GitBook: [#6] Added release notes and performance buckets

2025-11-02 11:47:58 +00:00 · 2021-12-02 20:34:09 +00:00
parent a6d41e2343
commit 0a2428a888
6 changed files with 181 additions and 0 deletions
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -57,3 +57,14 @@
  * [Switching](configuration-examples/device-feature-configuration-examples/switching/README.md)
    * [Port Speed](configuration-examples/device-feature-configuration-examples/switching/port-speed.md)
  * [P4](configuration-examples/device-feature-configuration-examples/p4.md)
+
+## Release Notes
+
+* [Features](release-notes/features.md)
+* [Security](release-notes/security.md)
+* [Issues](release-notes/issues.md)
+
+## Performance
+
+* [AP NOS](performance/ap-nos.md)
+* [SDK](performance/sdk.md)
--- a/performance/ap-nos.md
+++ b/performance/ap-nos.md
@@ -0,0 +1,2 @@
+# AP NOS
+
--- a/performance/sdk.md
+++ b/performance/sdk.md
@@ -0,0 +1,2 @@
+# SDK
+
--- a/release-notes/features.md
+++ b/release-notes/features.md
@@ -0,0 +1,75 @@
+# Features
+
+**Epic**
+
+[WIFI-5726](https://telecominfraproject.atlassian.net/browse/WIFI-5726) Security fixes for 2.4
+
+#### Improvement
+
+[WIFI-5998](https://telecominfraproject.atlassian.net/browse/WIFI-5998) Detect if an invalid channel is requested on 5G 40/80MHz
+
+[WIFI-5997](https://telecominfraproject.atlassian.net/browse/WIFI-5997) Make it possible to flash r2.4 on eap102 with older bootloaders
+
+[WIFI-5823](https://telecominfraproject.atlassian.net/browse/WIFI-5823) MU-MIMO setting need to be fine tuned
+
+[WIFI-5728](https://telecominfraproject.atlassian.net/browse/WIFI-5728) APNOS CSu1 Update
+
+[WIFI-5439](https://telecominfraproject.atlassian.net/browse/WIFI-5439) Enhance Maverick Stage - TIming
+
+[WIFI-4934](https://telecominfraproject.atlassian.net/browse/WIFI-4934) Coova Based External Captive Portal support in Bridge Mode
+
+[WIFI-3760](https://telecominfraproject.atlassian.net/browse/WIFI-3760) Last Resort Proxy Routing
+
+[WIFI-3758](https://telecominfraproject.atlassian.net/browse/WIFI-3758) Proxy Static Routing Test Functionality
+
+[WIFI-3628](https://telecominfraproject.atlassian.net/browse/WIFI-3628) Document ZTM Onboarding
+
+[WIFI-2675](https://telecominfraproject.atlassian.net/browse/WIFI-2675) QoS management
+
+[WIFI-1793](https://telecominfraproject.atlassian.net/browse/WIFI-1793) Scale 5,000 - 20,000 per OpenWiFi 2.0 Cloud Service - Stand alone
+
+[WIFI-1792](https://telecominfraproject.atlassian.net/browse/WIFI-1792) Extend OWLS to uCentral Device Types
+
+#### New Feature
+
+[WIFI-5797](https://telecominfraproject.atlassian.net/browse/WIFI-5797) Add support for HFCL ion4x wifi-6 (in/outdoor) SKU
+
+[WIFI-5723](https://telecominfraproject.atlassian.net/browse/WIFI-5723) Add DFS channel list to capabilities
+
+[WIFI-5703](https://telecominfraproject.atlassian.net/browse/WIFI-5703) Add ATF scheduler
+
+[WIFI-4888](https://telecominfraproject.atlassian.net/browse/WIFI-4888) Wispr AVPs for Dynamic Subscriber QoS - Traffic Shaping
+
+[WIFI-3322](https://telecominfraproject.atlassian.net/browse/WIFI-3322) ATF Dynamic Fair Queue
+
+[WIFI-2064](https://telecominfraproject.atlassian.net/browse/WIFI-2064) Implementation of Social Wi-Fi
+
+[WIFI-368](https://telecominfraproject.atlassian.net/browse/WIFI-368) OCI Container Support in AP NOS - Testing
+
+#### Sub-task
+
+[WIFI-5724](https://telecominfraproject.atlassian.net/browse/WIFI-5724) IP rate limit for sensitive endpoints
+
+[WIFI-2852](https://telecominfraproject.atlassian.net/browse/WIFI-2852) Documentation PPPoE OpenWiFi 2.0
+
+#### Task
+
+[WIFI-5772](https://telecominfraproject.atlassian.net/browse/WIFI-5772) Hardcoded RTTY access configuration \[ucentral-deploy]
+
+[WIFI-5767](https://telecominfraproject.atlassian.net/browse/WIFI-5767) Add support for CIG WF196 Wifi6E PCBA
+
+[WIFI-5727](https://telecominfraproject.atlassian.net/browse/WIFI-5727) Update UUIDGenerator to UUIDv4 \[ucentral-gw]
+
+[WIFI-5619](https://telecominfraproject.atlassian.net/browse/WIFI-5619) Exposed certificate absolute paths \[ucentral-gw]
+
+[WIFI-5618](https://telecominfraproject.atlassian.net/browse/WIFI-5618) Exposed server version \[deployment]
+
+[WIFI-5617](https://telecominfraproject.atlassian.net/browse/WIFI-5617) Exposed password hashes \[ucentral-sec]
+
+[WIFI-5616](https://telecominfraproject.atlassian.net/browse/WIFI-5616) Improper default username & password handling \[ucentral-sec]
+
+[WIFI-5615](https://telecominfraproject.atlassian.net/browse/WIFI-5615) Unsalted hash \[ucentral-sec]
+
+[WIFI-3585](https://telecominfraproject.atlassian.net/browse/WIFI-3585) Action links should be temporary and randomly generated \[ucentral-sec]
+
+[WIFI-3487](https://telecominfraproject.atlassian.net/browse/WIFI-3487) CIG - ath11k BDF files
--- a/release-notes/issues.md
+++ b/release-notes/issues.md
@@ -0,0 +1,68 @@
+# Issues
+
+[WIFI-6014](https://telecominfraproject.atlassian.net/browse/WIFI-6014) Gateway will accept any simulator input
+
+[WIFI-6013](https://telecominfraproject.atlassian.net/browse/WIFI-6013) CIG\_194C AP is going in out of RAM State and getting crashed when connecting 128 stations
+
+[WIFI-5981](https://telecominfraproject.atlassian.net/browse/WIFI-5981) GW accepts commands for unknown devices.
+
+[WIFI-5965](https://telecominfraproject.atlassian.net/browse/WIFI-5965) UI: A device with connected status on SDK central instance can not connect to console.
+
+[WIFI-5841](https://telecominfraproject.atlassian.net/browse/WIFI-5841) Country\_Code\_SOUTH\_AFRICA: Client connectivity fails for channels under U-NII-2C 5GHz band (20/40/80Mhz) (build-next-d58d87a)
+
+[WIFI-5834](https://telecominfraproject.atlassian.net/browse/WIFI-5834) UI: mismatch serial AP: post upgrade now has another new MAC address. Old entry still stay on UI
+
+[WIFI-5828](https://telecominfraproject.atlassian.net/browse/WIFI-5828) MU-MIMO is not working EAP-102
+
+[WIFI-5826](https://telecominfraproject.atlassian.net/browse/WIFI-5826) webui: Dashboard not displaying accurate associations on several places plus suggested UI issues combined
+
+[WIFI-5825](https://telecominfraproject.atlassian.net/browse/WIFI-5825) AP194C: post upgrade connected to SDK but has a mismatch serial warning /changed mac
+
+[WIFI-5795](https://telecominfraproject.atlassian.net/browse/WIFI-5795) REGDM is outdated inside qca/ax BDF files
+
+[WIFI-5794](https://telecominfraproject.atlassian.net/browse/WIFI-5794) hfcl\_ion4 CI device type is wrong
+
+[WIFI-5785](https://telecominfraproject.atlassian.net/browse/WIFI-5785) TPlink ex227/447 are using the wrong memory profile
+
+[WIFI-5782](https://telecominfraproject.atlassian.net/browse/WIFI-5782) DFS: CAC start is failing on channel 52 on EAP102 using latest image.:TIP-devel-0e0f8c6
+
+[WIFI-5780](https://telecominfraproject.atlassian.net/browse/WIFI-5780) UI:command history does not auto populate in TIP-devel-0e0f8c6 ( compared to 2.3)
+
+[WIFI-5779](https://telecominfraproject.atlassian.net/browse/WIFI-5779) EAP101 AP - UI feature- Showing as Mismatch serial
+
+[WIFI-5732](https://telecominfraproject.atlassian.net/browse/WIFI-5732) hostapd: add script foo for multiple\_bssid/ema
+
+[WIFI-5701](https://telecominfraproject.atlassian.net/browse/WIFI-5701) rate-limiting only works on 2.4GHz
+
+[WIFI-5625](https://telecominfraproject.atlassian.net/browse/WIFI-5625) Wi-Fi Scan breaks 5GHz 11ax 80MHz and 40MHz operation
+
+[WIFI-5535](https://telecominfraproject.atlassian.net/browse/WIFI-5535) Interop(Manual)captive portal:5GHz: Verify that internet access after getting successful splash page on WPA authentication-iOS--Error While Joining the SSID
+
+[WIFI-5444](https://telecominfraproject.atlassian.net/browse/WIFI-5444) Interop:Mobiles are not showing 5g ssid after getting Successfully pushed by AP
+
+[WIFI-5423](https://telecominfraproject.atlassian.net/browse/WIFI-5423) WiFi Frames in Telemetry Non Functional
+
+[WIFI-5415](https://telecominfraproject.atlassian.net/browse/WIFI-5415) Docker Compose Self-Signed Non-LB Not Deploy Functional
+
+[WIFI-5414](https://telecominfraproject.atlassian.net/browse/WIFI-5414) Interop: Iphone is not getting connected for 5g wpa2\_enterprise ssid
+
+[WIFI-5404](https://telecominfraproject.atlassian.net/browse/WIFI-5404) Interop: phones unable to select enterprise ssids in iOS
+
+[WIFI-5389](https://telecominfraproject.atlassian.net/browse/WIFI-5389) Hitting Invalid Response Code from Gateway when executing /configure
+
+[WIFI-5292](https://telecominfraproject.atlassian.net/browse/WIFI-5292) Viasat - XWF Wired Client Not getting IP/rediret
+
+[WIFI-4913](https://telecominfraproject.atlassian.net/browse/WIFI-4913) Test Failiure due to not showing WPA Enterprise VLAN 5g SSID's on the mobiles
+
+[WIFI-4387](https://telecominfraproject.atlassian.net/browse/WIFI-4387) AP in disconnected state in the UI
+
+[WIFI-4267](https://telecominfraproject.atlassian.net/browse/WIFI-4267) Radio down for 2G ssid
+
+[WIFI-3967](https://telecominfraproject.atlassian.net/browse/WIFI-3967) Interface names and MAC address not stable on CIG-194C and EX-447 on uCentral load
+
+[WIFI-3721](https://telecominfraproject.atlassian.net/browse/WIFI-3721) WIFI6 AP's - 2G radio is getting down, during test execution
+
+[WIFI-3701](https://telecominfraproject.atlassian.net/browse/WIFI-3701) Captive Portal : Captive portal is not working on WF188n (basic 5)
+
+[WIFI-3413](https://telecominfraproject.atlassian.net/browse/WIFI-3413) Why does interop test summary banner show up on non-interop marker runs
+
--- a/release-notes/security.md
+++ b/release-notes/security.md
@@ -0,0 +1,23 @@
+# Security
+
+The following list of major security enhancements have been implemented within the 2.4 release:
+
+
+
+| **Issue**                                                                             | **Description**                                                                                                                      | **Resolution**                                                                                   |
+| ------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------ |
+| [WIFI-3585](https://telecominfraproject.atlassian.net/browse/WIFI-3585)               | Password reset and email verification procedures can be exploited by an adversary that acquired a user ID                            | Hardened action link generation with UUIDs                                                       |
+| [WIFI-6011](https://telecominfraproject.atlassian.net/browse/WIFI-6011)               | Cloud services do not log sensitive events occurred during runtime                                                                   | Implemented security logs to collect evidence that can help with incident investigation          |
+| [WIFI-5615](https://telecominfraproject.atlassian.net/browse/WIFI-5615)               | Weak password hash computation is vulnerable to rainbow table attacks                                                                | Hardened password hash computation with salting                                                  |
+| [WIFI-5616](https://telecominfraproject.atlassian.net/browse/WIFI-5616)               | Hardcoded default password is vulnerable to password guessing attacks                                                                | Implemented password change procedure on first login and replaced hardcoded password with a hash |
+| [WIFI-5617](https://telecominfraproject.atlassian.net/browse/WIFI-5617)               | Some API responses leak user secrets by revealing password hashes                                                                    | Removed password hashes from API responses                                                       |
+| [WIFI-5618](https://telecominfraproject.atlassian.net/browse/WIFI-5618)               | Some API responses reveal server version which can be leveraged by an adversary to compromise it using exploits                      | Removed server version from API responses                                                        |
+| [WIFI-5619](https://telecominfraproject.atlassian.net/browse/WIFI-5619)               | API ‘system’ command leak internal file tree by revealing absolute paths of certificate files                                        | Replaced absolute paths of certificates with file names                                          |
+| [WIFI-5724](https://telecominfraproject.atlassian.net/browse/WIFI-5724)               | Cloud services are vulnerable to black box exploitation attempts, brute forcing, credential stuffing and DDoS                        | Implemented IP-based rate limit for API endpoints                                                |
+| [WIFI-5727](https://telecominfraproject.atlassian.net/browse/WIFI-5727)               | Weak UUID generation with reduced entropy                                                                                            | Hardened UUID by increasing entropy                                                              |
+| [WIFI-5772](https://telecominfraproject.atlassian.net/browse/WIFI-5772?src=confmacro) | RTTY-enabled APs can be overtaken by an adversary accessing RTTYS dedicated management interface using default hardcoded credentials | Hardened RTTYS access by randomizing default credentials at deployment                           |
+
+### Major known security issues <a href="#major-known-security-issues" id="major-known-security-issues"></a>
+
+* [WIFI-5770](https://telecominfraproject.atlassian.net/browse/WIFI-5770) - RTTYS version used has security flaws which are to be resolved in next releases
+