Code Review / sdnc / oam.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Document OJSI-100 vulnerability
[sdnc/oam.git] / docs / release-notes.rst
1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2
3 Release Notes
4 =============
5
6 Version 1.5.3
7 -------------
8 :Release Date: 2019-06-13
9
10 **New Features**
11
12 The full list of Dublin epics and user stories for SDNC maybe be found at <https://jira.onap.org/issues/?filter=11803>.
13
14 The following list summarizes some of the most significant epics:
15
16 +------------+----------------------------------------------------------------------------+
17 | Jira #     | Abstract                                                                   |
18 +============+============================================================================+
19 | [SDNC-551] | OpenDaylight Fluorine Support                                              |
20 +------------+----------------------------------------------------------------------------+
21 | [SDNC-564] | 5G Use Case                                                                |
22 +------------+----------------------------------------------------------------------------+
23 | [SDNC-565] | CCVPN Use Case Extension                                                   |
24 +------------+----------------------------------------------------------------------------+
25 | [SDNC-570] | SDN-R: Server side component                                               |
26 +------------+----------------------------------------------------------------------------+
27 | [SDNC-579] | SDN-R : UX-Client                                                          |
28 +------------+----------------------------------------------------------------------------+
29 | [SDNC-631] | SDNC support for the PNF Use Case Network Assign for Plug and Play feature |
30 +------------+----------------------------------------------------------------------------+
31
32
33 **Bug Fixes**
34 The full list of bug fixes in the SDNC Dublin release may be found at <https://jira.onap.org/issues/?filter=11805>
35
36 **Known Issues**
37 The full list of known issues in SDNC may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119>
38
39 **Security Notes**
40
41 *Fixed Security Issues*
42
43 - CVE-2019-12132 `OJSI-41 <https://jira.onap.org/browse/OJSI-41>`_ SDNC service allows for arbitrary code execution in sla/dgUpload form
44   Fixed temporarily by disabling admportal
45 - CVE-2019-12123 `OJSI-42 <https://jira.onap.org/browse/OJSI-42>`_ SDNC service allows for arbitrary code execution in sla/printAsXml form
46   Fixed temporarily by disabling admportal
47 - CVE-2019-12113 `OJSI-43 <https://jira.onap.org/browse/OJSI-43>`_ SDNC service allows for arbitrary code execution in sla/printAsGv form
48   Fixed temporarily by disabling admportal
49 - `OJSI-91 <https://jira.onap.org/browse/OJSI-91>`_ SDNC exposes unprotected API for user creation
50   Fixed temporarily by disabling admportal
51 - `OJSI-98 <https://jira.onap.org/browse/OJSI-98>`_ In default deployment SDNC (sdnc-portal) exposes HTTP port 30201 outside of cluster.
52   Fixed temporarily by disabling admportal
53 - CVE-2019-12112 `OJSI-199 <https://jira.onap.org/browse/OJSI-199>`_ SDNC service allows for arbitrary code execution in sla/upload form
54   Fixed temporarily by disabling admportal
55
56 *Known Security Issues*
57
58 - `OJSI-34 <https://jira.onap.org/browse/OJSI-34>`_ Multiple SQL Injection issues in SDNC
59 - `OJSI-99 <https://jira.onap.org/browse/OJSI-99>`_ In default deployment SDNC (sdnc) exposes HTTP port 30202 outside of cluster.
60 - `OJSI-100 <https://jira.onap.org/browse/OJSI-100>`_ In default deployment SDNC (sdnc-dgbuilder) exposes HTTP port 30203 outside of cluster.
61
62 *Known Vulnerabilities in Used Modules*
63
64 Quick Links:
65
66 - `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
67 - `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
68 - `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_
69
70 Version: 1.4.4
71 --------------
72
73 **Bugs Fixes**
74
75 The following bugs are fixed in the SDNC Casablanca January 2019 maintenance release:
76
77 +------------+------------------------------------------------------------------------------------------+
78 | Jira #     | Abstract                                                                                 |
79 +============+==========================================================================================+
80 | [SDNC-405] | SDNC API documentation is missing on ReadTheDocs                                         |
81 +------------+------------------------------------------------------------------------------------------+
82 | [SDNC-523] | vnf-information.vnf-id validation check should not be mandatory in validate-vnf-input DG |
83 +------------+------------------------------------------------------------------------------------------+
84 | [SDNC-532] | oof query failed due to hostname change, returning unknown host                          |
85 +------------+------------------------------------------------------------------------------------------+
86 | [SDNC-534] | wrong "input" field in DMaaP message template                                            |
87 +------------+------------------------------------------------------------------------------------------+
88 | [SDNC-536] | Upgrade zjsonpatch version to remediate vulnerabilities                                  |
89 +------------+------------------------------------------------------------------------------------------+
90 | [SDNC-537] | Update to spring-boot 2.1.0-RELEASE                                                      |
91 +------------+------------------------------------------------------------------------------------------+
92 | [SDNC-540] | CCVPN closed loop testing failed.                                                        |
93 +------------+------------------------------------------------------------------------------------------+
94 | [SDNC-542] | [PORT] Network Discovery microservice does not log                                       |
95 +------------+------------------------------------------------------------------------------------------+
96 | [SDNC-546] | CCVPN bugs fix for manual free integration test                                          |
97 +------------+------------------------------------------------------------------------------------------+
98 | [SDNC-549] | Retain MD-SAL data on pod recreate                                                       |
99 +------------+------------------------------------------------------------------------------------------+
100
101
102
103 Version: 1.4.3
104 --------------
105
106
107 :Release Date: 2018-11-30
108
109 **New Features**
110
111 The Casablanca release of SDNC introduces the following new features:
112
113         - Network Discovery, in support of POMBA
114         - Support for CCVPN use case
115         - Change Management enhancements
116
117 **Bug Fixes**
118
119 The list of bugs fixed in the SDNC Casablanca release may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11544>
120
121
122 **Known Issues**
123
124 The list of known issues in the SDNC project may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119>
125
126
127 **Security Notes**
128
129 SDNC code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The SDNC open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_.
130
131 Quick Links:
132
133 - `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
134 - `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
135 - `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_
136
137 **Upgrade Notes**
138    NA
139
140 **Deprecation Notes**
141    NA
142
143 **Other**
144    NA
145
146 Version: 1.3.4
147 --------------
148
149
150 :Release Date: 2018-07-06
151
152 **New Features**
153
154 The full list of SDNC Beijing Epics and user stories can be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=10791>.  The
155 following table lists the major features included in the Beijing release.
156
157 +------------+-------------------------------------------------------------------------------------------------------------+
158 | Jira #     | Abstract                                                                                                    |
159 +============+=============================================================================================================+
160 | [SDNC-278] | Change management in-place software upgrade execution using Ansible <https://jira.onap.org/browse/SDNC-278> |
161 +------------+-------------------------------------------------------------------------------------------------------------+
162 | [SDNC-163] | Deploy a SDN-C high availability environment - Kubernetes <https://jira.onap.org/browse/SDNC-163>           |
163 +------------+-------------------------------------------------------------------------------------------------------------+
164
165
166 **Bug Fixes**
167
168 The list of bugs fixed in the SDNC Beijing release may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11118>
169
170
171 **Known Issues**
172
173 +------------+----------------------------------------------------------------------------------------------------------------------------------+
174 | Jira #     | Abstract                                                                                                                         |
175 +============+==================================================================================================================================+
176 | [SDNC-324] | IPV4_ADDRESS_POOL is empty <https://jira.onap.org/browse/SDNC-324>                                                               |
177 +------------+----------------------------------------------------------------------------------------------------------------------------------+
178 | [SDNC-321] | dgbuilder won't save DG <https://jira.onap.org/browse/SDNC-321>                                                                  |
179 +------------+----------------------------------------------------------------------------------------------------------------------------------+
180 | [SDNC-304] | SDNC OOM intermittent Healthcheck failure - JSONDecodeError - on different startup order <https://jira.onap.org/browse/SDNC-304> |
181 +------------+----------------------------------------------------------------------------------------------------------------------------------+
182 | [SDNC-115] | VNFAPI DGs contain plugin references to software not part of ONAP <https://jira.onap.org/browse/SDNC-115>                        |
183 +------------+----------------------------------------------------------------------------------------------------------------------------------+
184 | [SDNC-114] | Generic API DGs contain plugin references to software not part of ONAP <https://jira.onap.org/browse/SDNC-114>                   |
185 +------------+----------------------------------------------------------------------------------------------------------------------------------+
186 | [SDNC-106] | VNFAPI DGs contain old openecomp and com.att based plugin references <https://jira.onap.org/browse/SDNC-106>                     |
187 +------------+----------------------------------------------------------------------------------------------------------------------------------+
188 | [SDNC-64]  | SDNC is not setting FromApp identifier in logging MDC <https://jira.onap.org/browse/SDNC-64>                                     |
189 +------------+----------------------------------------------------------------------------------------------------------------------------------+
190
191
192 **Security Notes**
193
194 SDNC code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The SDNC open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=28379582>`_.
195
196 Quick Links:
197
198 - `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
199 - `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
200 - `Project Vulnerability Review Table for SDNC <https://wiki.onap.org/pages/viewpage.action?pageId=28379582>`_
201
202 **Upgrade Notes**
203         NA
204
205 **Deprecation Notes**
206         NA
207
208 **Other**
209         NA
210
211 Version: 1.2.1
212 --------------
213
214 :Release Date: 2018-01-18
215
216 **Bug Fixes**
217
218 - `SDNC-145 <https://jira.onap.org/browse/SDNC-145>`_ Error message refers to wrong parameters
219 - `SDNC-195 <https://jira.onap.org/browse/SDNC-195>`_ UEB listener doesn't insert correct parameters for allotted resources in DB table ALLOTTED_RESOURCE_MODEL
220 - `SDNC-198 <https://jira.onap.org/browse/SDNC-198>`_ CSIT job fails
221 - `SDNC-201 <https://jira.onap.org/browse/SDNC-201>`_ Fix DG bugs from integration tests
222 - `SDNC-202 <https://jira.onap.org/browse/SDNC-202>`_ Search for service -data null match, set vGW LAN IP via Heat
223 - `SDNC-211 <https://jira.onap.org/browse/SDNC-211>`_ Update SDNC Amsterdam branch to use maintenance release versions
224 - `SDNC-212 <https://jira.onap.org/browse/SDNC-212>`_ Duplicate file name
225
226 Version: 1.2.0
227 --------------
228
229 :Release Date: 2017-11-16
230
231 **New Features**
232
233 The ONAP Amsterdam release introduces the following changes to SDNC from
234 the original openECOMP seed code:
235    - Refactored / moved common platform code to new CCSDK project
236    - Refactored code to rename openecomp to onap
237    - Introduced new GENERIC-RESOURCE-API api, used by vCPE and VoLTE use cases
238    - Introduced new docker containers for SDC and DMAAP interfaces
239
240 **Bug Fixes**
241         NA
242 **Known Issues**
243 The following known high priority issues are being worked and are expected to be delivered
244 in release 1.2.1:
245 - `SDNC-179 <https://jira.onap.org/browse/SDNC-179>`_ Failed to make HTTPS connection in restapicall node
246 - `SDNC-181 <https://jira.onap.org/browse/SDNC-181>`_ Change call to brg-wan-ip-address vbrg-wan-ip brg topo activate DG
247 - `SDNC-182 <https://jira.onap.org/browse/SDNC-182>`_ Fix VNI Consistency: Add vG vxlan tunnel setup and bridge domain setup to brg-topo-activate DG
248
249 **Security Issues**
250         NA
251
252 **Upgrade Notes**
253         NA
254
255 **Deprecation Notes**
256         NA
257
258 **Other**
259         NA
SDNC OA&M tools