From 56d771c028c898ea5c3c65acafae0a45b6813753 Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Wed, 23 Oct 2019 21:52:36 +0200 Subject: [PATCH] Mark OJSI-28 as fixed. OJSI-28 ticket is already marked as fixed so let's relfect this in project release notes. Issue-ID: OJSI-28 Signed-off-by: Krzysztof Opasiak Change-Id: I8d6f0f22590eafd7986ebfc5b6f8a0ed1c45b2a9 --- docs/sections/release-notes.rst | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst index 372e8bb6..74a6a94c 100644 --- a/docs/sections/release-notes.rst +++ b/docs/sections/release-notes.rst @@ -26,9 +26,9 @@ All components interfacing with platform components were modified to support TLS **Miscellaneous** - DCAE Dashboard deployment migration from cloudify blueprint to OOM/Chart - Dynamic Topic support via Dmaap plugin integration for DataFileCollector MS - - Dynamic Topic support via Dmaap plugin integration for PM-Mapper service + - Dynamic Topic support via Dmaap plugin integration for PM-Mapper service - CBS client libraries updated to remove consul service lookup - - Image Optimization (ConfigBindingService, InventoryAPI, ServiceChangeHandler, HV-VES, PRH, Son-handler) + - Image Optimization (ConfigBindingService, InventoryAPI, ServiceChangeHandler, HV-VES, PRH, Son-handler) @@ -69,8 +69,8 @@ DCAE also includes below MS which can be deployed on-demand (via Dashboard or Cl - BBS Event processor - Analytics/RCA - SON-Handler - - Missing Heartbeat Ms - + - Missing Heartbeat Ms + - All DCAE components are designed to support platform maturity requirements. @@ -110,19 +110,18 @@ Source code of DCAE components are released under the following repositories on **Known Issues** - * Healthcheck/Readiness probe VES Collector when authentication is enabled (DCAEGEN2-1594) - + * Healthcheck/Readiness probe VES Collector when authentication is enabled (DCAEGEN2-1594) + **Security Notes** *Fixed Security Issues* + * Unsecured Swagger UI Interface in xdcae-datafile-collector. [`OJSI-28 `_] * In default deployment DCAEGEN2 (xdcae-datafile-collector) exposes HTTP port 30223 outside of cluster. [`OJSI-109 `_] * In default deployment DCAEGEN2 (xdcae-tca-analytics) exposes HTTP port 32010 outside of cluster. [`OJSI-161 `_] * In default deployment DCAEGEN2 (dcae-datafile-collector) exposes HTTP port 30262 outside of cluster. [`OJSI-131 `_] * CVE-2019-12126 - DCAE TCA exposes unprotected APIs/UIs on port 32010. [`OJSI-201 `_] *Known Security Issues* - - * Unsecured Swagger UI Interface in xdcae-datafile-collector. [`OJSI-28 `_] * Unsecured Swagger UI Interface in xdcae-ves-collector. [`OJSI-30 `_] * In default deployment DCAEGEN2 (xdcae-ves-collector) exposes HTTP port 30235 outside of cluster. [`OJSI-116 `_] * In default deployment DCAEGEN2 (xdcae-dashboard) exposes HTTP port 30418 outside of cluster. [`OJSI-159 `_] @@ -189,7 +188,7 @@ All components interfacing with platform components were modified to support TLS **Miscellaneous** - DCAE Dashboard deployment migration from cloudify blueprint to OOM/Chart - Dynamic Topic support via Dmaap plugin integration for DataFileCollector MS - - Dynamic Topic support via Dmaap plugin integration for PM-Mapper service + - Dynamic Topic support via Dmaap plugin integration for PM-Mapper service - CBS client libraries updated to remove consul service lookup @@ -200,8 +199,8 @@ All components interfacing with platform components were modified to support TLS **Known Issues** - * Healthcheck/Readiness probe VES Collector when authentication is enabled (DCAEGEN2-1594) - + * Healthcheck/Readiness probe VES Collector when authentication is enabled (DCAEGEN2-1594) + **Security Notes** @@ -357,8 +356,8 @@ Source code of DCAE components are released under the following repositories on **Bug Fixes** **Known Issues** - * Healthcheck/Readiness probe VES Collector when authentication is enabled (DCAEGEN2-1594) - + * Healthcheck/Readiness probe VES Collector when authentication is enabled (DCAEGEN2-1594) + **Security Notes** -- 2.16.6