From bf5521000fa40266da3e2484c475fe6d7f9595ea Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Sun, 6 Oct 2019 00:33:33 +0200 Subject: Document fixed OJSI tickets in release notes Issue-ID: OJSI-31 Issue-ID: OJSI-76 Issue-ID: OJSI-77 Issue-ID: OJSI-78 Issue-ID: OJSI-79 Issue-ID: OJSI-80 Signed-off-by: Krzysztof Opasiak Change-Id: Ie57bdbfae0b40ff7633ff674d22ac5ad3c5cf866 --- docs/release-notes.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/release-notes.rst b/docs/release-notes.rst index cdc33050df..26afce2b00 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -96,6 +96,13 @@ Security Notes *Fixed Security Issues* +- [`OJSI-31 `__\ ] - Unsecured Swagger UI Interface in sdc-wfd-be +- CVE-2019-12115 [`OJSI-76 `__\ ] - demo-sdc-sdc-be exposes JDWP on port 4000 which allows for arbitrary code execution +- CVE-2019-12116 [`OJSI-77 `__\ ] - demo-sdc-sdc-fe exposes JDWP on port 6000 which allows for arbitrary code execution +- CVE-2019-12117 [`OJSI-78 `__\ ] - demo-sdc-sdc-onboarding-be exposes JDWP on port 4001 which allows for arbitrary code execution +- CVE-2019-12118 [`OJSI-79 `__\ ] - demo-sdc-sdc-wfd-be exposes JDWP on port 7001 which allows for arbitrary code execution +- CVE-2019-12119 [`OJSI-80 `__\ ] - demo-sdc-sdc-wfd-fe exposes JDWP on port 7000 which allows for arbitrary code execution + *Known Security Issues* - [`OJSI-90 `__\ ] - SDC exposes unprotected API for user creation -- cgit 1.2.3-korg