Portal Platform Release Notes
=============================
+Version: 2.6.0
+--------------
+:Release Date: 2019-10-03
+
+.. toctree::
+ :maxdepth: 1
+
+Maintanance release with bug fixes and security enhancements.
+
+**No New Features**
+
+**Bug Fixes**
+ * Portal Setup - MariaDB issue.
+ * Issue editing application url.
+ * PORTAL-* charts now use nodePortPrefix variable.
+ * Fixed Sonar reported critical issues.
+
+**Known Issues**
+ * AAI UI’s new role "ui_view" is not registered in AAF, Portal cannot fetch it. So, the work around is
+
+ 1. upload new role from Bulk Upload in Portal Roles page (create a csv file which has one line like: ui_view,10 )
+ 2. Sync Roles on same page
+ 3. Assign this ui_view role to demo account in User page
+ 4. Then demo user can access AAI UI app from Portal
+
+**Security Notes**
+ * Security Enhancements - Fixed OJSI issues.
+ * Addressed security issues reported by NexusIQ Critical and Severe issues
+
+Quick Links:
+ - `PORTAL project page <https://wiki.onap.org/display/DW/Portal+Platform+Project>`_
+
+ - `Passing Badge information for PORTAL <https://bestpractices.coreinfrastructure.org/en/projects/1441>`_
+
+ - `Project Vulnerability Review Table for PORTAL <https://wiki.onap.org/pages/viewpage.action?pageId=68542388>`_
+
+**Upgrade Notes**
+ * For https Apps onboarded to portal, a certificate has to be downloaded in the browser when first trying to access the landing page of the App.
+ * For onboarded Apps using http (since Portal is using https) the browser asks the user to click to Proceed to the unsafe URL.
+ * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts.
+ * The first time some apps are selected in the Applications panel, an error stating the webpage might be temporarily down, copy the presented URL to a new browser; once that is done, the application will open in the Portal.
+
+**Deprecation Notes**
+ * 2.6.0 portal/sdk is the last version to support the old AngularJS UI versions.
+ * Expect upgrade on Angular frontend and SpringBoot backend in next releases: The components like Policy, VID, SDC, AAI, MSB, SO – if any of them use portal/sdk java libraries, then please anticipate MAJOR changes to portal/sdk with respect to technology stack upgrade which is pending for long time on Angular frontend and SpringBoot backend.
+ * The tech stack upgrade helps resolve many security vulnerabilities and also provides latest rich UI and microservices features that components can take advantage of, just by upgrading to latest portal/sdk.
+
+**Other**
+ * Below are the docker images released as part of Portal Platform project:
+ * onap/portal-app:2.6.0
+ * onap/portal-db:2.6.0
+ * onap/portal-sdk:2.6.0
+ * onap/portal-wms:2.6.0
+ * portal/sdk java artifacts - (Release branch: “release-2.6.0”)
+
+
Version: 2.5.0
--------------
:Release Date: 2019-06-13
* Use of CADI
* 68% JUnit Test Coverage
* Addressing security issues
- * Internationalization language support - partially implemented
+ * Angular 6 upgrade delivered foundation code with sample screen
+ * Documentation on the Angular 6 upgrade can be found `here <https://docs.onap.org/en/latest/submodules/portal.git/docs/tutorials/portal-sdk/your-angular-app.html>`_
+ * Internationalization language support - partially implemented.
* Reporting feature enhancement in portal/sdk - design and partial code changes
+ * There is more information about new features at `DEMOS - R4 Dublin Demos <https://wiki.onap.org/display/DW/DEMOS+-+R4+Dublin+Demos>`_
**Bug Fixes**
* Fixed Sonar reported critical issues.
* Mismatch while displaying active online user in Portal.
* Internationalization Language component partially completed.
* Functional Menu change requires manual refresh.
+ * Modifying Onboarded App configurations from the onboarding page malfunctions but changes to the App configuration can be done through accessing the database (portal:fn_app table) directly.
**Security Notes**
*Known Security Issues*
- * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 <https://jira.onap.org/browse/OJSI-15>`_]
- * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 <https://jira.onap.org/browse/OJSI-65>`_]
- * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 <https://jira.onap.org/browse/OJSI-92>`_]
- * In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 <https://jira.onap.org/browse/OJSI-97>`_]
- * In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 <https://jira.onap.org/browse/OJSI-105>`_]
- * In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 <https://jira.onap.org/browse/OJSI-106>`_]
- * CVE-2019-12318 - Number of SQL Injections in Portal [`OJSI-174 <https://jira.onap.org/browse/OJSI-174>`_]
+ * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 <https://jira.onap.org/browse/OJSI-15>`_]
+ * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 <https://jira.onap.org/browse/OJSI-65>`_]
+ * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 <https://jira.onap.org/browse/OJSI-92>`_]
+ * In default deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 <https://jira.onap.org/browse/OJSI-97>`_]
+ * In default deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 <https://jira.onap.org/browse/OJSI-105>`_]
+ * In default deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 <https://jira.onap.org/browse/OJSI-106>`_]
+ * CVE-2019-12318 - Number of SQL Injections in Portal [`OJSI-174 <https://jira.onap.org/browse/OJSI-174>`_]
+ * Portal stores users passwords encrypted instead of hashed [`OJSI-190 <https://jira.onap.org/browse/OJSI-190>`_]
*Known Vulnerabilities in Used Modules*
**Upgrade Notes**
* For https Apps onboarded to portal, a certificate has to be downloaded in the browser when first trying to access the landing page of the App.
* For onboarded Apps using http (since Portal is using https) the browser asks the user to click to Proceed to the unsafe URL.
- * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts.
+ * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts.
+ * The first time some apps are selected in the Applications panel, an error stating the webpage might be temporarily down, copy the presented URL to a new browser; once that is done, the application will open in the Portal.
**Deprecation Notes**
Code Review / portal.git / blobdiff