diff options
author | Krzysztof Opasiak <k.opasiak@samsung.com> | 2019-06-04 01:44:17 +0200 |
---|---|---|
committer | Krzysztof Opasiak <k.opasiak@samsung.com> | 2019-06-04 01:44:17 +0200 |
commit | 2621450b47e79548686742d9a65ef4dc5a357d32 (patch) | |
tree | cec2e2b88fba2225d05065068750e809aa0086c8 | |
parent | f3896fc2e922a81e1a4947b5a0722e6322f382f7 (diff) |
Improve security release notes
In order to provide users with more details of project's state in
terms of security let's divide the security release notes into three
sections:
- Fixed Security Issues
Contains a list of security fixes merged during this
release (especially those reported via OJSI tickets).
- Known Security Issues
Contains a list of vulnerabilities detected in project during
release which have not been fixed yet and thus should be mitigated
by the user.
- Known Vulnerabilities in Used Modules
Contains information about NexusIQ scan results
Issue-ID: SECCOM-238
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5af2a1828095720e4835e4304c2c2be397b70b7b
-rw-r--r-- | docs/release-notes.rst | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/docs/release-notes.rst b/docs/release-notes.rst index e6c5a56b..22e5e5dc 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -37,11 +37,17 @@ Some AAI services can be configured to leverage the ONAP Pluggable Security Sidecar proof of concept (disabled by default, see the charts under aai/oom for more details). -AAI now manages its own helm charts. See `aai/oom <https://gerrit.onap.org/r/admin/repos/aai/oom>`__ +AAI now manages its own helm charts. See `aai/oom <https://gerrit.onap.org/r/admin/repos/aai/oom>`__ **Security Notes** +*Fixed Security Issues* + +*Known Security Issues* + +*Known Vulnerabilities in Used Modules* + AAI code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The AAI open Critical security vulnerabilities and their risk assessment have been documented as part of the `R4 project wiki <https://wiki.onap.org/pages/viewpage.action?pageId=64003431>`_. Quick Links: @@ -223,7 +229,7 @@ ONAP AAI R2 includes the following components: - Applications - Sparky (AAI User Interface) -Source code of AAI is released under the following repositories at https://gerrit.onap.org +Source code of AAI is released under the following repositories at https://gerrit.onap.org - aai/aai-common - aai/event-client @@ -250,7 +256,7 @@ Source code of AAI is released under the following repositories at https://gerri - `AAI-17 <https://jira.onap.org/browse/AAI-17>`_ Seed code stabilization -- `AAI-21 <https://jira.onap.org/browse/AAI-21>`_ Gizmo +- `AAI-21 <https://jira.onap.org/browse/AAI-21>`_ Gizmo - `AAI-24 <https://jira.onap.org/browse/AAI-24>`_ Move to Active Open Source Graph Database @@ -500,7 +506,7 @@ Version: 1.1.1 - `AAI-566 <https://jira.onap.org/browse/AAI-566>`_ AAI Eclipse build failure - aai-traversal pom as hardcoded 1.8.0_101 jdk.tools version - `AAI-621 <https://jira.onap.org/browse/AAI-621>`_ Update the snapshot in test-config for v1.1.1-SNAPSHOT - + Version: 1.1.0 -------------- @@ -508,7 +514,7 @@ Version: 1.1.0 **New Features** -Initial release of Active and Available Inventory (AAI) for Open Network Automation Platform (ONAP). AAI provides ONAP with its logically centralized view of inventory data, taking in updates from orchestrators, controllers, and assurance systems. AAI provides core REST services. +Initial release of Active and Available Inventory (AAI) for Open Network Automation Platform (ONAP). AAI provides ONAP with its logically centralized view of inventory data, taking in updates from orchestrators, controllers, and assurance systems. AAI provides core REST services. ONAP AAI R1 includes the following components: @@ -660,7 +666,7 @@ Source code of AAI is released under the following repositories at https://gerri **Known Issues** - `AAI-61 <https://jira.onap.org/browse/AAI-61>`_ AAI cleaned up references to OpenECOMP but in order to keep the release stable for R1, the XML namespace still contains openecomp. - + Client systems should use http://org.openecomp.aai.inventory/v11 as the XML namespace for ONAP AAI R1. **Security Issues** |