From aa3ba644219877e98b97b0fd5139bc517210c5f5 Mon Sep 17 00:00:00 2001
From: wr148d <wr148d@att.com>
Date: Wed, 16 Mar 2022 16:09:23 -0400
Subject: [PATCH] [AAI] Updated releast notes to talk about transitive
 dependency on aaf log4j

Issue-ID: AAI-3454
Signed-off-by: wr148d <wr148d@att.com>
Change-Id: I2dfad5f07372eff1f7e545910da6d39377ea4ffe
---
 docs/release-notes.rst | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index ae56b81a..9aac854c 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -22,7 +22,13 @@ Version: 9.0.1
 
 The R9 Istanbul maintenance release of ONAP A&AI addressed some security vulnerabilities mainly for the Log4J dependencies
 
-- Updated the log4j libraries to 2.17.2
+- Updated the direct dependency log4j libraries to 2.17.2
+- Please note log4j is still on older versions in a transitive dependency for aaf auth for the following mS
+  * onap-aai-aai-common
+  * onap-aai-babel
+  * onap-aai-resources
+  * onap-aai-schema-service
+  * onap-aai-traversal
 
 Version: 9.0.0
 --------------
-- 
2.16.6