diff options
| author |   Timoney, Dan (dt5972) <dtimoney@att.com> | 2019-10-21 10:17:28 -0400 |
|---|---|---|
| committer | Dan Timoney <dtimoney@att.com> | 2019-10-22 14:44:49 +0000 |
| commit | 7072c175934cd5755ab7b5a9a101d3c7ac7d7d47 (patch) | |
| tree | d84ea89d56d943e61b26d5f17d273b3a78b4bf73 /docs/release-notes.rst | |
| parent | c39c8f81cba4633015d6270440a6cd4776bb0a24 (diff) | |
Fix async logic
Fix bug in vnf-topology and vf-module-topology DGs to call
correct async DG (right now, not calling async DG).
Change-Id: Ifdf9dd24145804af765ba2e4ac87001af0b6f283
Issue-ID: SDNC-949
Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
Former-commit-id: 464d663e89bb84963a55fef59ac35d3b10863334
Diffstat (limited to 'docs/release-notes.rst')
| -rw-r--r-- | docs/release-notes.rst | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 5e56c6e7..9bfac300 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -3,6 +3,117 @@ Release Notes ============= +Version 1.7.4 +------------- +:Release Date: 2019-10-24 + +El Alto release + +**Artifact Versions** + + +The following table lists the SDNC docker containers and their versions. + ++--------------------------------+---------------------------------------------+-----------+ +| Image name | Description | Version(s)| ++================================+=============================================+===========+ +| onap/network-discovery | POMBA : network discovery microservice | 1.7.3 | ++--------------------------------+---------------------------------------------+-----------+ +| onap/service-decomposition | POMBA : service decomposition microservice | 1.7.3 | ++--------------------------------+---------------------------------------------+-----------+ +| onap/sdnc-ansible-server-image | Ansible server | 1.7.4 | ++--------------------------------+---------------------------------------------+-----------+ +| onap/sdnc-aaf-image | SDNC controller image, with AAF integration | 1.7.4 | ++--------------------------------+---------------------------------------------+-----------+ +| onap/sdnc-image | SDNC controller image, standalone (no AAF) | 1.7.4 | ++--------------------------------+---------------------------------------------+-----------+ +| onap/sdnc-ueb-listener-image | SDC listener | 1.7.4 | ++--------------------------------+---------------------------------------------+-----------+ +| onap/sdcn-dmaap-listener-image | DMAAP listener | 1.7.4 | ++--------------------------------+---------------------------------------------+-----------+ + + +**New Features** + +The full list of El Alto epics and user stories for SDNC may be found at <https://jira.onap.org/issues/?filter=12044>. + +The following list summarizes some of the most significant epics: + ++------------+-------------------------------------------------------------------------------------+ +| Jira # | Abstract | ++============+=====================================================================================+ +| [SDNC-825] | OpenDaylight Neon upgrade | ++------------+-------------------------------------------------------------------------------------+ +| [SDNC-858] | Tune OpenDaylight Java settings for NETCONF | ++------------+-------------------------------------------------------------------------------------+ +| [SDNC-822] | Add aggregate-route-policy in GR-API and async changes | ++------------+-------------------------------------------------------------------------------------+ +| [SDNC-431] | Implement config DB and REST API | ++------------+-------------------------------------------------------------------------------------+ +| [SDNC-433] | Receive netconf notification from RAN, update config DB and publish change on DMAAP | ++------------+-------------------------------------------------------------------------------------+ + + + +**Bug Fixes** +The full list of bug fixes in the SDNC El Alto release may be found at <https://jira.onap.org/issues/?filter=12045> + +**Known Issues** +The full list of known issues in SDNC may be found in the ONAP Jira at <https://jira.onap.org/issues/?filter=11119> + +One specific issue of concern is the following + ++------------+---------------------------------------------------------------------------------+ +| Jira # | Abstract | ++============+=================================================================================+ +| [SDNC-949] | GR-API Macro Orchestration fails while waiting on vnf-topology-operation status | ++------------+---------------------------------------------------------------------------------+ + +This issue is fixed in Gerrit, but not in the released 1.7.4 version of the SDNC docker container. This issue +can be manually fixed by installing the following 2 directed graphs via directed graph builder: + +- `GENERIC-RESOURCE-API_vf-module-topology-operation.json +<https://gerrit.onap.org/r/gitweb?p=sdnc/oam.git;a=blob_plain;f=platform-logic/generic-resource-api/src/main/json/GENERIC-RESOURCE-API_vf-module-topology-operation.json;hb=refs/heads/elalto>`_ +- `GENERIC-RESOURCE-API_vnf-topology-operation.json +<https://gerrit.onap.org/r/gitweb?p=sdnc/oam.git;a=blob_plain;f=platform-logic/generic-resource-api/src/main/json/GENERIC-RESOURCE-API_vnf-topology-operation.json;hb=refs/heads/elalto>`_ + + + +One item of note is that the SDNC admin portal was determined to have a number of security vulnerabilities, +under Known Security Issues. As a temporary remediation, the admin portal was disabled in +Dublin. These issues have been resolved in El Alto. + + + +**Security Notes** + +*Fixed Security Issues* + +- CVE-2019-12132 `OJSI-41 <https://jira.onap.org/browse/OJSI-41>`_ SDNC service allows for arbitrary code execution in sla/dgUpload form +- CVE-2019-12123 `OJSI-42 <https://jira.onap.org/browse/OJSI-42>`_ SDNC service allows for arbitrary code execution in sla/printAsXml form +- CVE-2019-12113 `OJSI-43 <https://jira.onap.org/browse/OJSI-43>`_ SDNC service allows for arbitrary code execution in sla/printAsGv form +- `OJSI-91 <https://jira.onap.org/browse/OJSI-91>`_ SDNC exposes unprotected API for user creation +- `OJSI-98 <https://jira.onap.org/browse/OJSI-98>`_ In default deployment SDNC (sdnc-portal) exposes HTTP port 30201 outside of cluster. +- CVE-2019-12112 `OJSI-199 <https://jira.onap.org/browse/OJSI-199>`_ SDNC service allows for arbitrary code execution in sla/upload form +- `OJSI-34 <https://jira.onap.org/browse/OJSI-34>`_ Multiple SQL Injection issues in SDNC +- `OJSI-99 <https://jira.onap.org/browse/OJSI-99>`_ In default deployment SDNC (sdnc) exposes HTTP port 30202 outside of cluster. +- `OJSI-100 <https://jira.onap.org/browse/OJSI-100>`_ In default deployment SDNC (sdnc-dgbuilder) exposes HTTP port 30203 outside of cluster. +- `OJSI-179 <https://jira.onap.org/browse/OJSI-179>`_ dev-sdnc-sdnc exposes JDWP on port 1830 which allows for arbitrary code execution +- `OJSI-183 <https://jira.onap.org/browse/OJSI-183>`_ SDNC exposes ssh service on port 30208 + +*Known Security Issues* + + + +*Known Vulnerabilities in Used Modules* + +Quick Links: + +- `SDNC project page <https://wiki.onap.org/display/DW/Software+Defined+Network+Controller+Project>`_ +- `Passing Badge information for SDNC <https://bestpractices.coreinfrastructure.org/en/projects/1703>`_ +- `Project Vulnerability Review Table for Casablanca Release <https://wiki.onap.org/pages/viewpage.action?pageId=45307811>`_ + + Version 1.5.4 ------------- :Release Date: 2019-06-13 |