.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2017-2018 AT&T Intellectual Property. All rights reserved
+.. Copyright 2017-2019 AT&T Intellectual Property. All rights reserved
Portal Platform Release Notes
=============================
+Version: 2.6.0
+--------------
+:Release Date: 2019-10-03
+
+.. toctree::
+ :maxdepth: 1
+
+Maintanance release with bug fixes and security enhancements.
+
+**No New Features**
+
+**Bug Fixes**
+ * Portal Setup - MariaDB issue.
+ * Issue editing application url.
+ * PORTAL-* charts now use nodePortPrefix variable.
+ * Fixed Sonar reported critical issues.
+
+**Known Issues**
+ * AAI UI’s new role "ui_view" is not registered in AAF, Portal cannot fetch it. So, the work around is
+
+ 1. upload new role from Bulk Upload in Portal Roles page (create a csv file which has one line like: ui_view,10 )
+ 2. Sync Roles on same page
+ 3. Assign this ui_view role to demo account in User page
+ 4. Then demo user can access AAI UI app from Portal
+
+**Security Notes**
+ * Security Enhancements - Fixed OJSI issues.
+ * Addressed security issues reported by NexusIQ Critical and Severe issues
+
+Quick Links:
+ - `PORTAL project page <https://wiki.onap.org/display/DW/Portal+Platform+Project>`_
+
+ - `Passing Badge information for PORTAL <https://bestpractices.coreinfrastructure.org/en/projects/1441>`_
+
+ - `Project Vulnerability Review Table for PORTAL <https://wiki.onap.org/pages/viewpage.action?pageId=68542388>`_
+
+**Upgrade Notes**
+ * For https Apps onboarded to portal, a certificate has to be downloaded in the browser when first trying to access the landing page of the App.
+ * For onboarded Apps using http (since Portal is using https) the browser asks the user to click to Proceed to the unsafe URL.
+ * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts.
+ * The first time some apps are selected in the Applications panel, an error stating the webpage might be temporarily down, copy the presented URL to a new browser; once that is done, the application will open in the Portal.
+
+**Deprecation Notes**
+ * 2.6.0 portal/sdk is the last version to support the old AngularJS UI versions.
+ * Expect upgrade on Angular frontend and SpringBoot backend in next releases: The components like Policy, VID, SDC, AAI, MSB, SO – if any of them use portal/sdk java libraries, then please anticipate MAJOR changes to portal/sdk with respect to technology stack upgrade which is pending for long time on Angular frontend and SpringBoot backend.
+ * The tech stack upgrade helps resolve many security vulnerabilities and also provides latest rich UI and microservices features that components can take advantage of, just by upgrading to latest portal/sdk.
+
+**Other**
+ * Below are the docker images released as part of Portal Platform project:
+ * onap/portal-app:2.6.0
+ * onap/portal-db:2.6.0
+ * onap/portal-sdk:2.6.0
+ * onap/portal-wms:2.6.0
+ * portal/sdk java artifacts - (Release branch: “release-2.6.0”)
+
+
+Version: 2.5.0
+--------------
+:Release Date: 2019-06-13
+
+.. toctree::
+ :maxdepth: 1
+
+We worked on SDK upgrade to integrate with AAF. We partially implemented multi-language.
-Version: 2.3.2
+**New Features**
+ * SDK upgrade to integrate with AAF
+ * Use of CADI
+ * 68% JUnit Test Coverage
+ * Addressing security issues
+ * Angular 6 upgrade delivered foundation code with sample screen
+ * Documentation on the Angular 6 upgrade can be found `here <https://docs.onap.org/en/latest/submodules/portal.git/docs/tutorials/portal-sdk/your-angular-app.html>`_
+ * Internationalization language support - partially implemented.
+ * Reporting feature enhancement in portal/sdk - design and partial code changes
+ * There is more information about new features at `DEMOS - R4 Dublin Demos <https://wiki.onap.org/display/DW/DEMOS+-+R4+Dublin+Demos>`_
+
+**Bug Fixes**
+ * Fixed Sonar reported critical issues.
+
+**Known Issues**
+ * Mismatch while displaying active online user in Portal.
+ * Internationalization Language component partially completed.
+ * Functional Menu change requires manual refresh.
+ * Modifying Onboarded App configurations from the onboarding page malfunctions but changes to the App configuration can be done through accessing the database (portal:fn_app table) directly.
+
+**Security Notes**
+
+*Fixed Security Issues*
+
+*Known Security Issues*
+
+ * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 <https://jira.onap.org/browse/OJSI-15>`_]
+ * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 <https://jira.onap.org/browse/OJSI-65>`_]
+ * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 <https://jira.onap.org/browse/OJSI-92>`_]
+ * In default deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 <https://jira.onap.org/browse/OJSI-97>`_]
+ * In default deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 <https://jira.onap.org/browse/OJSI-105>`_]
+ * In default deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 <https://jira.onap.org/browse/OJSI-106>`_]
+ * CVE-2019-12318 - Number of SQL Injections in Portal [`OJSI-174 <https://jira.onap.org/browse/OJSI-174>`_]
+ * Portal stores users passwords encrypted instead of hashed [`OJSI-190 <https://jira.onap.org/browse/OJSI-190>`_]
+
+*Known Vulnerabilities in Used Modules*
+
+PORTAL code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The PORTAL open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=51283057>`_.
+
+Quick Links:
+ - `PORTAL project page <https://wiki.onap.org/display/DW/Portal+Platform+Project>`_
+
+ - `Passing Badge information for PORTAL <https://bestpractices.coreinfrastructure.org/en/projects/1441>`_
+
+ - `Project Vulnerability Review Table for PORTAL <https://wiki.onap.org/pages/viewpage.action?pageId=51283057>`_
+
+**Upgrade Notes**
+ * For https Apps onboarded to portal, a certificate has to be downloaded in the browser when first trying to access the landing page of the App.
+ * For onboarded Apps using http (since Portal is using https) the browser asks the user to click to Proceed to the unsafe URL.
+ * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts.
+ * The first time some apps are selected in the Applications panel, an error stating the webpage might be temporarily down, copy the presented URL to a new browser; once that is done, the application will open in the Portal.
+
+**Deprecation Notes**
+
+**Other**
+ * Below are the docker images released as part of Portal Platform project:
+ * onap/portal-app:2.5.0
+ * onap/portal-db:2.5.0
+ * onap/portal-sdk:2.5.0
+ * onap/portal-wms:2.5.0
+ * portal/sdk java artifacts - (Release branch: “release-2.5.0”)
+
+Version: 2.3.2
--------------
:Release Date: 2019-04-15
This is the official release notes for the Casablanca Maintenance Release 3.0.2.
+**Known Issues**
+ * The issue is an application running on HTTPS will not open in Portal if the AAF root CA is missing.
+ An error message will appear in a separate tab in Portal. It will say something like:
+ “The webpage at https://portal.api.simpledemo.onap.org:30200/vid/welcome.htm?cc=........ might
+ be temporarily down or it may have moved permanently to a new web address.”
+ Here is the work-around, copy above VID (or other app) URL and replace welcome.htm to login.htm
+ in a new browser window; after login come back to Portal home page and click VID, it will now work.
+
+ * For applications running on HTTP (for example SDC), the user needs to disable the security check in the browser to access the application.
+
**Other**
* Portal updated Keystore certificate from AAF to extend its expiry date; This change was made in OOM project.
Code Review / portal.git / blobdiff