1 .. This work is licensed under a Creative Commons Attribution 4.0
3 .. http://creativecommons.org/licenses/by/4.0
4 .. (c) ONAP Project and its contributors
14 This document provides the release notes for the Frankfurt release of the Software Defined
15 Network Controller (SDNC)
20 The Frankfurt release of SDNC introduces new functionality to support PNFs (Physical Network Functions), extends support
21 for Netconf/TLS to support CMPv2, and adds support for the Multi Domain Optical Network Service use case.
28 +-------------------------+-------------------------------------------+
29 | **Project** | SDNC |
31 +-------------------------+-------------------------------------------+
32 | **Docker images** | See :ref:`dockercontainers` section below |
33 +-------------------------+-------------------------------------------+
34 | **Release designation** | Frankfurt |
36 +-------------------------+-------------------------------------------+
37 | **Release date** | 06/04/2020 |
39 +-------------------------+-------------------------------------------+
45 The SDNC Frankfurt release includes the following features:
47 * ORAN-compliant A1 adaptor (Jira `SDNC-965 <https://jira.onap.org/browse/SDNC-965>`_)
48 * Multi-Domain Optical Service (Jira `SDNC-928 <https://jira.onap.org/browse/SDNC-928>`_)
49 * Python 2 -> Python 3 migration (Jira `SDNC-967 <https://jira.onap.org/browse/SDNC-967>`_)
50 * Upgrade to new Policy lifecycle API (Jira `SDNC-968 <https://jira.onap.org/browse/SDNC-968>`_)
54 For the complete list of `SDNC Frankfurt release epics <https://jira.onap.org/issues/?filter=12322>`_ and
55 `SDNC Frankfurt release user stories <https://jira.onap.org/issues/?filter=12323>`_ , please see the `ONAP Jira`_.
59 The full list of `bugs fixed in the SDNC Frankfurt release <https://jira.onap.org/issues/?filter=12324>`_ is maintained on the `ONAP Jira`_.
63 The full list of `known issues in SDNC <https://jira.onap.org/issues/?filter=11119>`_ is maintained on the `ONAP Jira`_.
71 The SDNC portal is considered deprecated in the Frankfurt release, due
72 to resource contraints. This functionality is delivered dormant
73 in Frankfurt (i.e. it is disabled in the Frankfurt helm charts) and we
74 plan to remove the code entirely in the Guilin release.
78 The functionality provided by the VNF-API is now provided as part
79 of the GENERIC-RESOURCE-API. Therefore, the VNF-API is deprecated
80 in Frankfurt and will be removed in Guilin.
94 The following table lists the docker containers comprising the SDNC Frankfurt
95 release along with the current stable Frankfurt version/tag. Each of these is
96 available on the ONAP nexus3 site (https://nexus3.onap.org) and can be downloaded
97 with the following command::
99 docker pull nexus3.onap.org:10001/{image-name}:{version}
102 Note: users that want to use the latest in-development Frankfurt version may use the
103 tag 0.7-STAGING-latest to pull the latest daily Frankfurt build
105 +--------------------------------+-----------------------------------------------------+---------+
106 | Image name | Description | Version |
107 +================================+=====================================================+=========+
108 | onap/sdnc-aaf-image | SDNC controller image, integrated with AAF for RBAC | 1.8.3 |
109 +--------------------------------+-----------------------------------------------------+---------+
110 | onap/sdnc-ansible-server-image | Ansible server | 1.8.3 |
111 +--------------------------------+-----------------------------------------------------+---------+
112 | onap/sdnc-dmaap-listener-image | DMaaP listener | 1.8.3 |
113 +--------------------------------+-----------------------------------------------------+---------+
114 | onap/sdnc-image | SDNC controller image, without AAF integration | 1.8.3 |
115 +--------------------------------+-----------------------------------------------------+---------+
116 | onap/sdnc-ueb-listener-image | SDC listener | 1.8.3 |
117 +--------------------------------+-----------------------------------------------------+---------+
118 | onap/sdnc-web-image | Web tier (currently only used by SDN-R persona) | 1.8.3 |
119 +--------------------------------+-----------------------------------------------------+---------+
122 Documentation Deliverables
123 ~~~~~~~~~~~~~~~~~~~~~~~~~~
125 * `SDN Controller for Radio user guide`_
127 Known Limitations, Issues and Workarounds
128 =========================================
133 No system limitations noted.
136 Known Vulnerabilities
137 ---------------------
139 Any known vulnerabilities for ONAP are tracked in the `ONAP Jira`_ in the OJSI project. Any outstanding OJSI issues that
140 pertain to SDNC are listed in the :ref:`secissues` section below.
152 Fixed Security Issues
153 ~~~~~~~~~~~~~~~~~~~~~
155 The following security issues have been addressed in the Frankfurt SDNC release:
157 * `OSJI-34 <https://jira.onap.org/browse/OJSI-34>`_ : Multiple SQL Injection issues in SDNC
158 * `OSJI-40 <https://jira.onap.org/browse/OJSI-40>`_ : SDNC service allows for arbitrary code execution
159 * `OSJI-41 <https://jira.onap.org/browse/OJSI-41>`_ : SDNC service allows for arbitrary code execution in sla/dgUpload form (CVE-2019-12132)
160 * `OSJI-42 <https://jira.onap.org/browse/OJSI-42>`_ : SDNC service allows for arbitrary code execution in sla/printAsXml form (CVE-2019-12123)
161 * `OSJI-43 <https://jira.onap.org/browse/OJSI-43>`_ : SDNC service allows for arbitrary code execution in sla/printAsGv form (CVE-2019-12113)
162 * `OSJI-199 <https://jira.onap.org/browse/OJSI-199>`_ : SDNC service allows for arbitrary code execution in sla/upload form (CVE-2019-12112)
163 * `SDNC-1145 <https://jira.onap.org/browse/SDNC-1145>`_ : Pods still run as root
164 * `SDNC-970 <https://jira.onap.org/browse/SDNC-970>`_ : Password removal from OOM Helm charts
168 Known Security Issues
169 ~~~~~~~~~~~~~~~~~~~~~
171 There is currently one known SDNC security issue, related to the SDNC portal
173 * `OJSI-91 <https://jira.onap.org/browse/OJSI-91>`_ : SDNC exposes unprotected API for user creation
175 The current implementation of the SDNC portal - which was intended purely
176 as a test tool - has a self-subscription model - so anyone can create an
177 account by going to the setup link. This is not appropriate for production
178 deployment and we strongly recommend that the SDNC portal NOT be used in
181 The SDNC portal is disabled in the Frankfurt helm charts and will be removed
182 entirely in the Guilin release.
194 For more information on the ONAP Frankfurt release, please see:
197 #. `ONAP Documentation`_
198 #. `ONAP Release Downloads`_
202 .. _`ONAP Home Page`: https://www.onap.org
203 .. _`ONAP Wiki Page`: https://wiki.onap.org
204 .. _`ONAP Documentation`: https://docs.onap.org
205 .. _`ONAP Release Downloads`: https://git.onap.org
206 .. _`ONAP Jira`: https://jira.onap.org
207 .. _`SDN Controller for Radio user guide`: https://docs.onap.org/en/frankfurt/submodules/ccsdk/features.git/docs/guides/onap-user/home.html