[AAI] Updated releast notes to talk about transitive dependency on aaf log4j

Issue-ID: AAI-3454 Signed-off-by: wr148d <wr148d@att.com> Change-Id: I2dfad5f07372eff1f7e545910da6d39377ea4ffe
author: wr148d <wr148d@att.com> 2022-03-16 16:09:23 -0400
committer: wr148d <wr148d@att.com> 2022-03-16 16:09:23 -0400
commit: 637c5edbc093b1988c9990c60cb50a9a4e2dbcd2 (patch)
tree: b26aeaa9ec799f0c75c881ef9c6a7b62bd85bb7c /docs
parent: 4d86166b5fa8ae49f6e358ae33d3cef59d72dc1e (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index ae56b81a..9aac854c 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -22,7 +22,13 @@ Version: 9.0.1
 
 The R9 Istanbul maintenance release of ONAP A&AI addressed some security vulnerabilities mainly for the Log4J dependencies
 
-- Updated the log4j libraries to 2.17.2
+- Updated the direct dependency log4j libraries to 2.17.2
+- Please note log4j is still on older versions in a transitive dependency for aaf auth for the following mS
+  * onap-aai-aai-common
+  * onap-aai-babel
+  * onap-aai-resources
+  * onap-aai-schema-service
+  * onap-aai-traversal
 
 Version: 9.0.0
 --------------
author	wr148d <wr148d@att.com>	2022-03-16 16:09:23 -0400
committer	wr148d <wr148d@att.com>	2022-03-16 16:09:23 -0400
commit	637c5edbc093b1988c9990c60cb50a9a4e2dbcd2 (patch)
tree	b26aeaa9ec799f0c75c881ef9c6a7b62bd85bb7c /docs
parent	4d86166b5fa8ae49f6e358ae33d3cef59d72dc1e (diff)