aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2019-06-04 01:44:17 +0200
committerKrzysztof Opasiak <k.opasiak@samsung.com>2019-06-04 01:44:17 +0200
commit2621450b47e79548686742d9a65ef4dc5a357d32 (patch)
treecec2e2b88fba2225d05065068750e809aa0086c8
parentf3896fc2e922a81e1a4947b5a0722e6322f382f7 (diff)
Improve security release notes
In order to provide users with more details of project's state in terms of security let's divide the security release notes into three sections: - Fixed Security Issues Contains a list of security fixes merged during this release (especially those reported via OJSI tickets). - Known Security Issues Contains a list of vulnerabilities detected in project during release which have not been fixed yet and thus should be mitigated by the user. - Known Vulnerabilities in Used Modules Contains information about NexusIQ scan results Issue-ID: SECCOM-238 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I5af2a1828095720e4835e4304c2c2be397b70b7b
-rw-r--r--docs/release-notes.rst18
1 files changed, 12 insertions, 6 deletions
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index e6c5a56b..22e5e5dc 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -37,11 +37,17 @@ Some AAI services can be configured to leverage the ONAP Pluggable
Security Sidecar proof of concept (disabled by default, see the charts
under aai/oom for more details).
-AAI now manages its own helm charts. See `aai/oom <https://gerrit.onap.org/r/admin/repos/aai/oom>`__
+AAI now manages its own helm charts. See `aai/oom <https://gerrit.onap.org/r/admin/repos/aai/oom>`__
**Security Notes**
+*Fixed Security Issues*
+
+*Known Security Issues*
+
+*Known Vulnerabilities in Used Modules*
+
AAI code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The AAI open Critical security vulnerabilities and their risk assessment have been documented as part of the `R4 project wiki <https://wiki.onap.org/pages/viewpage.action?pageId=64003431>`_.
Quick Links:
@@ -223,7 +229,7 @@ ONAP AAI R2 includes the following components:
- Applications
- Sparky (AAI User Interface)
-Source code of AAI is released under the following repositories at https://gerrit.onap.org
+Source code of AAI is released under the following repositories at https://gerrit.onap.org
- aai/aai-common
- aai/event-client
@@ -250,7 +256,7 @@ Source code of AAI is released under the following repositories at https://gerri
- `AAI-17 <https://jira.onap.org/browse/AAI-17>`_ Seed code stabilization
-- `AAI-21 <https://jira.onap.org/browse/AAI-21>`_ Gizmo
+- `AAI-21 <https://jira.onap.org/browse/AAI-21>`_ Gizmo
- `AAI-24 <https://jira.onap.org/browse/AAI-24>`_ Move to Active Open Source Graph Database
@@ -500,7 +506,7 @@ Version: 1.1.1
- `AAI-566 <https://jira.onap.org/browse/AAI-566>`_ AAI Eclipse build failure - aai-traversal pom as hardcoded 1.8.0_101 jdk.tools version
- `AAI-621 <https://jira.onap.org/browse/AAI-621>`_ Update the snapshot in test-config for v1.1.1-SNAPSHOT
-
+
Version: 1.1.0
--------------
@@ -508,7 +514,7 @@ Version: 1.1.0
**New Features**
-Initial release of Active and Available Inventory (AAI) for Open Network Automation Platform (ONAP). AAI provides ONAP with its logically centralized view of inventory data, taking in updates from orchestrators, controllers, and assurance systems. AAI provides core REST services.
+Initial release of Active and Available Inventory (AAI) for Open Network Automation Platform (ONAP). AAI provides ONAP with its logically centralized view of inventory data, taking in updates from orchestrators, controllers, and assurance systems. AAI provides core REST services.
ONAP AAI R1 includes the following components:
@@ -660,7 +666,7 @@ Source code of AAI is released under the following repositories at https://gerri
**Known Issues**
- `AAI-61 <https://jira.onap.org/browse/AAI-61>`_ AAI cleaned up references to OpenECOMP but in order to keep the release stable for R1, the XML namespace still contains openecomp.
-
+
Client systems should use http://org.openecomp.aai.inventory/v11 as the XML namespace for ONAP AAI R1.
**Security Issues**