From e98d94edaa2276b33959f5ef6d45f3fdeeab37ee Mon Sep 17 00:00:00 2001 From: "Welch, Lorraine (lb2391)" Date: Tue, 11 Jun 2019 14:14:22 -0400 Subject: Updated Dublin Release Notes Issue-ID: PORTAL-592 Signed-off-by: Welch, Lorraine (lb2391) Change-Id: I4d1e7e8bd83ed2adb7df25ccf4c694b1c81ef879 --- docs/release-notes.rst | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'docs') diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 9502569a..a1b6e09c 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -36,14 +36,14 @@ We worked on SDK upgrade to integrate with AAF. We partially implemented multi-l *Known Security Issues* - * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 `_] - * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 `_] - * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 `_] - * In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 `_] - * In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 `_] - * In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 `_] - * CVE-2019-12318 - Number of SQL Injections in Portal [`OJSI-174 `_] - * Portal stores users passwords encrypted instead of hashed [`OJSI-190 `_] + * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 `_] + * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 `_] + * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 `_] + * In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 `_] + * In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 `_] + * In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 `_] + * CVE-2019-12318 - Number of SQL Injections in Portal [`OJSI-174 `_] + * Portal stores users passwords encrypted instead of hashed [`OJSI-190 `_] *Known Vulnerabilities in Used Modules* @@ -59,7 +59,8 @@ Quick Links: **Upgrade Notes** * For https Apps onboarded to portal, a certificate has to be downloaded in the browser when first trying to access the landing page of the App. * For onboarded Apps using http (since Portal is using https) the browser asks the user to click to Proceed to the unsafe URL. - * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts. + * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts. + * The first time some apps are selected in the Applications panel, an error stating the webpage might be temporarily down, copy the presented URL to a new browser; once that is done, the application will open in the Portal. **Deprecation Notes** -- cgit 1.2.3-korg