Code Review / sdnc / oam.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Document OJSI-42 (CVE-201912123) vulnerability
[sdnc/oam.git] / docs / release-notes.rst
1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2
3 Release Notes
4 =============
5
6 Version 1.5.3
7 -------------
8 :Release Date: 2019-06-13
9
10 **New Features**
11
12 The full list of Dublin epics and user stories for SDNC maybe be found at <https://jira.onap.org/issues/?filter=11803>.
13
14 The following list summarizes some of the most significant epics:
15
16 +------------+----------------------------------------------------------------------------+
17 | Jira #     | Abstract                                                                   |
18 +============+============================================================================+
19 | [SDNC-551] | OpenDaylight Fluorine Support                                              |
20 +------------+----------------------------------------------------------------------------+
21 | [SDNC-564] | 5G Use Case                                                                |
22 +------------+----------------------------------------------------------------------------+
23 | [SDNC-565] | CCVPN Use Case Extension                                                   |
24 +------------+----------------------------------------------------------------------------+
25 | [SDNC-570] | SDN-R: Server side component                                               |
26 +------------+----------------------------------------------------------------------------+
27 | [SDNC-579] | SDN-R : UX-Client                                                          |
28 +------------+----------------------------------------------------------------------------+
29 | [SDNC-631] | SDNC support for the PNF Use Case Network Assign for Plug and Play feature |
30 +------------+----------------------------------------------------------------------------+
31
32
33 **Bug Fixes**
34 The full list of bug fixes in the SDNC Dublin release may be found at <https://jira.onap.org/issues/?filter=11805>
35
36 **Known Issues**
37 The full list of known issues in SDNC may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119>
38
39 **Security Notes**
40
41 *Fixed Security Issues*
42
43 - CVE-2019-12132 `OJSI-41 <https://jira.onap.org/browse/OJSI-41>`_ SDNC service allows for arbitrary code execution in sla/dgUpload form
44   Fixed temporarily by disabling admportal
45 - CVE-2019-12123 `OJSI-42 <https://jira.onap.org/browse/OJSI-42>`_ SDNC service allows for arbitrary code execution in sla/printAsXml form
46   Fixed temporarily by disabling admportal
47
48 *Known Security Issues*
49
50 *Known Vulnerabilities in Used Modules*
51
52 Quick Links:
53
54 - `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
55 - `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
56 - `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_
57
58 Version: 1.4.4
59 --------------
60
61 **Bugs Fixes**
62
63 The following bugs are fixed in the SDNC Casablanca January 2019 maintenance release:
64
65 +------------+------------------------------------------------------------------------------------------+
66 | Jira #     | Abstract                                                                                 |
67 +============+==========================================================================================+
68 | [SDNC-405] | SDNC API documentation is missing on ReadTheDocs                                         |
69 +------------+------------------------------------------------------------------------------------------+
70 | [SDNC-523] | vnf-information.vnf-id validation check should not be mandatory in validate-vnf-input DG |
71 +------------+------------------------------------------------------------------------------------------+
72 | [SDNC-532] | oof query failed due to hostname change, returning unknown host                          |
73 +------------+------------------------------------------------------------------------------------------+
74 | [SDNC-534] | wrong "input" field in DMaaP message template                                            |
75 +------------+------------------------------------------------------------------------------------------+
76 | [SDNC-536] | Upgrade zjsonpatch version to remediate vulnerabilities                                  |
77 +------------+------------------------------------------------------------------------------------------+
78 | [SDNC-537] | Update to spring-boot 2.1.0-RELEASE                                                      |
79 +------------+------------------------------------------------------------------------------------------+
80 | [SDNC-540] | CCVPN closed loop testing failed.                                                        |
81 +------------+------------------------------------------------------------------------------------------+
82 | [SDNC-542] | [PORT] Network Discovery microservice does not log                                       |
83 +------------+------------------------------------------------------------------------------------------+
84 | [SDNC-546] | CCVPN bugs fix for manual free integration test                                          |
85 +------------+------------------------------------------------------------------------------------------+
86 | [SDNC-549] | Retain MD-SAL data on pod recreate                                                       |
87 +------------+------------------------------------------------------------------------------------------+
88
89
90
91 Version: 1.4.3
92 --------------
93
94
95 :Release Date: 2018-11-30
96
97 **New Features**
98
99 The Casablanca release of SDNC introduces the following new features:
100
101         - Network Discovery, in support of POMBA
102         - Support for CCVPN use case
103         - Change Management enhancements
104
105 **Bug Fixes**
106
107 The list of bugs fixed in the SDNC Casablanca release may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11544>
108
109
110 **Known Issues**
111
112 The list of known issues in the SDNC project may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119>
113
114
115 **Security Notes**
116
117 SDNC code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The SDNC open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_.
118
119 Quick Links:
120
121 - `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
122 - `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
123 - `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_
124
125 **Upgrade Notes**
126    NA
127
128 **Deprecation Notes**
129    NA
130
131 **Other**
132    NA
133
134 Version: 1.3.4
135 --------------
136
137
138 :Release Date: 2018-07-06
139
140 **New Features**
141
142 The full list of SDNC Beijing Epics and user stories can be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=10791>.  The
143 following table lists the major features included in the Beijing release.
144
145 +------------+-------------------------------------------------------------------------------------------------------------+
146 | Jira #     | Abstract                                                                                                    |
147 +============+=============================================================================================================+
148 | [SDNC-278] | Change management in-place software upgrade execution using Ansible <https://jira.onap.org/browse/SDNC-278> |
149 +------------+-------------------------------------------------------------------------------------------------------------+
150 | [SDNC-163] | Deploy a SDN-C high availability environment - Kubernetes <https://jira.onap.org/browse/SDNC-163>           |
151 +------------+-------------------------------------------------------------------------------------------------------------+
152
153
154 **Bug Fixes**
155
156 The list of bugs fixed in the SDNC Beijing release may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11118>
157
158
159 **Known Issues**
160
161 +------------+----------------------------------------------------------------------------------------------------------------------------------+
162 | Jira #     | Abstract                                                                                                                         |
163 +============+==================================================================================================================================+
164 | [SDNC-324] | IPV4_ADDRESS_POOL is empty <https://jira.onap.org/browse/SDNC-324>                                                               |
165 +------------+----------------------------------------------------------------------------------------------------------------------------------+
166 | [SDNC-321] | dgbuilder won't save DG <https://jira.onap.org/browse/SDNC-321>                                                                  |
167 +------------+----------------------------------------------------------------------------------------------------------------------------------+
168 | [SDNC-304] | SDNC OOM intermittent Healthcheck failure - JSONDecodeError - on different startup order <https://jira.onap.org/browse/SDNC-304> |
169 +------------+----------------------------------------------------------------------------------------------------------------------------------+
170 | [SDNC-115] | VNFAPI DGs contain plugin references to software not part of ONAP <https://jira.onap.org/browse/SDNC-115>                        |
171 +------------+----------------------------------------------------------------------------------------------------------------------------------+
172 | [SDNC-114] | Generic API DGs contain plugin references to software not part of ONAP <https://jira.onap.org/browse/SDNC-114>                   |
173 +------------+----------------------------------------------------------------------------------------------------------------------------------+
174 | [SDNC-106] | VNFAPI DGs contain old openecomp and com.att based plugin references <https://jira.onap.org/browse/SDNC-106>                     |
175 +------------+----------------------------------------------------------------------------------------------------------------------------------+
176 | [SDNC-64]  | SDNC is not setting FromApp identifier in logging MDC <https://jira.onap.org/browse/SDNC-64>                                     |
177 +------------+----------------------------------------------------------------------------------------------------------------------------------+
178
179
180 **Security Notes**
181
182 SDNC code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The SDNC open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=28379582>`_.
183
184 Quick Links:
185
186 - `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
187 - `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
188 - `Project Vulnerability Review Table for SDNC <https://wiki.onap.org/pages/viewpage.action?pageId=28379582>`_
189
190 **Upgrade Notes**
191         NA
192
193 **Deprecation Notes**
194         NA
195
196 **Other**
197         NA
198
199 Version: 1.2.1
200 --------------
201
202 :Release Date: 2018-01-18
203
204 **Bug Fixes**
205
206 - `SDNC-145 <https://jira.onap.org/browse/SDNC-145>`_ Error message refers to wrong parameters
207 - `SDNC-195 <https://jira.onap.org/browse/SDNC-195>`_ UEB listener doesn't insert correct parameters for allotted resources in DB table ALLOTTED_RESOURCE_MODEL
208 - `SDNC-198 <https://jira.onap.org/browse/SDNC-198>`_ CSIT job fails
209 - `SDNC-201 <https://jira.onap.org/browse/SDNC-201>`_ Fix DG bugs from integration tests
210 - `SDNC-202 <https://jira.onap.org/browse/SDNC-202>`_ Search for service -data null match, set vGW LAN IP via Heat
211 - `SDNC-211 <https://jira.onap.org/browse/SDNC-211>`_ Update SDNC Amsterdam branch to use maintenance release versions
212 - `SDNC-212 <https://jira.onap.org/browse/SDNC-212>`_ Duplicate file name
213
214 Version: 1.2.0
215 --------------
216
217 :Release Date: 2017-11-16
218
219 **New Features**
220
221 The ONAP Amsterdam release introduces the following changes to SDNC from
222 the original openECOMP seed code:
223    - Refactored / moved common platform code to new CCSDK project
224    - Refactored code to rename openecomp to onap
225    - Introduced new GENERIC-RESOURCE-API api, used by vCPE and VoLTE use cases
226    - Introduced new docker containers for SDC and DMAAP interfaces
227
228 **Bug Fixes**
229         NA
230 **Known Issues**
231 The following known high priority issues are being worked and are expected to be delivered
232 in release 1.2.1:
233 - `SDNC-179 <https://jira.onap.org/browse/SDNC-179>`_ Failed to make HTTPS connection in restapicall node
234 - `SDNC-181 <https://jira.onap.org/browse/SDNC-181>`_ Change call to brg-wan-ip-address vbrg-wan-ip brg topo activate DG
235 - `SDNC-182 <https://jira.onap.org/browse/SDNC-182>`_ Fix VNI Consistency: Add vG vxlan tunnel setup and bridge domain setup to brg-topo-activate DG
236
237 **Security Issues**
238         NA
239
240 **Upgrade Notes**
241         NA
242
243 **Deprecation Notes**
244         NA
245
246 **Other**
247         NA
SDNC OA&M tools