summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPrudence Au <prudence.au@amdocs.com>2019-10-08 21:08:17 -0400
committerPrudence Au <prudence.au@amdocs.com>2019-10-08 21:08:17 -0400
commit8cb7d2a7333d9dfefc57b39a263cc67d3b64ee0f (patch)
tree83c7d09255bb041e44affa606374340810216323
parent2ef607c851f540a5a6172f73dcab9c26dd7b4751 (diff)
Include the unresolved OJSI tickets in the release notes
Issue-ID: LOG-1148 Signed-off-by: Prudence Au <prudence.au@amdocs.com> Change-Id: Ic364bc12ea0ae82fb931499af7d1e61ae152d8eb
-rw-r--r--docs/release-notes.rst12
1 files changed, 8 insertions, 4 deletions
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index eb3878d..bef85f1 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -27,9 +27,12 @@ El Alto
**Known Issues**
- `LOG-1159 <https://jira.onap.org/browse/LOG-1159>`_ Vulnerability issue: logging-analytics version 5.0.9.RELEASE
-**Security Notes**
+**Known Security Issues**
- - LOG code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The LOG open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/display/DW/El+Alto+Vulnerabilities>`_.
+ - `OJSI-200 <https://jira.onap.org/browse/OJSI-200>`_ Logging exposes unprotected APIs/UIs (CVE-2019-12125)
+ - `OJSI-155 <https://jira.onap.org/browse/OJSI-155>`_ LOG demo target exposes plain text HTTP endpoint using port 30398
+ - `OJSI-125 <https://jira.onap.org/browse/OJSI-125>`_ log-es exposes plain text HTTP endpoint using port 30254
+ - `OJSI-124 <https://jira.onap.org/browse/OJSI-124>`_ log-kibana exposes plain text HTTP endpoint using port 30253
Quick Links:
- `LOG project page <https://wiki.onap.org/display/DW/Logging+Enhancements+Project>`_
@@ -89,8 +92,9 @@ El Alto
- `LOG-1117 <https://jira.onap.org/browse/LOG-1117>`_ Vulnerability issue: POMBA-SDNC-CONTEXT-BUILDER and POMBA-NETWORK-DISCOVERY-CONTEXT-BUILDER uikit
- `LOG-1160 <https://jira.onap.org/browse/LOG-1160>`_ Vulnerability issue: jackson-databind 2.9.9
-**Security Notes**
- - all nodeports for Kibana, context builders and data-router are open by default for now
+**Known Security Issues**
+ - `OJSI-123 <https://jira.onap.org/browse/OJSI-123>`_ pomba-data-router exposes plain text HTTP endpoint using port 30249
+ - `OJSI-115 <https://jira.onap.org/browse/OJSI-115>`_ pomba-kibana exposes plain text HTTP endpoint using port 30234
POMBA code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The LOG open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/display/DW/El+Alto+Vulnerabilities>`_.