blob: 6f1bbc4f295ed317819f2f2e1b761329985f7544 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
.. This work is licensed under a Creative Commons Attribution 4.0
International License.
.. http://creativecommons.org/licenses/by/4.0
.. (c) ONAP Project and its contributors
******************
SDNC Release Notes
******************
Abstract
========
This document provides the release notes for the Frankfurt release of the Software Defined
Network Controller (SDNC)
Summary
=======
The Frankfurt release of SDNC introduces new functionality to support PNFs (Physical Network Functions), extends support
for Netconf/TLS to support CMPv2, and adds support for the Multi Domain Optical Network Service use case.
Release Data
============
+-------------------------+-------------------------------------------+
| **Project** | SDNC |
| | |
+-------------------------+-------------------------------------------+
| **Docker images** | See :ref:`dockercontainers` section below |
+-------------------------+-------------------------------------------+
| **Release designation** | Frankfurt |
| | |
+-------------------------+-------------------------------------------+
| **Release date** | 06/04/2020 |
| | |
+-------------------------+-------------------------------------------+
New features
------------
The SDNC Frankfurt release includes the following features:
* ORAN-compliant A1 adaptor (Jira `SDNC-965 <https://jira.onap.org/browse/SDNC-965>`_)
* Multi-Domain Optical Service (Jira `SDNC-928 <https://jira.onap.org/browse/SDNC-928>`_)
* Python 2 -> Python 3 migration (Jira `SDNC-967 <https://jira.onap.org/browse/SDNC-967>`_)
* Upgrade to new Policy lifecycle API (Jira `SDNC-968 <https://jira.onap.org/browse/SDNC-968>`_)
For the complete list of `SDNC Frankfurt release epics <https://jira.onap.org/issues/?filter=12322>`_ and
`SDNC Frankfurt release user stories <https://jira.onap.org/issues/?filter=12323>`_ , please see the `ONAP Jira`_.
**Bug fixes**
The full list of `bugs fixed in the SDNC Frankfurt release <https://jira.onap.org/issues/?filter=12324>`_ is maintained on the `ONAP Jira`_.
**Known Issues**
The full list of `known issues in SDNC <https://jira.onap.org/issues/?filter=11119>`_ is maintained on the `ONAP Jira`_.
Deliverables
------------
Software Deliverables
~~~~~~~~~~~~~~~~~~~~~
.. _dockercontainers:
Docker Containers
`````````````````
The following table lists the docker containers comprising the SDNC Frankfurt
release along with the current stable Frankfurt version/tag. Each of these is
available on the ONAP nexus3 site (https://nexus3.onap.org) and can be downloaded
with the following command::
docker pull nexus3.onap.org:10001/{image-name}:{version}
Note: users that want to use the latest in-development Frankfurt version may use the
tag 0.7-STAGING-latest to pull the latest daily Frankfurt build
+--------------------------------+-----------------------------------------------------+---------+
| Image name | Description | Version |
+================================+=====================================================+=========+
| onap/sdnc-aaf-image | SDNC controller image, integrated with AAF for RBAC | 1.8.3 |
+--------------------------------+-----------------------------------------------------+---------+
| onap/sdnc-ansible-server-image | Ansible server | 1.8.3 |
+--------------------------------+-----------------------------------------------------+---------+
| onap/sdnc-dmaap-listener-image | DMaaP listener | 1.8.3 |
+--------------------------------+-----------------------------------------------------+---------+
| onap/sdnc-image | SDNC controller image, without AAF integration | 1.8.3 |
+--------------------------------+-----------------------------------------------------+---------+
| onap/sdnc-ueb-listener-image | SDC listener | 1.8.3 |
+--------------------------------+-----------------------------------------------------+---------+
| onap/sdnc-web-image | Web tier (currently only used by SDN-R persona) | 1.8.3 |
+--------------------------------+-----------------------------------------------------+---------+
Documentation Deliverables
~~~~~~~~~~~~~~~~~~~~~~~~~~
* `SDN Controller for Radio user guide`_
Known Limitations, Issues and Workarounds
=========================================
System Limitations
------------------
No system limitations noted.
Known Vulnerabilities
---------------------
Any known vulnerabilities for ONAP are tracked in the `ONAP Jira`_ in the OJSI project. Any outstanding OJSI issues that
pertain to SDNC are listed in the :ref:`secissues` section below.
Workarounds
-----------
Not applicable.
Security Notes
--------------
Fixed Security Issues
~~~~~~~~~~~~~~~~~~~~~
The following security issues have been addressed in the Frankfurt SDNC release:
* `OSJI-34 <https://jira.onap.org/browse/OJSI-34>`_ : Multiple SQL Injection issues in SDNC
* `OSJI-40 <https://jira.onap.org/browse/OJSI-40>`_ : SDNC service allows for arbitrary code execution
* `OSJI-41 <https://jira.onap.org/browse/OJSI-41>`_ : SDNC service allows for arbitrary code execution in sla/dgUpload form (CVE-2019-12132)
* `OSJI-42 <https://jira.onap.org/browse/OJSI-42>`_ : SDNC service allows for arbitrary code execution in sla/printAsXml form (CVE-2019-12123)
* `OSJI-43 <https://jira.onap.org/browse/OJSI-43>`_ : SDNC service allows for arbitrary code execution in sla/printAsGv form (CVE-2019-12113)
* `OSJI-199 <https://jira.onap.org/browse/OJSI-199>`_ : SDNC service allows for arbitrary code execution in sla/upload form (CVE-2019-12112)
* `SDNC-1145 <https://jira.onap.org/browse/SDNC-1145>`_ : Pods still run as root
* `SDNC-970 <https://jira.onap.org/browse/SDNC-970>`_ : Password removal from OOM Helm charts
.. _secissues :
Known Security Issues
~~~~~~~~~~~~~~~~~~~~~
There is currently one known SDNC security issue, related to the SDNC portal
* `OJSI-91 <https://jira.onap.org/browse/OJSI-91>`_ : SDNC exposes unprotected API for user creation
The current implementation of the SDNC portal has a self-subscription model - so anyone can create an account by going to
the setup link. This is not appropriate for production deployment and will be fixed in a future release.
The SDNC portal is disabled in the Frankfurt helm charts and we recommend that it NOT be enabled in a production
deployment until this issue is corrected.
Test Results
============
Not applicable
References
==========
For more information on the ONAP Frankfurt release, please see:
#. `ONAP Home Page`_
#. `ONAP Documentation`_
#. `ONAP Release Downloads`_
#. `ONAP Wiki Page`_
.. _`ONAP Home Page`: https://www.onap.org
.. _`ONAP Wiki Page`: https://wiki.onap.org
.. _`ONAP Documentation`: https://docs.onap.org
.. _`ONAP Release Downloads`: https://git.onap.org
.. _`ONAP Jira`: https://jira.onap.org
.. _`SDN Controller for Radio user guide`: https://docs.onap.org/en/frankfurt/submodules/ccsdk/features.git/docs/guides/onap-user/home.html
|