.. See the License for the specific language governing permissions and
.. limitations under the License.
.. ============LICENSE_END============================================
+.. _release_notes:
Release Notes
=============
.. * This note must be removed after content has been added.
-Version: 1.5.2
+Abstract
+========
+
+This document provides the release notes for the Application Controller Project's Frankfurt release.
+
+Summary
+=======
+
+The Application Controller (APPC) performs functions to manage the lifecycle of VNFs and their components providing model driven configuration, abstracts cloud/VNF interfaces for repeatable actions, uses vendor agnostic mechanisms (NETCONF, Chef via Chef Server and Ansible) and enables automation.
+
+Release Data
+============
+
+Version: 1.7.2
+--------------
+
+:Release Date: 2020-5-23
+
+
+New features
+------------
+
+ - Upgraded OpenDaylight (ODL) version to Neon SR1
+
+ - Added support for the following LCM actions (a desciption of all of the above LCM actions can be found in the APPC LCM API Guide on readthedoc):
+
+ - ActivateNESw
+
+ - ConfigScaleIn
+
+ - DownloadNESw
+
+ - GetConfig
+
+ - LicenseManagement
+
+ - PostEvacuate
+
+ - PostMigrate
+
+ - PostRebuild
+
+ - PreConfigure
+
+ - PreEvacuate
+
+ - PreMigrate
+
+ - PreRebuild
+
+ - Provisioning
+
+ - StartTraffic
+
+ - StatusTraffic
+
+ - StopTraffic
+
+ - Move northbound DMAAP adapter out from ODL OSGI Karaf base
+
+ - vnfc/vf-module/v-server operations support for ansible LCMs
+
+ - Resource resolution via CDS
+
+
+Known Limitations, Issues and Workarounds
+=========================================
+
+System Limitations
+------------------
+
+ - OpenStack Restriction:
+
+ - Currently APPC only supports OpenStack.
+
+ - Admin level access for Tenant level operations.
+
+ - OpenStack Hypervisorcheck is turned off by default.
+
+ - Netconf Restriction:
+
+ - Currently APPC only tested with Honeycomb.
+
+Known Vulnerabilities
+---------------------
+
+* `AAF-987 <https://jira.onap.org/browse/AAF-987>`_ - Bath function in AAF can not be functioned with different users and roles, which are associated with Opendaylight AAA users.
+
+Workarounds
+-----------
+
+
+Security Notes
+--------------
+
+ - Password removal from helm charts
+
+ - Allow overriding of keystore and truststore in APPC helm charts
+
+ - All application processes are running non-root user in containers
+
+References
+==========
+
+For more information on the ONAP Frankfurt release, please see:
+
+#. `ONAP Home Page`_
+#. `ONAP Documentation`_
+#. `ONAP Release Downloads`_
+#. `ONAP Wiki Page`_
+
+
+.. _`ONAP Home Page`: https://www.onap.org
+.. _`ONAP Wiki Page`: https://wiki.onap.org
+.. _`ONAP Documentation`: https://docs.onap.org
+.. _`ONAP Release Downloads`: https://git.onap.org
+
+
+.. ==========================
+.. * * * EL ALTO * * *
+.. ==========================
+
+
+Version: 1.6.4
+--------------
+
+:Release Date: 2019-9-30
+
+The El Alto added the following feature, bug fixes and security enhancements:
+
+**New Features**
+
+ - Upgraded OpenDaylight (ODL) version to Fluorine SR2
+
+**Bug Fixes**
+
+ - `APPC-1319 <https://jira.onap.org/browse/APPC-1319>`_ - apidoc shows ""undefined"" when netconf successfully mounted
+ - `APPC-1584 <https://jira.onap.org/browse/APPC-1584>`_ - Incorrect Package name in Audit Directed Graph
+ - `APPC-1587 <https://jira.onap.org/browse/APPC-1587>`_ - Publish config field mismatch in onap documentaion & Audit DG
+ - `APPC-1588 <https://jira.onap.org/browse/APPC-1588>`_ - Publish config filed missing in Sync LCM in documentation
+ - `APPC-1589 <https://jira.onap.org/browse/APPC-1589>`_ - Cvaas directory is not mounted in docker image,Dublin Release
+ - `APPC-1590 <https://jira.onap.org/browse/APPC-1590>`_ - Sync & Audit Payload to include the file name
+ - `APPC-1604 <https://jira.onap.org/browse/APPC-1604>`_ - APPC Not Picking up Mesasges from Dmaap
+ - `APPC-1613 <https://jira.onap.org/browse/APPC-1613>`_ - Exception for LCM request with parameter read from A&AI
+ - `APPC-1627 <https://jira.onap.org/browse/APPC-1627>`_ - Daexim directory owned by root - access denied during boot
+ - `APPC-1634 <https://jira.onap.org/browse/APPC-1634>`_ - Mark the fields transient of RequestFailedException.java Serializable class to full-fill Serializable class contract,
+ - `APPC-1635 <https://jira.onap.org/browse/APPC-1635>`_ - Mark the fields transient of EventMessage.java Serializable class to full-fill Serializable class contract
+ - `APPC-1639 <https://jira.onap.org/browse/APPC-1639>`_ - Error during CDT SQL query
+ - `APPC-1713 <https://jira.onap.org/browse/APPC-1713>`_ - Appc eelf logging resource bundle error after ODL upgrade
+ - `APPC-1736 <https://jira.onap.org/browse/APPC-1736>`_ - change mountpoint for pax property file
+
+**Known Issues**
+
+ - `APPC-1710 <https://jira.onap.org/browse/APPC-1710>`_ - Need for "ReadWriteMany" access on storage when deploying on Kubernetes?
+ - to work around this is to add "accessMode: ReadWriteOnce" to values.yaml in APPC helm chart
+ - `APPC-1766 <https://jira.onap.org/browse/APPC-1766>`_ - openStackEncryptedPassword value is not encrypted
+ - to work around this is to change "provider1.tenant1.password={{.Values.config.openStackEncryptedPassword}}" to "provider1.tenant1.password=<non-encrypted plaintext password>" in APPC helm chart's appc.properties.
+
+
+**Security Notes**
+
+*Fixed Security Issues*
+
+ - `OJSI-25 <https://jira.onap.org/browse/OJSI-25>`_ - SQL Injection in APPC (CVE-2019-12316)
+ - `OJSI-104 <https://jira.onap.org/browse/OJSI-104>`_ - appc exposes plain text HTTP endpoint using port 30211
+ - `OJSI-113 <https://jira.onap.org/browse/OJSI-113>`_ - appc exposes plain text HTTP endpoint using port 30230
+ - `OJSI-146 <https://jira.onap.org/browse/OJSI-146>`_ - appc-cdt exposes plain text HTTP endpoint using port 30289
+ - `OJSI-185 <https://jira.onap.org/browse/OJSI-185>`_ - appc exposes ssh service on port 30231
+ SSH is exposed by ODL in order to use NETCONF within SSH session based on `RFC-6242 <https://tools.ietf.org/html/rfc6242>` so currently it cannot be avoided.
+ Taken into account that this design is well documented in RFC, we no longer consider this to be a security issue but only a hardening opportunity.
+
+Version: 1.5.3
--------------
-:Release Date: 2019-6-6
+:Release Date: 2019-6-19
**New Features**
**Bug Fixes**
+ - `APPC-1242 <https://jira.onap.org/browse/APPC-1242>`_ - vFWCL ModifyConfig only works on one node in an APPC cluster.
- `APPC-1263 <https://jira.onap.org/browse/APPC-1263>`_ - Two methods of Artifact Transformer in appc-config-params will always return null.
- `APPC-1264 <https://jira.onap.org/browse/APPC-1264>`_ - Errors in unit tests in config-generator package.
- `APPC-1270 <https://jira.onap.org/browse/APPC-1270>`_ - Unit tests in ccadaptor code not testing correctly.
**Known Issues**
- `APPC-1613 <https://jira.onap.org/browse/APPC-1613>`_ - Exception for LCM request with parameter read from A&AI.
+ - to work around this is to switch to the fixed parameter in the template or passed as configuration parameter in stead of using A&AI that APPC received the value from the request.
**Security Notes**
- CVE-2019-12124 `OJSI-63 <https://jira.onap.org/browse/OJSI-63>`_ - APPC exposes Jolokia Interface which allows to read and overwrite any arbitrary file
- `OJSI-95 <https://jira.onap.org/browse/OJSI-95>`_ - appc-cdt allows to impersonate any user by setting USER_ID
- `OJSI-112 <https://jira.onap.org/browse/OJSI-112>`_ - In default deployment APPC (appc-dgbuilder) exposes HTTP port 30228 outside of cluster.
+ - `OJSI-113 <https://jira.onap.org/browse/OJSI-113>`_ - In default deployment APPC (appc) exposes HTTP port 30230 outside of cluster.
+ - `OJSI-185 <https://jira.onap.org/browse/OJSI-185>`_ - appc exposes ssh service on port 30231
*Known Vulnerabilities in Used Modules*
Code Review / appc.git / blobdiff