summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2019-10-06 00:33:33 +0200
committerOfir Sonsino <ofir.sonsino@intl.att.com>2019-10-06 07:51:53 +0000
commit31b7ddb2fa8db611b18450b00ff8b37167d3becb (patch)
tree4b01aada83116965cb6a5210fbe1b5025b468a97
parent003853d0d95c142e857b9e73f0164123e7e685ef (diff)
Document fixed OJSI tickets in release notes
Issue-ID: OJSI-31 Issue-ID: OJSI-76 Issue-ID: OJSI-77 Issue-ID: OJSI-78 Issue-ID: OJSI-79 Issue-ID: OJSI-80 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ie57bdbfae0b40ff7633ff674d22ac5ad3c5cf866
Diffstat
-rw-r--r--docs/release-notes.rst7
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index cdc33050df..26afce2b00 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -96,6 +96,13 @@ Security Notes
*Fixed Security Issues*
+- [`OJSI-31 <https://jira.onap.org/browse/OJSI-31>`__\ ] - Unsecured Swagger UI Interface in sdc-wfd-be
+- CVE-2019-12115 [`OJSI-76 <https://jira.onap.org/browse/OJSI-76>`__\ ] - demo-sdc-sdc-be exposes JDWP on port 4000 which allows for arbitrary code execution
+- CVE-2019-12116 [`OJSI-77 <https://jira.onap.org/browse/OJSI-77>`__\ ] - demo-sdc-sdc-fe exposes JDWP on port 6000 which allows for arbitrary code execution
+- CVE-2019-12117 [`OJSI-78 <https://jira.onap.org/browse/OJSI-78>`__\ ] - demo-sdc-sdc-onboarding-be exposes JDWP on port 4001 which allows for arbitrary code execution
+- CVE-2019-12118 [`OJSI-79 <https://jira.onap.org/browse/OJSI-79>`__\ ] - demo-sdc-sdc-wfd-be exposes JDWP on port 7001 which allows for arbitrary code execution
+- CVE-2019-12119 [`OJSI-80 <https://jira.onap.org/browse/OJSI-80>`__\ ] - demo-sdc-sdc-wfd-fe exposes JDWP on port 7000 which allows for arbitrary code execution
+
*Known Security Issues*
- [`OJSI-90 <https://jira.onap.org/browse/OJSI-90>`__\ ] - SDC exposes unprotected API for user creation