Fixing RO Security Vulnerabilities

[osm/RO.git] / releasenotes / notes / Fixing_security_vulnerabilities-bdca2f49083e5b6d.yaml

diff --git a/releasenotes/notes/Fixing_security_vulnerabilities-bdca2f49083e5b6d.yaml b/releasenotes/notes/Fixing_security_vulnerabilities-bdca2f49083e5b6d.yaml
new file mode 100644 (file)
index 0000000..56944c3
--- /dev/null
+++ b/releasenotes/notes/Fixing_security_vulnerabilities-bdca2f49083e5b6d.yaml
@@ -0,0 +1,22 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+---
+security:
+  - |
+    Fixing following RO security vulnerabilities. Improper Certificate Validation, jinja2 sets autoescape to False,
+    disabling SSL certificate checks, use of unsafe yaml load, try-except-pass detected, use of assert detected.
+