From: Krzysztof Opasiak Date: Mon, 27 May 2019 16:06:32 +0000 (+0200) Subject: Document OJSI-109 vulnerability X-Git-Tag: 5.0.1-ONAP~25 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=d9e8b34a0f2bda167671fe19db20feee5410fceb;p=dcaegen2.git Document OJSI-109 vulnerability Issue-ID: OJSI-109 Signed-off-by: Krzysztof Opasiak Change-Id: Ibaef5bcfcf201c451395aa10e9d14ba1d5ba6b43 --- diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst index e43b1c50..d689ca2e 100644 --- a/docs/sections/release-notes.rst +++ b/docs/sections/release-notes.rst @@ -105,6 +105,8 @@ Source code of DCAE components are released under the following repositories on *Known Security Issues* + * In default deployment DCAEGEN2 (xdcae-datafile-collector) exposes HTTP port 30223 outside of cluster. [`OJSI-109 `_] + *Known Vulnerabilities in Used Modules* DCAE code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The DCAE open Critical security vulnerabilities and their risk assessment have been documented as part of the `project `_.