From b0861aec29d90be605532051c28bf99225949324 Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Mon, 27 May 2019 21:55:30 +0200 Subject: Improve security release notes In order to provide users with more details of project's state in terms of security let's divide the security release notes into three sections: - Fixed Security Issues Contains a list of security fixes merged during this release (especially those reported via OJSI tickets). - Known Security Issues Contains a list of vulnerabilities detected in project during release which have not been fixed yet and thus should be mitigated by the user. - Known Vulnerabilities in Used Modules Contains information about NexusIQ scan results Issue-ID: SECCOM-238 Signed-off-by: Krzysztof Opasiak Change-Id: I334391346a97a1fb29636151babba6c6c473ebd0 --- docs/release-notes.rst | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'docs') diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 2a75d597..f8eed3dc 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -18,6 +18,13 @@ Version: 3.0.0 - End-end service creation using ONAP commands are provided. - +**Security Notes** + +*Fixed Security Issues* + +*Known Security Issues* + +*Known Vulnerabilities in Used Modules* Version: 2.0.5 -------------- -- cgit 1.2.3-korg From bb1b68e3a5712c25dea0459e2de9d295e6dd951c Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Mon, 27 May 2019 21:56:44 +0200 Subject: Document OJSI-129 vulnerability Issue-ID: OJSI-129 Signed-off-by: Krzysztof Opasiak Change-Id: I67144105f78636104dc9862c2f2e0166bcb14fa8 --- docs/release-notes.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs') diff --git a/docs/release-notes.rst b/docs/release-notes.rst index f8eed3dc..cca44b58 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -24,6 +24,8 @@ Version: 3.0.0 *Known Security Issues* +- In default deployment CLI (cli) exposes HTTP port 30260 outside of cluster. [`OJSI-129 `_] + *Known Vulnerabilities in Used Modules* Version: 2.0.5 -- cgit 1.2.3-korg From f8e837efb0cdbdf53e502dadf49edcaee7b38294 Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Mon, 27 May 2019 21:57:12 +0200 Subject: Document OJSI-135 vulnerability Issue-ID: OJSI-135 Signed-off-by: Krzysztof Opasiak Change-Id: I69af0d6102d7aef55beadea5168cdfc83532fb24 --- docs/release-notes.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'docs') diff --git a/docs/release-notes.rst b/docs/release-notes.rst index cca44b58..2abf3248 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -25,6 +25,7 @@ Version: 3.0.0 *Known Security Issues* - In default deployment CLI (cli) exposes HTTP port 30260 outside of cluster. [`OJSI-129 `_] +- In default deployment CLI (cli) exposes HTTP port 30271 outside of cluster. [`OJSI-135 `_] *Known Vulnerabilities in Used Modules* -- cgit 1.2.3-korg