summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2019-05-24 23:30:00 +0200
committerKrzysztof Opasiak <k.opasiak@samsung.com>2019-05-24 23:38:02 +0200
commit53de06c9d6b3c52f9f23ed4904968074b3f833d2 (patch)
tree1fbcf577b79527863730bb0d6c201922d13ffa9e
parent5260297bb0fdd7ca1640b45a4c9b96b7fd158a1e (diff)
Improve security release notes
In order to provide users with more details of project's state in terms of security let's divide the security release notes into three sections: - Fixed Security Issues Contains a list of security fixes merged during this release (especially those reported via OJSI tickets). - Known Security Issues Contains a list of vulnerabilities detected in project during release which have not been fixed yet and thus should be mitigated by the user. - Known Vulnerabilities in Used Modules Contains information about NexusIQ scan results Issue-ID: SECCOM-238 Change-Id: Ief8825c38c7723c26e8c7e10a6a13f4b8f9c169d Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
-rw-r--r--docs/release-notes.rst18
1 files changed, 12 insertions, 6 deletions
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 03a11a6e..bcb1f16b 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -32,6 +32,12 @@ We worked on SDK upgrade to integrate with AAF. We partially implemented multi-l
**Security Notes**
+*Fixed Security Issues*
+
+*Known Security Issues*
+
+*Known Vulnerabilities in Used Modules*
+
PORTAL code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The PORTAL open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=51283057>`_.
Quick Links:
@@ -45,7 +51,7 @@ Quick Links:
* For https Apps onboarded to portal, a certificate has to be downloaded in the browser when first trying to access the landing page of the App.
* For onboarded Apps using http (since Portal is using https) the browser asks the user to click to Proceed to the unsafe URL.
* For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts.
-
+
**Deprecation Notes**
**Other**
@@ -55,8 +61,8 @@ Quick Links:
* onap/portal-sdk:2.5.0
* onap/portal-wms:2.5.0
* portal/sdk java artifacts - (Release branch: “release-2.5.0”)
-
-Version: 2.3.2
+
+Version: 2.3.2
--------------
:Release Date: 2019-04-15
@@ -67,10 +73,10 @@ This is the official release notes for the Casablanca Maintenance Release 3.0.2.
**Known Issues**
* The issue is an application running on HTTPS will not open in Portal if the AAF root CA is missing.
- An error message will appear in a separate tab in Portal. It will say something like:
- “The webpage at https://portal.api.simpledemo.onap.org:30200/vid/welcome.htm?cc=........ might
+ An error message will appear in a separate tab in Portal. It will say something like:
+ “The webpage at https://portal.api.simpledemo.onap.org:30200/vid/welcome.htm?cc=........ might
be temporarily down or it may have moved permanently to a new web address.”
- Here is the work-around, copy above VID (or other app) URL and replace welcome.htm to login.htm
+ Here is the work-around, copy above VID (or other app) URL and replace welcome.htm to login.htm
in a new browser window; after login come back to Portal home page and click VID, it will now work.
* For applications running on HTTP (for example SDC), the user needs to disable the security check in the browser to access the application.