.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. _release_notes:
Release Notes
=============
+Version 1.7.4
+-------------
+:Release Date: 2019-10-24
+
+El Alto release
+
+**Artifact Versions**
+
+
+The following table lists the SDNC docker containers and their versions.
+
++--------------------------------+---------------------------------------------+-----------+
+| Image name | Description | Version(s)|
++================================+=============================================+===========+
+| onap/network-discovery | POMBA : network discovery microservice | 1.7.3 |
++--------------------------------+---------------------------------------------+-----------+
+| onap/service-decomposition | POMBA : service decomposition microservice | 1.7.3 |
++--------------------------------+---------------------------------------------+-----------+
+| onap/sdnc-ansible-server-image | Ansible server | 1.7.4 |
++--------------------------------+---------------------------------------------+-----------+
+| onap/sdnc-aaf-image | SDNC controller image, with AAF integration | 1.7.4 |
++--------------------------------+---------------------------------------------+-----------+
+| onap/sdnc-image | SDNC controller image, standalone (no AAF) | 1.7.4 |
++--------------------------------+---------------------------------------------+-----------+
+| onap/sdnc-ueb-listener-image | SDC listener | 1.7.4 |
++--------------------------------+---------------------------------------------+-----------+
+| onap/sdcn-dmaap-listener-image | DMAAP listener | 1.7.4 |
++--------------------------------+---------------------------------------------+-----------+
+
+
+**New Features**
+
+The full list of El Alto epics and user stories for SDNC may be found at <https://jira.onap.org/issues/?filter=12044>.
+
+The following list summarizes some of the most significant epics:
+
++------------+-------------------------------------------------------------------------------------+
+| Jira # | Abstract |
++============+=====================================================================================+
+| [SDNC-825] | OpenDaylight Neon upgrade |
++------------+-------------------------------------------------------------------------------------+
+| [SDNC-858] | Tune OpenDaylight Java settings for NETCONF |
++------------+-------------------------------------------------------------------------------------+
+| [SDNC-822] | Add aggregate-route-policy in GR-API and async changes |
++------------+-------------------------------------------------------------------------------------+
+| [SDNC-431] | Implement config DB and REST API |
++------------+-------------------------------------------------------------------------------------+
+| [SDNC-433] | Receive netconf notification from RAN, update config DB and publish change on DMAAP |
++------------+-------------------------------------------------------------------------------------+
+
+
+
+**Bug Fixes**
+The full list of bug fixes in the SDNC El Alto release may be found at <https://jira.onap.org/issues/?filter=12045>
+
+**Known Issues**
+The full list of known issues in SDNC may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119>
+
+One specific issue of concern is the following
+
++------------+---------------------------------------------------------------------------------+
+| Jira # | Abstract |
++============+=================================================================================+
+| [SDNC-949] | GR-API Macro Orchestration fails while waiting on vnf-topology-operation status |
++------------+---------------------------------------------------------------------------------+
+
+This issue is fixed in Gerrit, but not in the released 1.7.4 version of the SDNC docker container. This issue
+can be manually fixed by installing the following 2 directed graphs via directed graph builder:
+
+- `GENERIC-RESOURCE-API_vf-module-topology-operation.json <https://gerrit.onap.org/r/gitweb?p=sdnc/oam.git;a=blob_plain;f=platform-logic/generic-resource-api/src/main/json/GENERIC-RESOURCE-API_vf-module-topology-operation.json;hb=refs/heads/elalto>`_ vf-module-topology-operation directed graph
+- `GENERIC-RESOURCE-API_vnf-topology-operation.json <https://gerrit.onap.org/r/gitweb?p=sdnc/oam.git;a=blob_plain;f=platform-logic/generic-resource-api/src/main/json/GENERIC-RESOURCE-API_vnf-topology-operation.json;hb=refs/heads/elalto>`_ vnf-topology-operation directed graph
+
+
+
+One item of note is that the SDNC admin portal was determined to have a number of security vulnerabilities,
+under Known Security Issues. As a temporary remediation, the admin portal was disabled in
+Dublin. These issues have been resolved in El Alto.
+
+
+
+**Security Notes**
+
+*Fixed Security Issues*
+
+- CVE-2019-12132 `OJSI-41 <https://jira.onap.org/browse/OJSI-41>`_ SDNC service allows for arbitrary code execution in sla/dgUpload form
+ Fixed temporarily by disabling admportal.
+- CVE-2019-12123 `OJSI-42 <https://jira.onap.org/browse/OJSI-42>`_ SDNC service allows for arbitrary code execution in sla/printAsXml form
+ Fixed temporarily by disabling admportal.
+- CVE-2019-12113 `OJSI-43 <https://jira.onap.org/browse/OJSI-43>`_ SDNC service allows for arbitrary code execution in sla/printAsGv form
+ Fixed by removing this API endpoint.
+- `OJSI-91 <https://jira.onap.org/browse/OJSI-91>`_ SDNC exposes unprotected API for user creation
+ Fixed temporarily by disabling admportal.
+- `OJSI-98 <https://jira.onap.org/browse/OJSI-98>`_ In default deployment SDNC (sdnc-portal) exposes HTTP port 30201 outside of cluster.
+ Port 30201 now uses HTTPS protocol.
+- CVE-2019-12112 `OJSI-199 <https://jira.onap.org/browse/OJSI-199>`_ SDNC service allows for arbitrary code execution in sla/upload form
+ Fixed temporarily by disabling admportal.
+- `OJSI-34 <https://jira.onap.org/browse/OJSI-34>`_ Multiple SQL Injection issues in SDNC
+- `OJSI-99 <https://jira.onap.org/browse/OJSI-99>`_ In default deployment SDNC (sdnc) exposes HTTP port 30202 outside of cluster.
+ Port 30202 is no longer used.
+- `OJSI-100 <https://jira.onap.org/browse/OJSI-100>`_ In default deployment SDNC (sdnc-dgbuilder) exposes HTTP port 30203 outside of cluster.
+ Port 30203 now uses HTTPS protocol.
+- `OJSI-179 <https://jira.onap.org/browse/OJSI-179>`_ dev-sdnc-sdnc exposes JDWP on port 1830 which allows for arbitrary code execution
+ Ticket has been closed as no one was able to reproduce the issue.
+- `OJSI-183 <https://jira.onap.org/browse/OJSI-183>`_ SDNC exposes ssh service on port 30208
+ Port 30202 is no longer used.
+
+*Known Security Issues*
+
+For CVE-2019-12132, CVE-2019-12123 and CVE-2019-12112 only temporary fix has been applied.
+This fix simply prevents admportal from being started and exposed.
+If admportal is to be used in your deployment, please be very cautious and remember to fix those vulnerabilities on your own.
+
+*Known Vulnerabilities in Used Modules*
+
+Quick Links:
+
+- `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
+- `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
+- `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_
+
+
+Version 1.5.4
+-------------
+:Release Date: 2019-06-13
+
+
+**New Features**
+
+The full list of Dublin epics and user stories for SDNC maybe be found at <https://jira.onap.org/issues/?filter=11803>.
+
+The following list summarizes some of the most significant epics:
+
++------------+----------------------------------------------------------------------------+
+| Jira # | Abstract |
++============+============================================================================+
+| [SDNC-551] | OpenDaylight Fluorine Support |
++------------+----------------------------------------------------------------------------+
+| [SDNC-564] | 5G Use Case |
++------------+----------------------------------------------------------------------------+
+| [SDNC-565] | CCVPN Use Case Extension |
++------------+----------------------------------------------------------------------------+
+| [SDNC-570] | SDN-R: Server side component |
++------------+----------------------------------------------------------------------------+
+| [SDNC-579] | SDN-R : UX-Client |
++------------+----------------------------------------------------------------------------+
+| [SDNC-631] | SDNC support for the PNF Use Case Network Assign for Plug and Play feature |
++------------+----------------------------------------------------------------------------+
+
+
+**Bug Fixes**
+The full list of bug fixes in the SDNC Dublin release may be found at <https://jira.onap.org/issues/?filter=11805>
+
+**Known Issues**
+The full list of known issues in SDNC may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119>
+
+One item of note is that the SDNC admin portal was determined to have a number of security vulnerabilities,
+under Known Security Issues. As a temporary remediation, the admin portal is disabled in
+Dublin. It will be re-enabled in El Alto once the security issues are addressed.
+
+**Security Notes**
+
+*Fixed Security Issues*
+
+- CVE-2019-12132 `OJSI-41 <https://jira.onap.org/browse/OJSI-41>`_ SDNC service allows for arbitrary code execution in sla/dgUpload form
+ Fixed temporarily by disabling admportal
+- CVE-2019-12123 `OJSI-42 <https://jira.onap.org/browse/OJSI-42>`_ SDNC service allows for arbitrary code execution in sla/printAsXml form
+ Fixed temporarily by disabling admportal
+- CVE-2019-12113 `OJSI-43 <https://jira.onap.org/browse/OJSI-43>`_ SDNC service allows for arbitrary code execution in sla/printAsGv form
+ Fixed temporarily by disabling admportal
+- `OJSI-91 <https://jira.onap.org/browse/OJSI-91>`_ SDNC exposes unprotected API for user creation
+ Fixed temporarily by disabling admportal
+- `OJSI-98 <https://jira.onap.org/browse/OJSI-98>`_ In default deployment SDNC (sdnc-portal) exposes HTTP port 30201 outside of cluster.
+ Fixed temporarily by disabling admportal
+- CVE-2019-12112 `OJSI-199 <https://jira.onap.org/browse/OJSI-199>`_ SDNC service allows for arbitrary code execution in sla/upload form
+ Fixed temporarily by disabling admportal
+
+*Known Security Issues*
+
+- `OJSI-34 <https://jira.onap.org/browse/OJSI-34>`_ Multiple SQL Injection issues in SDNC
+- `OJSI-99 <https://jira.onap.org/browse/OJSI-99>`_ In default deployment SDNC (sdnc) exposes HTTP port 30202 outside of cluster.
+- `OJSI-100 <https://jira.onap.org/browse/OJSI-100>`_ In default deployment SDNC (sdnc-dgbuilder) exposes HTTP port 30203 outside of cluster.
+- `OJSI-179 <https://jira.onap.org/browse/OJSI-179>`_ dev-sdnc-sdnc exposes JDWP on port 1830 which allows for arbitrary code execution
+- `OJSI-183 <https://jira.onap.org/browse/OJSI-183>`_ SDNC exposes ssh service on port 30208
+
+*Known Vulnerabilities in Used Modules*
+
+Quick Links:
+
+- `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_
+- `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_
+- `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_
+
+Version: 1.4.4
+--------------
+
+**Bugs Fixes**
+
+The following bugs are fixed in the SDNC Casablanca January 2019 maintenance release:
+
++------------+------------------------------------------------------------------------------------------+
+| Jira # | Abstract |
++============+==========================================================================================+
+| [SDNC-405] | SDNC API documentation is missing on ReadTheDocs |
++------------+------------------------------------------------------------------------------------------+
+| [SDNC-523] | vnf-information.vnf-id validation check should not be mandatory in validate-vnf-input DG |
++------------+------------------------------------------------------------------------------------------+
+| [SDNC-532] | oof query failed due to hostname change, returning unknown host |
++------------+------------------------------------------------------------------------------------------+
+| [SDNC-534] | wrong "input" field in DMaaP message template |
++------------+------------------------------------------------------------------------------------------+
+| [SDNC-536] | Upgrade zjsonpatch version to remediate vulnerabilities |
++------------+------------------------------------------------------------------------------------------+
+| [SDNC-537] | Update to spring-boot 2.1.0-RELEASE |
++------------+------------------------------------------------------------------------------------------+
+| [SDNC-540] | CCVPN closed loop testing failed. |
++------------+------------------------------------------------------------------------------------------+
+| [SDNC-542] | [PORT] Network Discovery microservice does not log |
++------------+------------------------------------------------------------------------------------------+
+| [SDNC-546] | CCVPN bugs fix for manual free integration test |
++------------+------------------------------------------------------------------------------------------+
+| [SDNC-549] | Retain MD-SAL data on pod recreate |
++------------+------------------------------------------------------------------------------------------+
+
+
+
Version: 1.4.3
--------------
**Other**
NA
-
-
Code Review / sdnc / oam.git / blobdiff