Portal Platform Release Notes
=============================
+Version: 2.6.0
+--------------
+:Release Date: 2019-10-03
+
+.. toctree::
+ :maxdepth: 1
+
+Maintanance release with bug fixes and security enhancements.
+
+**No New Features**
+
+**Bug Fixes**
+ * Portal Setup - MariaDB issue.
+ * Issue editing application url.
+ * PORTAL-* charts now use nodePortPrefix variable.
+ * Fixed Sonar reported critical issues.
+
+**Known Issues**
+ * AAI UI’s new role "ui_view" is not registered in AAF, Portal cannot fetch it. So, the work around is
+
+ 1. upload new role from Bulk Upload in Portal Roles page (create a csv file which has one line like: ui_view,10 )
+ 2. Sync Roles on same page
+ 3. Assign this ui_view role to demo account in User page
+ 4. Then demo user can access AAI UI app from Portal
+
+**Security Notes**
+ * Security Enhancements - Fixed OJSI issues.
+ * Addressed security issues reported by NexusIQ Critical and Severe issues
+
+Quick Links:
+ - `PORTAL project page <https://wiki.onap.org/display/DW/Portal+Platform+Project>`_
+
+ - `Passing Badge information for PORTAL <https://bestpractices.coreinfrastructure.org/en/projects/1441>`_
+
+ - `Project Vulnerability Review Table for PORTAL <https://wiki.onap.org/pages/viewpage.action?pageId=68542388>`_
+
+**Upgrade Notes**
+ * For https Apps onboarded to portal, a certificate has to be downloaded in the browser when first trying to access the landing page of the App.
+ * For onboarded Apps using http (since Portal is using https) the browser asks the user to click to Proceed to the unsafe URL.
+ * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts.
+ * The first time some apps are selected in the Applications panel, an error stating the webpage might be temporarily down, copy the presented URL to a new browser; once that is done, the application will open in the Portal.
+
+**Deprecation Notes**
+ * 2.6.0 portal/sdk is the last version to support the old AngularJS UI versions.
+ * Expect upgrade on Angular frontend and SpringBoot backend in next releases: The components like Policy, VID, SDC, AAI, MSB, SO – if any of them use portal/sdk java libraries, then please anticipate MAJOR changes to portal/sdk with respect to technology stack upgrade which is pending for long time on Angular frontend and SpringBoot backend.
+ * The tech stack upgrade helps resolve many security vulnerabilities and also provides latest rich UI and microservices features that components can take advantage of, just by upgrading to latest portal/sdk.
+
+**Other**
+ * Below are the docker images released as part of Portal Platform project:
+ * onap/portal-app:2.6.0
+ * onap/portal-db:2.6.0
+ * onap/portal-sdk:2.6.0
+ * onap/portal-wms:2.6.0
+ * portal/sdk java artifacts - (Release branch: “release-2.6.0”)
+
+
Version: 2.5.0
--------------
:Release Date: 2019-06-13
* Use of CADI
* 68% JUnit Test Coverage
* Addressing security issues
- * Internationalization language support - partially implemented
+ * Angular 6 upgrade delivered foundation code with sample screen
+ * Documentation on the Angular 6 upgrade can be found `here <https://docs.onap.org/en/latest/submodules/portal.git/docs/tutorials/portal-sdk/your-angular-app.html>`_
+ * Internationalization language support - partially implemented.
* Reporting feature enhancement in portal/sdk - design and partial code changes
+ * There is more information about new features at `DEMOS - R4 Dublin Demos <https://wiki.onap.org/display/DW/DEMOS+-+R4+Dublin+Demos>`_
**Bug Fixes**
* Fixed Sonar reported critical issues.
* Mismatch while displaying active online user in Portal.
* Internationalization Language component partially completed.
* Functional Menu change requires manual refresh.
+ * Modifying Onboarded App configurations from the onboarding page malfunctions but changes to the App configuration can be done through accessing the database (portal:fn_app table) directly.
**Security Notes**
*Known Security Issues*
+ * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 <https://jira.onap.org/browse/OJSI-15>`_]
+ * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 <https://jira.onap.org/browse/OJSI-65>`_]
+ * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 <https://jira.onap.org/browse/OJSI-92>`_]
+ * In default deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 <https://jira.onap.org/browse/OJSI-97>`_]
+ * In default deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 <https://jira.onap.org/browse/OJSI-105>`_]
+ * In default deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 <https://jira.onap.org/browse/OJSI-106>`_]
+ * CVE-2019-12318 - Number of SQL Injections in Portal [`OJSI-174 <https://jira.onap.org/browse/OJSI-174>`_]
+ * Portal stores users passwords encrypted instead of hashed [`OJSI-190 <https://jira.onap.org/browse/OJSI-190>`_]
+
*Known Vulnerabilities in Used Modules*
PORTAL code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The PORTAL open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=51283057>`_.
**Upgrade Notes**
* For https Apps onboarded to portal, a certificate has to be downloaded in the browser when first trying to access the landing page of the App.
* For onboarded Apps using http (since Portal is using https) the browser asks the user to click to Proceed to the unsafe URL.
- * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts.
+ * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts.
+ * The first time some apps are selected in the Applications panel, an error stating the webpage might be temporarily down, copy the presented URL to a new browser; once that is done, the application will open in the Portal.
**Deprecation Notes**
Code Review / portal.git / blobdiff