Document OJSI-92 (CVE-2019-12121) vulnerability

Issue-ID: OJSI-92 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Idad22deafb262da539c52fa8733e7ea098fd1361
author: Krzysztof Opasiak <k.opasiak@samsung.com> 2019-05-30 15:27:27 +0200
committer: Krzysztof Opasiak <k.opasiak@samsung.com> 2019-05-30 15:36:17 +0200
commit: fc4442976411f28a214898a3261e698c48dda31d (patch)
tree: 8035262be196f8178522431e50f485d1aec6b70a /docs
parent: af68d030bd7f66b680c2b44cd60a19a35aaf9223 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index fbaf675e..871c7d5b 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -38,6 +38,7 @@ We worked on SDK upgrade to integrate with AAF. We partially implemented multi-l
 
 	* CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 <https://jira.onap.org/browse/OJSI-15>`_]
 	* CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 <https://jira.onap.org/browse/OJSI-65>`_]
+	* CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 <https://jira.onap.org/browse/OJSI-92>`_]
 	* In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 <https://jira.onap.org/browse/OJSI-97>`_]
 	* In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 <https://jira.onap.org/browse/OJSI-105>`_]
 	* In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 <https://jira.onap.org/browse/OJSI-106>`_]
author	Krzysztof Opasiak <k.opasiak@samsung.com>	2019-05-30 15:27:27 +0200
committer	Krzysztof Opasiak <k.opasiak@samsung.com>	2019-05-30 15:36:17 +0200
commit	fc4442976411f28a214898a3261e698c48dda31d (patch)
tree	8035262be196f8178522431e50f485d1aec6b70a /docs
parent	af68d030bd7f66b680c2b44cd60a19a35aaf9223 (diff)