[AAI] Updated releast notes to talk about transitive dependency on aaf log4j

author wr148d <wr148d@att.com>

Wed, 16 Mar 2022 20:09:23 +0000 (16:09 -0400)

committer wr148d <wr148d@att.com>

Wed, 16 Mar 2022 20:09:23 +0000 (16:09 -0400)
author wr148d <wr148d@att.com>
Wed, 16 Mar 2022 20:09:23 +0000 (16:09 -0400)
committer wr148d <wr148d@att.com>
Wed, 16 Mar 2022 20:09:23 +0000 (16:09 -0400)
diff --git a/docs/release-notes.rst b/docs/release-notes.rst

index ae56b81..9aac854 100644 (file)
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -22,7 +22,13 @@ Version: 9.0.1
  
  The R9 Istanbul maintenance release of ONAP A&AI addressed some security vulnerabilities mainly for the Log4J dependencies
  
-- Updated the log4j libraries to 2.17.2
+- Updated the direct dependency log4j libraries to 2.17.2
+- Please note log4j is still on older versions in a transitive dependency for aaf auth for the following mS
+  * onap-aai-aai-common
+  * onap-aai-babel
+  * onap-aai-resources
+  * onap-aai-schema-service
+  * onap-aai-traversal
  
  Version: 9.0.0
  --------------
author	wr148d <wr148d@att.com>
	Wed, 16 Mar 2022 20:09:23 +0000 (16:09 -0400)
committer	wr148d <wr148d@att.com>
	Wed, 16 Mar 2022 20:09:23 +0000 (16:09 -0400)