0d1a3491b92e6e
---

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 01582f405..aeee4792f 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -71,6 +71,8 @@ The El Alto added the following feature, bug fixes and security enhancements:
       - `OJSI-113 <https://jira.onap.org/browse/OJSI-113>`_ - appc exposes plain text HTTP endpoint using port 30230
       - `OJSI-146 <https://jira.onap.org/browse/OJSI-146>`_ - appc-cdt exposes plain text HTTP endpoint using port 30289
       - `OJSI-185 <https://jira.onap.org/browse/OJSI-185>`_ - appc exposes ssh service on port 30231
+	SSH is exposed by ODL in order to use NETCONF within SSH session based on `RFC-6242 <https://tools.ietf.org/html/rfc6242>` so currently it cannot be avoided.
+	Taken into account that this design is well documented in RFC, we no longer consider this to be a security issue but only a hardening opportunity.
 
 Version: 1.5.3
 --------------