Merge changes I8f2a44e8,I1e483f2a,Ie2473ea0,I1abb5025,I796bc731, ...

* changes:
  mysql-connector-java to mariadb-java-client change
  UserRolesController up + tests
  WidgetsController test coverage up
  Tests coverage up and some minor bug fixes
  Tests coverage up and some minor bug fixes
  WidgetsCatalogControllerTest up
  docker-compose fix
  WidgetMSController and WebAnalyticsExtAppVersionController Up
  Login fix
  pom.xml fix

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 7e2736d..79b2b18 100644 (file)
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -31,7 +31,15 @@ Maintanance release with bug fixes and security enhancements.
            4. Then demo user can access AAI UI app from Portal
 
 **Security Notes**
-        * Security Enhancements - Fixed OJSI issues.
+
+*Fixed Security Issues*
+
+        * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 <https://jira.onap.org/browse/OJSI-65>`_]
+        * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 <https://jira.onap.org/browse/OJSI-92>`_]
+
+*Known Security Issues*
+
+*Known Vulnerabilities in Used Modules*
         * Addressed security issues reported by NexusIQ Critical and Severe issues
 
 Quick Links: