From d9e8b34a0f2bda167671fe19db20feee5410fceb Mon Sep 17 00:00:00 2001
From: Krzysztof Opasiak <k.opasiak@samsung.com>
Date: Mon, 27 May 2019 18:06:32 +0200
Subject: Document OJSI-109 vulnerability

Issue-ID: OJSI-109
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ibaef5bcfcf201c451395aa10e9d14ba1d5ba6b43
---
 docs/sections/release-notes.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst
index e43b1c50..d689ca2e 100644
--- a/docs/sections/release-notes.rst
+++ b/docs/sections/release-notes.rst
@@ -105,6 +105,8 @@ Source code of DCAE components are released under the following repositories on
 
 *Known Security Issues*
 
+    * In default deployment DCAEGEN2 (xdcae-datafile-collector) exposes HTTP port 30223 outside of cluster. [`OJSI-109 <https://jira.onap.org/browse/OJSI-109>`_]
+
 *Known Vulnerabilities in Used Modules*
 
 DCAE code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The DCAE open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=51282478>`_.
-- 
cgit 1.2.3-korg