Code Review / sdnc / oam.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Document OJSI-41 (CVE-2019-12132) vulnerability
[sdnc/oam.git] / docs / release-notes.rst
1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2
3 Release Notes
4 =============
5
6 Version 1.5.3
7 -------------
8 :Release Date: 2019-06-13
9
10 **New Features**
11
12 The full list of Dublin epics and user stories for SDNC maybe be found at <https://jira.onap.org/issues/?filter=11803>.
13
14 The following list summarizes some of the most significant epics:
15
16 +------------+----------------------------------------------------------------------------+
17 | Jira #     | Abstract                                                                   |
18 +============+============================================================================+
19 | [SDNC-551] | OpenDaylight Fluorine Support                                              |
20 +------------+----------------------------------------------------------------------------+
21 | [SDNC-564] | 5G Use Case                                                                |
22 +------------+----------------------------------------------------------------------------+
23 | [SDNC-565] | CCVPN Use Case Extension                                                   |
24 +------------+----------------------------------------------------------------------------+
25 | [SDNC-570] | SDN-R: Server side component                                               |
26 +------------+----------------------------------------------------------------------------+
27 | [SDNC-579] | SDN-R : UX-Client                                                          |
28 +------------+----------------------------------------------------------------------------+
29 | [SDNC-631] | SDNC support for the PNF Use Case Network Assign for Plug and Play feature |
30 +------------+----------------------------------------------------------------------------+
31
32
33 **Bug Fixes**
34 The full list of bug fixes in the SDNC Dublin release may be found at <https://jira.onap.org/issues/?filter=11805>
35
36 **Known Issues**
37 The full list of known issues in SDNC may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119>
38
39 **Security Notes**
40
41 *Fixed Security Issues*
42
43 - CVE-2019-12132 `OJSI-41 <https://jira.onap.org/browse/OJSI-41>`_ SDNC service allows for arbitrary code execution in sla/dgUpload form
44   Fixed temporarily by disabling admportal
45
46 *Known Security Issues*
47
48 *Known Vulnerabilities in Used Modules*
49
50 Quick Links:
51
52 - `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
53 - `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
54 - `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_
55
56 Version: 1.4.4
57 --------------
58
59 **Bugs Fixes**
60
61 The following bugs are fixed in the SDNC Casablanca January 2019 maintenance release:
62
63 +------------+------------------------------------------------------------------------------------------+
64 | Jira #     | Abstract                                                                                 |
65 +============+==========================================================================================+
66 | [SDNC-405] | SDNC API documentation is missing on ReadTheDocs                                         |
67 +------------+------------------------------------------------------------------------------------------+
68 | [SDNC-523] | vnf-information.vnf-id validation check should not be mandatory in validate-vnf-input DG |
69 +------------+------------------------------------------------------------------------------------------+
70 | [SDNC-532] | oof query failed due to hostname change, returning unknown host                          |
71 +------------+------------------------------------------------------------------------------------------+
72 | [SDNC-534] | wrong "input" field in DMaaP message template                                            |
73 +------------+------------------------------------------------------------------------------------------+
74 | [SDNC-536] | Upgrade zjsonpatch version to remediate vulnerabilities                                  |
75 +------------+------------------------------------------------------------------------------------------+
76 | [SDNC-537] | Update to spring-boot 2.1.0-RELEASE                                                      |
77 +------------+------------------------------------------------------------------------------------------+
78 | [SDNC-540] | CCVPN closed loop testing failed.                                                        |
79 +------------+------------------------------------------------------------------------------------------+
80 | [SDNC-542] | [PORT] Network Discovery microservice does not log                                       |
81 +------------+------------------------------------------------------------------------------------------+
82 | [SDNC-546] | CCVPN bugs fix for manual free integration test                                          |
83 +------------+------------------------------------------------------------------------------------------+
84 | [SDNC-549] | Retain MD-SAL data on pod recreate                                                       |
85 +------------+------------------------------------------------------------------------------------------+
86
87
88
89 Version: 1.4.3
90 --------------
91
92
93 :Release Date: 2018-11-30
94
95 **New Features**
96
97 The Casablanca release of SDNC introduces the following new features:
98
99         - Network Discovery, in support of POMBA
100         - Support for CCVPN use case
101         - Change Management enhancements
102
103 **Bug Fixes**
104
105 The list of bugs fixed in the SDNC Casablanca release may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11544>
106
107
108 **Known Issues**
109
110 The list of known issues in the SDNC project may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119>
111
112
113 **Security Notes**
114
115 SDNC code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The SDNC open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_.
116
117 Quick Links:
118
119 - `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
120 - `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
121 - `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_
122
123 **Upgrade Notes**
124    NA
125
126 **Deprecation Notes**
127    NA
128
129 **Other**
130    NA
131
132 Version: 1.3.4
133 --------------
134
135
136 :Release Date: 2018-07-06
137
138 **New Features**
139
140 The full list of SDNC Beijing Epics and user stories can be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=10791>.  The
141 following table lists the major features included in the Beijing release.
142
143 +------------+-------------------------------------------------------------------------------------------------------------+
144 | Jira #     | Abstract                                                                                                    |
145 +============+=============================================================================================================+
146 | [SDNC-278] | Change management in-place software upgrade execution using Ansible <https://jira.onap.org/browse/SDNC-278> |
147 +------------+-------------------------------------------------------------------------------------------------------------+
148 | [SDNC-163] | Deploy a SDN-C high availability environment - Kubernetes <https://jira.onap.org/browse/SDNC-163>           |
149 +------------+-------------------------------------------------------------------------------------------------------------+
150
151
152 **Bug Fixes**
153
154 The list of bugs fixed in the SDNC Beijing release may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11118>
155
156
157 **Known Issues**
158
159 +------------+----------------------------------------------------------------------------------------------------------------------------------+
160 | Jira #     | Abstract                                                                                                                         |
161 +============+==================================================================================================================================+
162 | [SDNC-324] | IPV4_ADDRESS_POOL is empty <https://jira.onap.org/browse/SDNC-324>                                                               |
163 +------------+----------------------------------------------------------------------------------------------------------------------------------+
164 | [SDNC-321] | dgbuilder won't save DG <https://jira.onap.org/browse/SDNC-321>                                                                  |
165 +------------+----------------------------------------------------------------------------------------------------------------------------------+
166 | [SDNC-304] | SDNC OOM intermittent Healthcheck failure - JSONDecodeError - on different startup order <https://jira.onap.org/browse/SDNC-304> |
167 +------------+----------------------------------------------------------------------------------------------------------------------------------+
168 | [SDNC-115] | VNFAPI DGs contain plugin references to software not part of ONAP <https://jira.onap.org/browse/SDNC-115>                        |
169 +------------+----------------------------------------------------------------------------------------------------------------------------------+
170 | [SDNC-114] | Generic API DGs contain plugin references to software not part of ONAP <https://jira.onap.org/browse/SDNC-114>                   |
171 +------------+----------------------------------------------------------------------------------------------------------------------------------+
172 | [SDNC-106] | VNFAPI DGs contain old openecomp and com.att based plugin references <https://jira.onap.org/browse/SDNC-106>                     |
173 +------------+----------------------------------------------------------------------------------------------------------------------------------+
174 | [SDNC-64]  | SDNC is not setting FromApp identifier in logging MDC <https://jira.onap.org/browse/SDNC-64>                                     |
175 +------------+----------------------------------------------------------------------------------------------------------------------------------+
176
177
178 **Security Notes**
179
180 SDNC code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The SDNC open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=28379582>`_.
181
182 Quick Links:
183
184 - `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
185 - `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
186 - `Project Vulnerability Review Table for SDNC <https://wiki.onap.org/pages/viewpage.action?pageId=28379582>`_
187
188 **Upgrade Notes**
189         NA
190
191 **Deprecation Notes**
192         NA
193
194 **Other**
195         NA
196
197 Version: 1.2.1
198 --------------
199
200 :Release Date: 2018-01-18
201
202 **Bug Fixes**
203
204 - `SDNC-145 <https://jira.onap.org/browse/SDNC-145>`_ Error message refers to wrong parameters
205 - `SDNC-195 <https://jira.onap.org/browse/SDNC-195>`_ UEB listener doesn't insert correct parameters for allotted resources in DB table ALLOTTED_RESOURCE_MODEL
206 - `SDNC-198 <https://jira.onap.org/browse/SDNC-198>`_ CSIT job fails
207 - `SDNC-201 <https://jira.onap.org/browse/SDNC-201>`_ Fix DG bugs from integration tests
208 - `SDNC-202 <https://jira.onap.org/browse/SDNC-202>`_ Search for service -data null match, set vGW LAN IP via Heat
209 - `SDNC-211 <https://jira.onap.org/browse/SDNC-211>`_ Update SDNC Amsterdam branch to use maintenance release versions
210 - `SDNC-212 <https://jira.onap.org/browse/SDNC-212>`_ Duplicate file name
211
212 Version: 1.2.0
213 --------------
214
215 :Release Date: 2017-11-16
216
217 **New Features**
218
219 The ONAP Amsterdam release introduces the following changes to SDNC from
220 the original openECOMP seed code:
221    - Refactored / moved common platform code to new CCSDK project
222    - Refactored code to rename openecomp to onap
223    - Introduced new GENERIC-RESOURCE-API api, used by vCPE and VoLTE use cases
224    - Introduced new docker containers for SDC and DMAAP interfaces
225
226 **Bug Fixes**
227         NA
228 **Known Issues**
229 The following known high priority issues are being worked and are expected to be delivered
230 in release 1.2.1:
231 - `SDNC-179 <https://jira.onap.org/browse/SDNC-179>`_ Failed to make HTTPS connection in restapicall node
232 - `SDNC-181 <https://jira.onap.org/browse/SDNC-181>`_ Change call to brg-wan-ip-address vbrg-wan-ip brg topo activate DG
233 - `SDNC-182 <https://jira.onap.org/browse/SDNC-182>`_ Fix VNI Consistency: Add vG vxlan tunnel setup and bridge domain setup to brg-topo-activate DG
234
235 **Security Issues**
236         NA
237
238 **Upgrade Notes**
239         NA
240
241 **Deprecation Notes**
242         NA
243
244 **Other**
245         NA
SDNC OA&M tools