diff options
author | Dan Timoney <dtimoney@att.com> | 2020-05-19 11:55:16 -0400 |
---|---|---|
committer | Dan Timoney <dtimoney@att.com> | 2020-05-19 11:55:16 -0400 |
commit | d45c8925df53e30c86076d6a775d9556c6dbfb8b (patch) | |
tree | c32b7ab9ef10572bf20947a69a64343719353bf9 | |
parent | 58d39ebe7b6650931a3e87a67d2a265a45599995 (diff) |
Add SDNC Frankfurt release notes
Add release notes for SDNC Frankfurt release
Change-Id: I8fa079a305351be8aa9cf298274528fda572e746
Issue-ID: SDNC-1172
Signed-off-by: Dan Timoney <dtimoney@att.com>
Former-commit-id: 3eb32648ea58265ff87d0bc3b1867d0ce0006d69
-rw-r--r-- | docs/_static/css/theme_overrides.css | 13 | ||||
-rw-r--r-- | docs/conf.py | 3 | ||||
-rw-r--r-- | docs/index.rst | 5 | ||||
-rw-r--r-- | docs/release-notes.rst | 448 |
4 files changed, 140 insertions, 329 deletions
diff --git a/docs/_static/css/theme_overrides.css b/docs/_static/css/theme_overrides.css new file mode 100644 index 00000000..174fade5 --- /dev/null +++ b/docs/_static/css/theme_overrides.css @@ -0,0 +1,13 @@ +/* override table width restrictions */ +@media screen and (min-width: 767px) { + + .wy-table-responsive table td { + /* !important prevents the common CSS stylesheets from overriding + this as on RTD they are loaded after this stylesheet */ + white-space: normal !important; + } + + .wy-table-responsive { + overflow: visible !important; + } +}
\ No newline at end of file diff --git a/docs/conf.py b/docs/conf.py index 8f40e8b8..23f0768c 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -12,4 +12,5 @@ intersphinx_mapping = {} html_last_updated_fmt = '%d-%b-%y %H:%M' def setup(app): - app.add_stylesheet("css/ribbon_onap.css") + app.add_css_file("css/ribbon_onap.css") + app.add_css_file("css/theme_overrides.css") diff --git a/docs/index.rst b/docs/index.rst index b0778956..8a25801b 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -2,8 +2,8 @@ .. http://creativecommons.org/licenses/by/4.0 .. _master_index: -SDNC Northbound -=============== +Network Controller (SDNC) +========================= .. toctree:: :maxdepth: 1 @@ -14,6 +14,7 @@ SDNC Northbound delivery.rst logging.rst installation.rst + cert_installation.rst configuration.rst build.rst humaninterfaces.rst diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 6f108447..076bfc2f 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -1,388 +1,184 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. _release_notes: +.. This work is licensed under a Creative Commons Attribution 4.0 + International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) ONAP Project and its contributors -Release Notes -============= +****************** +SDNC Release Notes +****************** -Version 1.7.4 -------------- -:Release Date: 2019-10-24 -El Alto release +Abstract +======== -**Artifact Versions** +This document provides the release notes for the Frankfurt release of the Software Defined +Network Controller (SDNC) +Summary +======= -The following table lists the SDNC docker containers and their versions. +The Frankfurt release of SDNC introduces new functionality to support PNFs (Physical Network Functions), extends support +for Netconf/TLS to support CMPv2, and adds support for the Multi Domain Optical Network Service use case. -+--------------------------------+---------------------------------------------+-----------+ -| Image name | Description | Version(s)| -+================================+=============================================+===========+ -| onap/network-discovery | POMBA : network discovery microservice | 1.7.3 | -+--------------------------------+---------------------------------------------+-----------+ -| onap/service-decomposition | POMBA : service decomposition microservice | 1.7.3 | -+--------------------------------+---------------------------------------------+-----------+ -| onap/sdnc-ansible-server-image | Ansible server | 1.7.4 | -+--------------------------------+---------------------------------------------+-----------+ -| onap/sdnc-aaf-image | SDNC controller image, with AAF integration | 1.7.4 | -+--------------------------------+---------------------------------------------+-----------+ -| onap/sdnc-image | SDNC controller image, standalone (no AAF) | 1.7.4 | -+--------------------------------+---------------------------------------------+-----------+ -| onap/sdnc-ueb-listener-image | SDC listener | 1.7.4 | -+--------------------------------+---------------------------------------------+-----------+ -| onap/sdcn-dmaap-listener-image | DMAAP listener | 1.7.4 | -+--------------------------------+---------------------------------------------+-----------+ +Release Data +============ -**New Features** ++-------------------------+-------------------------------------------+ +| **Project** | SDNC | +| | | ++-------------------------+-------------------------------------------+ +| **Docker images** | See :ref:`dockercontainers` section below | ++-------------------------+-------------------------------------------+ +| **Release designation** | Frankfurt | +| | | ++-------------------------+-------------------------------------------+ +| **Release date** | 06/04/2020 | +| | | ++-------------------------+-------------------------------------------+ -The full list of El Alto epics and user stories for SDNC may be found at <https://jira.onap.org/issues/?filter=12044>. -The following list summarizes some of the most significant epics: +New features +------------ -+------------+-------------------------------------------------------------------------------------+ -| Jira # | Abstract | -+============+=====================================================================================+ -| [SDNC-825] | OpenDaylight Neon upgrade | -+------------+-------------------------------------------------------------------------------------+ -| [SDNC-858] | Tune OpenDaylight Java settings for NETCONF | -+------------+-------------------------------------------------------------------------------------+ -| [SDNC-822] | Add aggregate-route-policy in GR-API and async changes | -+------------+-------------------------------------------------------------------------------------+ -| [SDNC-431] | Implement config DB and REST API | -+------------+-------------------------------------------------------------------------------------+ -| [SDNC-433] | Receive netconf notification from RAN, update config DB and publish change on DMAAP | -+------------+-------------------------------------------------------------------------------------+ +The SDNC Frankfurt release includes the following features: +* ORAN-compliant A1 adaptor (Jira `SDNC-965 <https://jira.onap.org/browse/SDNC-965>`_) +* Multi-Domain Optical Service (Jira `SDNC-928 <https://jira.onap.org/browse/SDNC-928>`_) +* Python 2 -> Python 3 migration (Jira `SDNC-967 <https://jira.onap.org/browse/SDNC-967>`_) +* Upgrade to new Policy lifecycle API (Jira `SDNC-968 <https://jira.onap.org/browse/SDNC-968>`_) -**Bug Fixes** -The full list of bug fixes in the SDNC El Alto release may be found at <https://jira.onap.org/issues/?filter=12045> -**Known Issues** -The full list of known issues in SDNC may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119> - -One specific issue of concern is the following - -+------------+---------------------------------------------------------------------------------+ -| Jira # | Abstract | -+============+=================================================================================+ -| [SDNC-949] | GR-API Macro Orchestration fails while waiting on vnf-topology-operation status | -+------------+---------------------------------------------------------------------------------+ - -This issue is fixed in Gerrit, but not in the released 1.7.4 version of the SDNC docker container. This issue -can be manually fixed by installing the following 2 directed graphs via directed graph builder: - -- `GENERIC-RESOURCE-API_vf-module-topology-operation.json <https://gerrit.onap.org/r/gitweb?p=sdnc/oam.git;a=blob_plain;f=platform-logic/generic-resource-api/src/main/json/GENERIC-RESOURCE-API_vf-module-topology-operation.json;hb=refs/heads/elalto>`_ vf-module-topology-operation directed graph -- `GENERIC-RESOURCE-API_vnf-topology-operation.json <https://gerrit.onap.org/r/gitweb?p=sdnc/oam.git;a=blob_plain;f=platform-logic/generic-resource-api/src/main/json/GENERIC-RESOURCE-API_vnf-topology-operation.json;hb=refs/heads/elalto>`_ vnf-topology-operation directed graph - - - -One item of note is that the SDNC admin portal was determined to have a number of security vulnerabilities, -under Known Security Issues. As a temporary remediation, the admin portal was disabled in -Dublin. These issues have been resolved in El Alto. - - - -**Security Notes** - -*Fixed Security Issues* - -- CVE-2019-12132 `OJSI-41 <https://jira.onap.org/browse/OJSI-41>`_ SDNC service allows for arbitrary code execution in sla/dgUpload form - Fixed temporarily by disabling admportal. -- CVE-2019-12123 `OJSI-42 <https://jira.onap.org/browse/OJSI-42>`_ SDNC service allows for arbitrary code execution in sla/printAsXml form - Fixed temporarily by disabling admportal. -- CVE-2019-12113 `OJSI-43 <https://jira.onap.org/browse/OJSI-43>`_ SDNC service allows for arbitrary code execution in sla/printAsGv form - Fixed by removing this API endpoint. -- `OJSI-91 <https://jira.onap.org/browse/OJSI-91>`_ SDNC exposes unprotected API for user creation - Fixed temporarily by disabling admportal. -- `OJSI-98 <https://jira.onap.org/browse/OJSI-98>`_ In default deployment SDNC (sdnc-portal) exposes HTTP port 30201 outside of cluster. - Port 30201 now uses HTTPS protocol. -- CVE-2019-12112 `OJSI-199 <https://jira.onap.org/browse/OJSI-199>`_ SDNC service allows for arbitrary code execution in sla/upload form - Fixed temporarily by disabling admportal. -- `OJSI-34 <https://jira.onap.org/browse/OJSI-34>`_ Multiple SQL Injection issues in SDNC -- `OJSI-99 <https://jira.onap.org/browse/OJSI-99>`_ In default deployment SDNC (sdnc) exposes HTTP port 30202 outside of cluster. - Port 30202 is no longer used. -- `OJSI-100 <https://jira.onap.org/browse/OJSI-100>`_ In default deployment SDNC (sdnc-dgbuilder) exposes HTTP port 30203 outside of cluster. - Port 30203 now uses HTTPS protocol. -- `OJSI-179 <https://jira.onap.org/browse/OJSI-179>`_ dev-sdnc-sdnc exposes JDWP on port 1830 which allows for arbitrary code execution - Ticket has been closed as no one was able to reproduce the issue. -- `OJSI-183 <https://jira.onap.org/browse/OJSI-183>`_ SDNC exposes ssh service on port 30208 - Port 30202 is no longer used. - -*Known Security Issues* +For the complete list of `SDNC Frankfurt release epics <https://jira.onap.org/issues/?filter=12322>`_ and +`SDNC Frankfurt release user stories <https://jira.onap.org/issues/?filter=12323>`_ , please see the `ONAP Jira`_. -For CVE-2019-12132, CVE-2019-12123 and CVE-2019-12112 only temporary fix has been applied. -This fix simply prevents admportal from being started and exposed. -If admportal is to be used in your deployment, please be very cautious and remember to fix those vulnerabilities on your own. +**Bug fixes** -*Known Vulnerabilities in Used Modules* - -Quick Links: - -- `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_ -- `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_ -- `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_ - - -Version 1.5.4 -------------- -:Release Date: 2019-06-13 - - -**New Features** - -The full list of Dublin epics and user stories for SDNC maybe be found at <https://jira.onap.org/issues/?filter=11803>. - -The following list summarizes some of the most significant epics: - -+------------+----------------------------------------------------------------------------+ -| Jira # | Abstract | -+============+============================================================================+ -| [SDNC-551] | OpenDaylight Fluorine Support | -+------------+----------------------------------------------------------------------------+ -| [SDNC-564] | 5G Use Case | -+------------+----------------------------------------------------------------------------+ -| [SDNC-565] | CCVPN Use Case Extension | -+------------+----------------------------------------------------------------------------+ -| [SDNC-570] | SDN-R: Server side component | -+------------+----------------------------------------------------------------------------+ -| [SDNC-579] | SDN-R : UX-Client | -+------------+----------------------------------------------------------------------------+ -| [SDNC-631] | SDNC support for the PNF Use Case Network Assign for Plug and Play feature | -+------------+----------------------------------------------------------------------------+ - - -**Bug Fixes** -The full list of bug fixes in the SDNC Dublin release may be found at <https://jira.onap.org/issues/?filter=11805> +The full list of `bugs fixed in the SDNC Frankfurt release <https://jira.onap.org/issues/?filter=12324>`_ is maintained on the `ONAP Jira`_. **Known Issues** -The full list of known issues in SDNC may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119> -One item of note is that the SDNC admin portal was determined to have a number of security vulnerabilities, -under Known Security Issues. As a temporary remediation, the admin portal is disabled in -Dublin. It will be re-enabled in El Alto once the security issues are addressed. +The full list of `known issues in SDNC <https://jira.onap.org/issues/?filter=11119>`_ is maintained on the `ONAP Jira`_. -**Security Notes** +Deliverables +------------ -*Fixed Security Issues* +Software Deliverables +~~~~~~~~~~~~~~~~~~~~~ -- CVE-2019-12132 `OJSI-41 <https://jira.onap.org/browse/OJSI-41>`_ SDNC service allows for arbitrary code execution in sla/dgUpload form - Fixed temporarily by disabling admportal -- CVE-2019-12123 `OJSI-42 <https://jira.onap.org/browse/OJSI-42>`_ SDNC service allows for arbitrary code execution in sla/printAsXml form - Fixed temporarily by disabling admportal -- CVE-2019-12113 `OJSI-43 <https://jira.onap.org/browse/OJSI-43>`_ SDNC service allows for arbitrary code execution in sla/printAsGv form - Fixed temporarily by disabling admportal -- `OJSI-91 <https://jira.onap.org/browse/OJSI-91>`_ SDNC exposes unprotected API for user creation - Fixed temporarily by disabling admportal -- `OJSI-98 <https://jira.onap.org/browse/OJSI-98>`_ In default deployment SDNC (sdnc-portal) exposes HTTP port 30201 outside of cluster. - Fixed temporarily by disabling admportal -- CVE-2019-12112 `OJSI-199 <https://jira.onap.org/browse/OJSI-199>`_ SDNC service allows for arbitrary code execution in sla/upload form - Fixed temporarily by disabling admportal +.. _dockercontainers: -*Known Security Issues* +Docker Containers +````````````````` -- `OJSI-34 <https://jira.onap.org/browse/OJSI-34>`_ Multiple SQL Injection issues in SDNC -- `OJSI-99 <https://jira.onap.org/browse/OJSI-99>`_ In default deployment SDNC (sdnc) exposes HTTP port 30202 outside of cluster. -- `OJSI-100 <https://jira.onap.org/browse/OJSI-100>`_ In default deployment SDNC (sdnc-dgbuilder) exposes HTTP port 30203 outside of cluster. -- `OJSI-179 <https://jira.onap.org/browse/OJSI-179>`_ dev-sdnc-sdnc exposes JDWP on port 1830 which allows for arbitrary code execution -- `OJSI-183 <https://jira.onap.org/browse/OJSI-183>`_ SDNC exposes ssh service on port 30208 +The following table lists the docker containers comprising the SDNC Frankfurt +release along with the current stable Frankfurt version/tag. Each of these is +available on the ONAP nexus3 site (https://nexus3.onap.org) and can be downloaded +with the following command:: -*Known Vulnerabilities in Used Modules* + docker pull nexus3.onap.org:10001/{image-name}:{version} -Quick Links: -- `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_ -- `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_ -- `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_ +Note: users that want to use the latest in-development Frankfurt version may use the +tag 0.7-STAGING-latest to pull the latest daily Frankfurt build -Version: 1.4.4 --------------- ++--------------------------------+-----------------------------------------------------+---------+ +| Image name | Description | Version | ++================================+=====================================================+=========+ +| onap/sdnc-aaf-image | SDNC controller image, integrated with AAF for RBAC | 1.8.2 | ++--------------------------------+-----------------------------------------------------+---------+ +| onap/sdnc-ansible-server-image | Ansible server | 1.8.2 | ++--------------------------------+-----------------------------------------------------+---------+ +| onap/sdnc-dmaap-listener-image | DMaaP listener | 1.8.2 | ++--------------------------------+-----------------------------------------------------+---------+ +| onap/sdnc-image | SDNC controller image, without AAF integration | 1.8.2 | ++--------------------------------+-----------------------------------------------------+---------+ +| onap/sdnc-ueb-listener-image | SDC listener | 1.8.2 | ++--------------------------------+-----------------------------------------------------+---------+ +| onap/sdnc-web-image | Web tier (currently only used by SDN-R persona) | 1.8.2 | ++--------------------------------+-----------------------------------------------------+---------+ -**Bugs Fixes** - -The following bugs are fixed in the SDNC Casablanca January 2019 maintenance release: - -+------------+------------------------------------------------------------------------------------------+ -| Jira # | Abstract | -+============+==========================================================================================+ -| [SDNC-405] | SDNC API documentation is missing on ReadTheDocs | -+------------+------------------------------------------------------------------------------------------+ -| [SDNC-523] | vnf-information.vnf-id validation check should not be mandatory in validate-vnf-input DG | -+------------+------------------------------------------------------------------------------------------+ -| [SDNC-532] | oof query failed due to hostname change, returning unknown host | -+------------+------------------------------------------------------------------------------------------+ -| [SDNC-534] | wrong "input" field in DMaaP message template | -+------------+------------------------------------------------------------------------------------------+ -| [SDNC-536] | Upgrade zjsonpatch version to remediate vulnerabilities | -+------------+------------------------------------------------------------------------------------------+ -| [SDNC-537] | Update to spring-boot 2.1.0-RELEASE | -+------------+------------------------------------------------------------------------------------------+ -| [SDNC-540] | CCVPN closed loop testing failed. | -+------------+------------------------------------------------------------------------------------------+ -| [SDNC-542] | [PORT] Network Discovery microservice does not log | -+------------+------------------------------------------------------------------------------------------+ -| [SDNC-546] | CCVPN bugs fix for manual free integration test | -+------------+------------------------------------------------------------------------------------------+ -| [SDNC-549] | Retain MD-SAL data on pod recreate | -+------------+------------------------------------------------------------------------------------------+ - - - -Version: 1.4.3 --------------- +Documentation Deliverables +~~~~~~~~~~~~~~~~~~~~~~~~~~ -:Release Date: 2018-11-30 +* `SDN Controller for Radio user guide`_ -**New Features** +Known Limitations, Issues and Workarounds +========================================= -The Casablanca release of SDNC introduces the following new features: +System Limitations +------------------ - - Network Discovery, in support of POMBA - - Support for CCVPN use case - - Change Management enhancements +No system limitations noted. -**Bug Fixes** -The list of bugs fixed in the SDNC Casablanca release may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11544> +Known Vulnerabilities +--------------------- +Any known vulnerabilities for ONAP are tracked in the `ONAP Jira`_ in the OJSI project. Any outstanding OJSI issues that +pertain to SDNC are listed in the :ref:`secissues` section below. -**Known Issues** - -The list of known issues in the SDNC project may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119> - - -**Security Notes** - -SDNC code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The SDNC open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_. - -Quick Links: - -- `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_ -- `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_ -- `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_ -**Upgrade Notes** - NA +Workarounds +----------- -**Deprecation Notes** - NA +Not applicable. -**Other** - NA -Version: 1.3.4 +Security Notes -------------- +Fixed Security Issues +~~~~~~~~~~~~~~~~~~~~~ -:Release Date: 2018-07-06 - -**New Features** - -The full list of SDNC Beijing Epics and user stories can be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=10791>. The -following table lists the major features included in the Beijing release. - -+------------+-------------------------------------------------------------------------------------------------------------+ -| Jira # | Abstract | -+============+=============================================================================================================+ -| [SDNC-278] | Change management in-place software upgrade execution using Ansible <https://jira.onap.org/browse/SDNC-278> | -+------------+-------------------------------------------------------------------------------------------------------------+ -| [SDNC-163] | Deploy a SDN-C high availability environment - Kubernetes <https://jira.onap.org/browse/SDNC-163> | -+------------+-------------------------------------------------------------------------------------------------------------+ - - -**Bug Fixes** - -The list of bugs fixed in the SDNC Beijing release may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11118> +The following security issues have been addressed in the Frankfurt SDNC release: +* `OSJI-34 <https://jira.onap.org/browse/OJSI-34>`_ : Multiple SQL Injection issues in SDNC +* `OSJI-40 <https://jira.onap.org/browse/OJSI-40>`_ : SDNC service allows for arbitrary code execution +* `OSJI-41 <https://jira.onap.org/browse/OJSI-41>`_ : SDNC service allows for arbitrary code execution in sla/dgUpload form (CVE-2019-12132) +* `OSJI-42 <https://jira.onap.org/browse/OJSI-42>`_ : SDNC service allows for arbitrary code execution in sla/printAsXml form (CVE-2019-12123) +* `OSJI-43 <https://jira.onap.org/browse/OJSI-43>`_ : SDNC service allows for arbitrary code execution in sla/printAsGv form (CVE-2019-12113) +* `OSJI-199 <https://jira.onap.org/browse/OJSI-199>`_ : SDNC service allows for arbitrary code execution in sla/upload form (CVE-2019-12112) +* `SDNC-1145 <https://jira.onap.org/browse/SDNC-1145>`_ : Pods still run as root +* `SDNC-970 <https://jira.onap.org/browse/SDNC-970>`_ : Password removal from OOM Helm charts -**Known Issues** - -+------------+----------------------------------------------------------------------------------------------------------------------------------+ -| Jira # | Abstract | -+============+==================================================================================================================================+ -| [SDNC-324] | IPV4_ADDRESS_POOL is empty <https://jira.onap.org/browse/SDNC-324> | -+------------+----------------------------------------------------------------------------------------------------------------------------------+ -| [SDNC-321] | dgbuilder won't save DG <https://jira.onap.org/browse/SDNC-321> | -+------------+----------------------------------------------------------------------------------------------------------------------------------+ -| [SDNC-304] | SDNC OOM intermittent Healthcheck failure - JSONDecodeError - on different startup order <https://jira.onap.org/browse/SDNC-304> | -+------------+----------------------------------------------------------------------------------------------------------------------------------+ -| [SDNC-115] | VNFAPI DGs contain plugin references to software not part of ONAP <https://jira.onap.org/browse/SDNC-115> | -+------------+----------------------------------------------------------------------------------------------------------------------------------+ -| [SDNC-114] | Generic API DGs contain plugin references to software not part of ONAP <https://jira.onap.org/browse/SDNC-114> | -+------------+----------------------------------------------------------------------------------------------------------------------------------+ -| [SDNC-106] | VNFAPI DGs contain old openecomp and com.att based plugin references <https://jira.onap.org/browse/SDNC-106> | -+------------+----------------------------------------------------------------------------------------------------------------------------------+ -| [SDNC-64] | SDNC is not setting FromApp identifier in logging MDC <https://jira.onap.org/browse/SDNC-64> | -+------------+----------------------------------------------------------------------------------------------------------------------------------+ - - -**Security Notes** +.. _secissues : -SDNC code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The SDNC open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=28379582>`_. +Known Security Issues +~~~~~~~~~~~~~~~~~~~~~ -Quick Links: +There is currently one known SDNC security issue, related to the SDNC portal -- `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_ -- `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_ -- `Project Vulnerability Review Table for SDNC <https://wiki.onap.org/pages/viewpage.action?pageId=28379582>`_ +* `OJSI-91 <https://jira.onap.org/browse/OJSI-91>`_ : SDNC exposes unprotected API for user creation -**Upgrade Notes** - NA +The current implementation of the SDNC portal has a self-subscription model - so anyone can create an account by going to +the setup link. This is not appropriate for production deployment and will be fixed in a future release. +The SDNC portal is disabled in the Frankfurt helm charts and we recommend that it NOT be enabled in a production +deployment until this issue is corrected. -**Deprecation Notes** - NA - -**Other** - NA - -Version: 1.2.1 --------------- -:Release Date: 2018-01-18 -**Bug Fixes** +Test Results +============ +Not applicable -- `SDNC-145 <https://jira.onap.org/browse/SDNC-145>`_ Error message refers to wrong parameters -- `SDNC-195 <https://jira.onap.org/browse/SDNC-195>`_ UEB listener doesn't insert correct parameters for allotted resources in DB table ALLOTTED_RESOURCE_MODEL -- `SDNC-198 <https://jira.onap.org/browse/SDNC-198>`_ CSIT job fails -- `SDNC-201 <https://jira.onap.org/browse/SDNC-201>`_ Fix DG bugs from integration tests -- `SDNC-202 <https://jira.onap.org/browse/SDNC-202>`_ Search for service -data null match, set vGW LAN IP via Heat -- `SDNC-211 <https://jira.onap.org/browse/SDNC-211>`_ Update SDNC Amsterdam branch to use maintenance release versions -- `SDNC-212 <https://jira.onap.org/browse/SDNC-212>`_ Duplicate file name -Version: 1.2.0 --------------- - -:Release Date: 2017-11-16 - -**New Features** - -The ONAP Amsterdam release introduces the following changes to SDNC from -the original openECOMP seed code: - - Refactored / moved common platform code to new CCSDK project - - Refactored code to rename openecomp to onap - - Introduced new GENERIC-RESOURCE-API api, used by vCPE and VoLTE use cases - - Introduced new docker containers for SDC and DMAAP interfaces - -**Bug Fixes** - NA -**Known Issues** -The following known high priority issues are being worked and are expected to be delivered -in release 1.2.1: -- `SDNC-179 <https://jira.onap.org/browse/SDNC-179>`_ Failed to make HTTPS connection in restapicall node -- `SDNC-181 <https://jira.onap.org/browse/SDNC-181>`_ Change call to brg-wan-ip-address vbrg-wan-ip brg topo activate DG -- `SDNC-182 <https://jira.onap.org/browse/SDNC-182>`_ Fix VNI Consistency: Add vG vxlan tunnel setup and bridge domain setup to brg-topo-activate DG +References +========== -**Security Issues** - NA +For more information on the ONAP Frankfurt release, please see: -**Upgrade Notes** - NA +#. `ONAP Home Page`_ +#. `ONAP Documentation`_ +#. `ONAP Release Downloads`_ +#. `ONAP Wiki Page`_ -**Deprecation Notes** - NA -**Other** - NA +.. _`ONAP Home Page`: https://www.onap.org +.. _`ONAP Wiki Page`: https://wiki.onap.org +.. _`ONAP Documentation`: https://docs.onap.org +.. _`ONAP Release Downloads`: https://git.onap.org +.. _`ONAP Jira`: https://jira.onap.org +.. _`SDN Controller for Radio user guide`: https://docs.onap.org/en/frankfurt/submodules/ccsdk/features.git/docs/guides/onap-user/home.html |