From 9c30b58863e0a9280ec28667611cb3fd6a28855b Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Mon, 27 May 2019 21:03:37 +0200 Subject: Improve security release notes In order to provide users with more details of project's state in terms of security let's divide the security release notes into three sections: - Fixed Security Issues Contains a list of security fixes merged during this release (especially those reported via OJSI tickets). - Known Security Issues Contains a list of vulnerabilities detected in project during release which have not been fixed yet and thus should be mitigated by the user. - Known Vulnerabilities in Used Modules Contains information about NexusIQ scan results Issue-ID: SECCOM-238 Signed-off-by: Krzysztof Opasiak Change-Id: I7699ddf404ff08d793e7f1897b4bb2218fc52e0a --- docs/release-notes.rst | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'docs/release-notes.rst') diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 9f2e69c57..3ae6aceb2 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -17,6 +17,13 @@ New Features .. _VID-246: /browse/VID-246 .. _VID-397: /browse/VID-397 +**Security Notes** + +*Fixed Security Issues* + +*Known Security Issues* + +*Known Vulnerabilities in Used Modules* Version: 3.2.3 -------------- @@ -195,7 +202,7 @@ New Features - [`VID-201`_] - User inteface for invoking upgrade workflow - [`VID-202`_] - Verify R1 and R2 features - integration and regression tests - [`VID-216`_] - Update ReadTheDocs docs folder - + .. _VID-16: https://jira.onap.org/browse/VID-16 .. _VID-86: https://jira.onap.org/browse/VID-86 .. _VID-102: https://jira.onap.org/browse/VID-102 -- cgit 1.2.3-korg From a02b0dacc2d3b9ba8c2af9a621dfe83c6afc6b7b Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Mon, 27 May 2019 21:40:36 +0200 Subject: Document OJSI-119 vulnerability Issue-ID: OJSI-119 Signed-off-by: Krzysztof Opasiak Change-Id: I0d92cbe38fd89aaa3fe38f3f45367480f9e40754 --- docs/release-notes.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/release-notes.rst') diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 3ae6aceb2..d85188e6e 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -23,6 +23,8 @@ New Features *Known Security Issues* +- In default deployment VID (vid) exposes HTTP port 30238 outside of cluster. [`OJSI-119 `_] + *Known Vulnerabilities in Used Modules* Version: 3.2.3 -- cgit 1.2.3-korg