**Security Notes**
+*Fixed Security Issues*
+
+*Known Security Issues*
+
+* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_]
+* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+
+*Known Vulnerabilities in Used Modules*
+
OOM code has been formally scanned during build time using NexusIQ and no
Critical vulnerability was found.
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
cadi_keyfile=/opt/onap/appc/data/stores/org.onap.appc.keyfile
cadi_keystore=/opt/onap/appc/data/stores/org.onap.appc.p12
-cadi_keystore_password=enc:4DVUTKvRCCtebQrKskDsuKFIHLzOf2M9XxNOhVIK4xb
+cadi_keystore_password=enc:tQTHVtbdCuzqrQY1TBRt9SkFL9tCY3OzwbsfaVyAa2dOfZlI0krFOJSBnkm1WdGr
#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)>
cadi_alias=appc@appc.onap.org
cadi_truststore=/opt/onap/appc/data/stores/truststoreONAPall.jks
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:0.4.4
+image: onap/ccsdk-blueprintsprocessor:0.4.5
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:0.4.4
+image: onap/ccsdk-commandexecutor:0.4.5
pullPolicy: Always
# application configuration
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-controllerblueprints:0.4.4
+image: onap/ccsdk-controllerblueprints:0.4.5
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:0.4.4
+image: onap/ccsdk-sdclistener:0.4.5
name: sdc-listener
pullPolicy: Always
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:0.4.4
+image: onap/ccsdk-cds-ui-server:0.4.5
pullPolicy: Always
# application configuration
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:4.0.3
+image: onap/clamp-dashboard-kibana:4.0.5
pullPolicy: Always
# flag to enable debugging - application support required
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:4.0.3
+image: onap/clamp-dashboard-logstash:4.0.5
pullPolicy: Always
# flag to enable debugging - application support required
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp:4.0.3
+image: onap/clamp:4.0.5
pullPolicy: Always
# flag to enable debugging - application support required
},
"policy_engine": {
"url": "https://{{ .Values.config.address.policy_xacml_pdp }}:6969",
- "path_decision": "/policy/pdpx/v1/decision"
+ "path_decision": "/policy/pdpx/v1/decision",
"path_notifications": "/pdp/notifications",
"path_api": "/pdp/api/",
"headers": {
commonConfigPrefix: onap-oof-has
image:
readiness: oomk8s/readiness-check:2.0.0
- optf_has: onap/optf-has:1.3.0
+ optf_has: onap/optf-has:1.3.1
filebeat: docker.elastic.co/beats/filebeat:5.5.0
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:1.3.0
+image: onap/optf-osdf:1.3.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.5.3
+image: onap/sdnc-dmaap-listener-image:1.5.4
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.5.3
+image: onap/sdnc-ansible-server-image:1.5.4
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.5.3
+image: onap/admportal-sdnc-image:1.5.4
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.5.3
+image: onap/sdnc-ueb-listener-image:1.5.4
pullPolicy: Always
# flag to enable debugging - application support required
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.5.3
+image: onap/sdnc-image:1.5.4
# flag to enable debugging - application support required
debugEnabled: false
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/vnfsdk/refrepo:1.3.0
+image: onap/vnfsdk/refrepo:1.3.2
postgresRepository: crunchydata
postgresImage: crunchy-postgres:centos7-10.3-1.8.2
pullPolicy: Always
Code Review / oom.git / commitdiff