From: Fiachra Corcoran <fiachra.corcoran@est.tech>
Date: Tue, 23 Jul 2019 15:00:28 +0000 (+0000)
Subject: Merge changes Id40d25d3,I12263a65
X-Git-Tag: 2.1.3~20
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=dmaap%2Fdatarouter.git;a=commitdiff_plain;h=d6302cb0b3db8043598e8b6bc3dc5ed436f848cb;hp=534c164c124950a2019acf71d253ac96be12c78c

Merge changes Id40d25d3,I12263a65

* changes:
  Document OJSI-158 vulnerability
  Improve security release notes
---

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 397d64e9..88bd2961 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -47,6 +47,15 @@ Known Issues
 N/A
 
 Security Issues
+
+*Fixed Security Issues*
+
+*Known Security Issues*
+
+- In default deployment DMAAP (dmaap-dr-prov) exposes HTTP port 30259 outside of cluster. [`OJSI-158 <https://jira.onap.org/browse/OJSI-158>`_]
+
+*Known Vulnerabilities in Used Modules*
+
 DMAAP code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been
 addressed, items that remain open have been assessed for risk and determined to be false positive. The DMAAP open
 Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=42598688>`_.