X-Git-Url: https://gerrit.onap.org/r/gitweb?p=portal.git;a=blobdiff_plain;f=docs%2Frelease-notes.rst;h=7e2736d3a2d04df611ee06903a57af82d037edbc;hp=a1b6e09c46f463ad7d7542458f7599c5396bbad3;hb=9306dd8333497633a0c764998b0da528ead0ffef;hpb=d86f64c663b7b82f529617b6c8c0ea69a926f950 diff --git a/docs/release-notes.rst b/docs/release-notes.rst index a1b6e09c..7e2736d3 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -5,6 +5,62 @@ Portal Platform Release Notes ============================= +Version: 2.6.0 +-------------- +:Release Date: 2019-10-03 + +.. toctree:: + :maxdepth: 1 + +Maintanance release with bug fixes and security enhancements. + +**No New Features** + +**Bug Fixes** + * Portal Setup - MariaDB issue. + * Issue editing application url. + * PORTAL-* charts now use nodePortPrefix variable. + * Fixed Sonar reported critical issues. + +**Known Issues** + * AAI UI’s new role "ui_view" is not registered in AAF, Portal cannot fetch it. So, the work around is + + 1. upload new role from Bulk Upload in Portal Roles page (create a csv file which has one line like: ui_view,10 ) + 2. Sync Roles on same page + 3. Assign this ui_view role to demo account in User page + 4. Then demo user can access AAI UI app from Portal + +**Security Notes** + * Security Enhancements - Fixed OJSI issues. + * Addressed security issues reported by NexusIQ Critical and Severe issues + +Quick Links: + - `PORTAL project page `_ + + - `Passing Badge information for PORTAL `_ + + - `Project Vulnerability Review Table for PORTAL `_ + +**Upgrade Notes** + * For https Apps onboarded to portal, a certificate has to be downloaded in the browser when first trying to access the landing page of the App. + * For onboarded Apps using http (since Portal is using https) the browser asks the user to click to Proceed to the unsafe URL. + * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts. + * The first time some apps are selected in the Applications panel, an error stating the webpage might be temporarily down, copy the presented URL to a new browser; once that is done, the application will open in the Portal. + +**Deprecation Notes** + * 2.6.0 portal/sdk is the last version to support the old AngularJS UI versions. + * Expect upgrade on Angular frontend and SpringBoot backend in next releases: The components like Policy, VID, SDC, AAI, MSB, SO – if any of them use portal/sdk java libraries, then please anticipate MAJOR changes to portal/sdk with respect to technology stack upgrade which is pending for long time on Angular frontend and SpringBoot backend. + * The tech stack upgrade helps resolve many security vulnerabilities and also provides latest rich UI and microservices features that components can take advantage of, just by upgrading to latest portal/sdk. + +**Other** + * Below are the docker images released as part of Portal Platform project: + * onap/portal-app:2.6.0 + * onap/portal-db:2.6.0 + * onap/portal-sdk:2.6.0 + * onap/portal-wms:2.6.0 + * portal/sdk java artifacts - (Release branch: “release-2.6.0”) + + Version: 2.5.0 -------------- :Release Date: 2019-06-13 @@ -19,8 +75,11 @@ We worked on SDK upgrade to integrate with AAF. We partially implemented multi-l * Use of CADI * 68% JUnit Test Coverage * Addressing security issues - * Internationalization language support - partially implemented + * Angular 6 upgrade delivered foundation code with sample screen + * Documentation on the Angular 6 upgrade can be found `here `_ + * Internationalization language support - partially implemented. * Reporting feature enhancement in portal/sdk - design and partial code changes + * There is more information about new features at `DEMOS - R4 Dublin Demos `_ **Bug Fixes** * Fixed Sonar reported critical issues. @@ -29,6 +88,7 @@ We worked on SDK upgrade to integrate with AAF. We partially implemented multi-l * Mismatch while displaying active online user in Portal. * Internationalization Language component partially completed. * Functional Menu change requires manual refresh. + * Modifying Onboarded App configurations from the onboarding page malfunctions but changes to the App configuration can be done through accessing the database (portal:fn_app table) directly. **Security Notes** @@ -39,9 +99,9 @@ We worked on SDK upgrade to integrate with AAF. We partially implemented multi-l * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 `_] * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 `_] * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 `_] - * In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 `_] - * In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 `_] - * In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 `_] + * In default deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 `_] + * In default deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 `_] + * In default deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 `_] * CVE-2019-12318 - Number of SQL Injections in Portal [`OJSI-174 `_] * Portal stores users passwords encrypted instead of hashed [`OJSI-190 `_]