.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2019-2021 Huawei Technologies Co., Ltd.
Release Notes¶
EdgeGallery Introduction¶
EdgeGallery is a 5G MEC open source edge computing platform. It is an end-to-end solution for application and application developers. For APP applications, in addition to the basic MEP platform that supports application operations, it also provides an APP application management system (MEC Manager). , A minimalist management surface, including some functions of MEPM and MEAO), can perform end-to-end lifecycle management of applications, provide a tool chain for the migration of X86 applications to ARM, and support smooth cross-platform migration and tuning of applications. For application developers, it provides a complete application development IDE environment and integrated verification environment, and provides a one-stop development experience for application developers
Version: v1.3.0¶
Release Date: 2021-10-12
Image Version: v1.3.0
List of new open source repositories
None
Requirements/Release Plan Detailed Description
Open Ability
Improved profile management of southbound IoT devices
Stream analyzers such as Kuiper and Flink are integrated on the edge to clean the data: such as shaping and formatting and reporting to the big data system. It can also be uploaded to the public cloud through the cloud edge interface for further data calculations, such as machine learning.. etc.
Integrate industry IoT protocol stacks such as Fledge, EdgeX, KubeEdge and other open source components to achieve typical protocol support such as MQTT and OPCUA
Support big data platform access, support standardized industrial platform configuration.. etc.
Large application transmission experience optimization
Increased efficiency of large package production: support for secondary large package production, virtual machine mirroring is reduced by 60% and application package production time is reduced by 3-4 hours.
Appstore supports fragmented download. MEAO can transfer application packages through fragmented download and upload mechanisms to improve the stability of application transmission
Community Lab Enhancement
ATP ability to automate testing capabilities enhanced
Enhanced security testing, including virus, port and vulnerability scanning, as well as performance testing such as delay
Add application enablement test, including service registration, update, offline and other indicator tests
Support test case flexible and definable use case parameter configuration
The interface is fully optimized and upgraded to enhance the user experience
The interfaces of Developer, AppStore, MECM and Edge Autonomous Platform are fully optimized and the interface style is unified, which comprehensively enhances the user experience
Edge autonomous interface adds user management functions
Developer platform adds” “unified interface components” “to help developers quickly participate in EdgeGallery community development
MECM platform increases the display of node resources and application resources
developer background
Add application package signature function
Add container image management function
Increase the virtual machine mirroring slimming function, automatically slimming for uploading mirroring and generated mirroring, and reducing the size of the mirroring by 60%
appstore background
Add APPD conversion function
MEP fully implements the ETSI interface specification
Edge AI capabilities are fully optimized
Integrate Tensorflow Lite, MindSpore Lite, enhance EdgeGallery AI related framework capabilities
Security enhancement
The access frequency limit is added to all traffic. Access will be prohibited if the access frequency reaches the limit for a short time, which greatly reduces the risk of DOS attacks and brute force cracking.
other
Application Innovation: Complete 130+ application integration and land 25+ innovation bases
Experience optimization: AppStore, Developer, [MECM](https://47.243. 125.138:30093/) All platform interfaces are fully upgraded and optimized
1.4 feature preview
Use wasmEdge for AI capabilities to significantly slim down and customize optimization
E2E edge application self-service ordering and development integration optimization
Self-service enhancement of edge autonomous system
Support enterprise users to view resource usage, application operation and UPF network connection status
Bug Fixes
See EdgeGallery v1.2.0 Test Report
Security Notes
Fixed/Known Security Issues
See [EdgeGallery v1.3.0 Security Test Report](https://gitee.com/edgegallery/community/blob/master/Security%20WG/Security%20Test%20Result/Test%20result%20Release%20V1.3/EG%20v1 .3%20Security%20 Test%20Report.md)
Known Vulnerabilities in Used Modules
See [EdgeGallery v1.3.0 Security Test Report](https://gitee.com/edgegallery/community/blob/master/Security%20WG/Security%20Test%20Result/Test%20result%20Release%20V1.3/EG%20v1 .3%20Security%20 Test%20Report.md)
The following vulnerabilities in the third-party open source components of EdgeGallery v1.2.0 have to be fixed by users:
User-mgmt
Component |
Version |
CVE |
---|---|---|
vertx-core |
3.9.4 |
CVE-2019-17640 |
foundation-ssl |
1.3.2 |
CVE-2004-0009 CVE-2021-21501 |
mybatis-spring |
2.0.6 |
CVE-2020-26945 |
mybatis-spring-boot-starter |
2.2.0 |
CVE-2020-26945 |
spring-core |
5.2.8.RELEASE |
CVE-2021-22118 |
spring-security-core |
5.3.10.RELEASE |
CVE-2018-1258 |
spring-security-core |
5.3.8.RELEASE |
CVE-2018-1258 |
tomcat-embed-core |
9.0.44 |
CVE-2021-30639 |
Appstore
Component |
Version |
CVE |
---|---|---|
log4j |
1.2.17 |
CVE-2019-17571 |
netty-transport |
4.1.36.Final |
CVE-2019-20444 CVE-2019-20445 CVE-2019-16869 CVE-2020-11612 |
vertx-core |
3.9.4 |
CVE-2019-17640 |
docker-java-core |
3.2.10 |
CVE-2019-13139 CVE-2019-13509 CVE-2019-16884 CVE-2019-5736 |
foundation-ssl |
1.3.2 |
CVE-2004-0009 CVE-2021-21501 |
mybatis-spring |
2.0.6 |
CVE-2020-26945 |
mybatis-spring-boot-starter |
2.2.0 |
CVE-2020-26945 |
spring-jdbc |
5.1.8.RELEASE |
CVE-2020-5398 |
spring-security-core |
5.1.5.RELEASE |
CVE-2018-1258 |
Developer
Component |
Version |
CVE |
---|---|---|
netty-transport |
4.1.36.Final |
CVE-2019-20444 CVE-2019-20445 CVE-2019-16869 CVE-2020-11612 |
vertx-core |
3.9.4 |
CVE-2019-17640 |
swagger-codegen-cli |
3.0.21 |
CVE-2018-8088 CVE-2016-6199 CVE-2019-15052 CVE-2020-25649 CVE-2019-10086 CVE-2017-1000207 CVE-2017-1000208 CVE-2017-18640 CVE-2020-11979 CVE-2021-29428 |
commons-compress |
1.19 |
CVE-2021-35515 CVE-2021-35516 CVE-2021-35517 CVE-2021-36090 |
docker-java-core |
3.2.10 |
CVE-2019-13139 CVE-2019-13509 CVE-2019-16884 CVE-2019-5736 |
foundation-ssl |
1.3.2 |
CVE-2004-0009 CVE-2021-21501 |
mybatis-spring |
2.0.6 |
CVE-2020-26945 |
mybatis-spring-boot-starter |
2.2.0 |
CVE-2020-26945 |
sprint-jdbc |
5.2.8.RELEASE |
CVE-2021-22118 |
spring-security-core |
5.3.10.RELEASE |
CVE-2018-1258 |
tomcat-embed-core |
9.0.44 |
CVE-2021-30639 |
MECM
Component |
Version |
CVE |
---|---|---|
bcprov-jdk15on-1.56.jar |
1.56 |
CVE-2018-1000613 CVE-2018-1000180 |
netty-transport |
4.1.36.Final |
CVE-2019-20444 CVE-2019-20445 CVE-2019-16869 CVE-2020-11612 |
log4j |
1.2.17 |
CVE-2019-17571 |
vertx-core |
3.6.3 |
CVE-2019-17640 |
foundation-ssl |
1.3.0 |
CVE-2004-0009 |
hibernate-core |
5.3.10.Final |
CVE-2020-25638 |
netty-transport |
4.1.36.Final |
CVE-2019-20444 CVE-2019-20445 CVE-2019-16869 CVE-2020-11612 |
spring-security-core |
5.3.8.RELEASE |
CVE-2018-1258 |
spring-tx |
5.1.8.RELEASE |
CVE-2020-5398 |
tomcat-embed-core |
9.0.21 |
CVE-2020-1938 CVE-2019-12418 CVE-2019-17563 CVE-2020-11996 CVE-2020-13934 CVE-2020-13935 CVE-2020-17527 CVE-2020-8022 CVE-2020-9484 CVE-2021-25122 CVE-2021-25329 |
jackson-databind |
2.9.9 |
CVE-2019-14379 CVE-2019-14540 CVE-2019-14892 CVE-2019-14893 CVE-2019-16335 CVE-2019-16942 CVE-2019-16943 CVE-2019-17267 CVE-2019-17531 CVE-2019-20330 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2019-14439 CVE-2020-10672 CVE-2020-10673 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11619 CVE-2020-11620 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-24616 CVE-2020-24750 CVE-2020-25649 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2020-36190 |
mybatis |
3.4.4 |
CVE-2020-26945 |
ATP
Component |
Version |
CVE |
---|---|---|
netty-transport |
4.1.36.Final |
CVE-2019-20444 CVE-2019-20445 CVE-2019-16869 CVE-2020-11612 |
vertx-core |
3.9.4 |
CVE-2019-17640 |
commons-compress |
1.19 |
CVE-2021-35515 CVE-2021-35516 CVE-2021-35517 CVE-2021-36090 |
foundation-ssl |
1.3.2 |
CVE-2004-0009 CVE-2021-21501 |
mybatis-spring |
2.0.6 |
CVE-2020-26945 |
mybatis-spring-boot-starter |
2.2.0 |
CVE-2020-26945 |
spring-core |
5.1.8.RELEASE |
CVE-2020-5398 |
spring-security-core |
5.1.5.RELEASE |
CVE-2018-1258 CVE-2021-22112 CVE-2018-1258 CVE-2021-22112 |
tomcat-embed-core |
9.0.44 |
CVE-2021-30639 |
MEP
Component |
Version |
CVE |
---|---|---|
golang.org/x/net |
v0.0.0-20200301022130 |
CVE-2021-33194 |
Version: v1.2.0¶
Release Date: 2021-07-07
Image Version: v1.2.0
List of new open source repositories
Module |
name |
type |
URL |
illustrate |
---|---|---|---|---|
Installer |
installer |
Configuration Warehouse |
https://gitee.com/edgegallery/installer |
EdgeGallery offline package production and offline installation, online installation, docker compose installation script |
filesystem |
filesystem |
Product warehouse |
https://gitee.com/edgegallery/file-system |
Application image management service in EdgeGallery platform |
New Features
Requirements/Release Plan Detailed Description
Open Ability
AI software and hardware capabilities
Supports Ascend/Atlas hardware and open API: Supports Ascend 20+ open capabilities, including image restoration, target positioning, super-resolution image algorithms, etc.
AI face change, OCR, smart shelf, gesture recognition, etc.
Industry Suite Support industry combination capabilities
PCB quality inspection: provide sample applications for openness and PCB board quality inspection
Industrial site southbound equipment management communication: provide Fledge-based industrial southbound equipment management solutions and deployment scripts
Video conference, online classroom: provide video open source sample applications
-
User management module adds dynamic verification code verification function to solve security vulnerabilities such as malicious registration and email bombing
During application commissioning, VNC remotely logs in to the sandbox environment to set up non-root user operations and restrict access rights
-
Developer, AppStore and MECM platform add administrator operation interface
AppStore platform provides application online experience function
The whole process supports the rapid integration, testing and release of virtual machine applications, and the MECM platform supports the distribution and deployment of virtual machine applications
Enhanced virtual machine application integration capabilities, supporting virtual machine specification configuration, network configuration and environment variable configuration
Add image file management service to solve the problem of image file sharing between EdgeGallery central node modules
Provide edge autonomous management interface and edge node health check function
Full module supports data persistence capability
-
Provide offline deployment scripts and offline installation packages based on Ansible, support users to customize on-demand deployment
The IaaS layer provides two deployment methods, k8s and k3s
Each sub-module of EdgeGallery supports separate deployment and uninstallation
Support data persistence function based on k8s NFS
Support the deployment of EdgeGallery sub-modules in docker-compose mode (not dependent on k8s/k3s)
[PoC] Support Raspberry Pi deployment
other
Application Innovation: Complete 130+ application integration and land 25+ innovation bases
Experience optimization: AppStore, Developer, [MECM](https://47.243. 125.138:30093/) All platform interfaces are fully upgraded and optimized
Bug Fixes
See EdgeGallery v1.2.0 Test Report
Total number of defects: 267 (including 34 security defects), number of resolved: 265; 16 unresolved bugs (including 16 known issues, left to be resolved in the next version)
Analysis by defect type: 35 security bugs; 246 other bugs.
Analyzed by defect severity level: 31 serious bugs; 70 major bugs; 129 minor bugs; 9 unimportant bugs; 42 are not specified.
Analysis by demand point
Defect convergence analysis: a total of 281 bugs (including 14 invalid bugs; including safety bug 34); iteration 1 39 bugs (including 3 invalid bugs); iteration 2 65 bugs (including 5 invalid bugs); iteration Three 143 bugs (including 4 invalid bugs); 34 bugs (including 2 n
Security Notes
See [EdgeGallery v1.2.0 Security Test Report](https://gitee.com/edgegallery/community/blob/master/Security%20WG/Security%20Test%20Result/Test%20result%20Release%20V1.2/EG%20v1 .2%20Security%20Test%20Report.md)
Fixed/Known Security Issues
other |
Issue Title |
other |
other |
---|---|---|---|
1 |
It has been fixed |
main |
|
2 |
[User-mgmt][Security] There are no log files in the usr/app/log directory in the user-mgmt pod |
other |
main |
3 |
[Developer][Security] There is no log file in the usr/app/log directory in developer-be |
It has been fixed |
main |
4 |
[User-mgmt][Security] Logging sensitive information (ssoSessionId) |
It has been fixed |
main |
5 |
It has been fixed |
main |
|
6 |
[Atp][Security] User contribution test case function has replay attack vulnerability |
It has been fixed |
main |
7 |
It has been fixed |
main |
|
8 |
[Atp][Security] atp test in appstore->community scenario->security test case execution failed |
It has been fixed |
main |
9 |
It has been fixed |
main |
Known Vulnerabilities in Used Modules
The following vulnerabilities in the third-party open source components of EdgeGallery v1.2.0 have to be fixed by users:
User-mgmt
Component |
Version |
CVE |
---|---|---|
vertx-core |
3.9.4 |
CVE-2019-17640 |
foundation-ssl |
1.3.0 |
CVE-2004-0009 |
mybatis-spring |
2.0.6 |
CVE-2020-26945 |
mybatis-spring-boot-starter |
2.1.4 |
CVE-2020-26945 |
spring-security-core |
5.3.8.RELEASE |
CVE-2018-1258 |
Appstore
Component |
Version |
CVE |
---|---|---|
log4j |
1.2.17 |
CVE-2019-17571 |
netty-transport |
4.1.36.Final |
CVE-2019-20444 CVE-2019-20445 CVE-2019-16869 CVE-2020-11612 |
vertx-core |
3.9.4 |
CVE-2019-17640 |
docker-java-core |
3.2.7 |
CVE-2019-13139 CVE-2019-13509 CVE-2019-16884 CVE-2019-5736 |
foundation-ssl |
1.3.0 |
CVE-2004-0009 |
mybatis-spring |
2.0.6 |
CVE-2020-26945 |
mybatis-spring-boot-starter |
2.1.4 |
CVE-2020-26945 |
spring-jdbc |
5.1.8.RELEASE |
CVE-2020-5398 |
spring-security-core |
5.1.5.RELEASE |
CVE-2018-1258 |
Developer
Component |
Version |
CVE |
---|---|---|
netty-transport |
4.1.36.Final |
CVE-2019-20444 CVE-2019-20445 CVE-2019-16869 CVE-2020-11612 |
vertx-core |
3.9.4 |
CVE-2019-17640 |
swagger-codegen-cli |
3.0.21 |
CVE-2018-8088 CVE-2016-6199 CVE-2019-15052 CVE-2020-25649 CVE-2019-10086 CVE-2017-1000207 CVE-2017-1000208 CVE-2017-18640 CVE-2020-11979 CVE-2021-29428 |
docker-java-core |
3.2.7 |
CVE-2019-13139 CVE-2019-13509 CVE-2019-16884 CVE-2019-5736 |
foundation-ssl |
1.3.0 |
CVE-2004-0009 |
mybatis-spring |
2.0.6 |
CVE-2020-26945 |
mybatis-spring-boot-starter |
2.1.4 |
CVE-2020-26945 |
spring-security-core |
5.3.8.RELEASE |
CVE-2018-1258 |
sprint-jdbc |
5.2.8.RELEASE |
CVE-2021-22118 |
MECM
Component |
Version |
CVE |
---|---|---|
bcprov-jdk15on-1.56.jar |
1.56 |
CVE-2018-1000613 CVE-2018-1000180 |
log4j |
1.2.17 |
CVE-2019-17571 |
vertx-core |
3.6.3 |
CVE-2019-17640 |
foundation-ssl |
1.3.0 |
CVE-2004-0009 |
hibernate-core |
5.3.10.Final |
CVE-2020-25638 |
netty-transport |
4.1.36.Final |
CVE-2019-20444 CVE-2019-20445 CVE-2019-16869 CVE-2020-11612 |
spring-security-core |
5.3.8.RELEASE |
CVE-2018-1258 |
spring-tx |
5.1.8.RELEASE |
CVE-2020-5398 |
tomcat-embed-core |
9.0.21 |
CVE-2020-1938 CVE-2019-12418 CVE-2019-17563 CVE-2020-11996 CVE-2020-13934 CVE-2020-13935 CVE-2020-17527 CVE-2020-8022 CVE-2020-9484 CVE-2021-25122 CVE-2021-25329 |
jackson-databind |
2.9.9 |
CVE-2019-14379 CVE-2019-14540 CVE-2019-14892 CVE-2019-14893 CVE-2019-16335 CVE-2019-16942 CVE-2019-16943 CVE-2019-17267 CVE-2019-17531 CVE-2019-20330 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2019-14439 CVE-2020-10672 CVE-2020-10673 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11619 CVE-2020-11620 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-24616 CVE-2020-24750 CVE-2020-25649 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2020-36190 |
mybatis |
3.4.4 |
CVE-2020-26945 |
ATP
Component |
Version |
CVE |
---|---|---|
netty-transport |
4.1.36.Final |
CVE-2019-20444 CVE-2019-20445 CVE-2019-16869 CVE-2020-11612 |
vertx-core |
3.9.4 |
CVE-2019-17640 |
foundation-ssl |
1.3.0 |
CVE-2004-0009 |
mybatis-spring |
2.0.6 |
CVE-2020-26945 |
mybatis-spring-boot-starter |
2.1.4 |
CVE-2020-26945 |
spring-security-core |
5.1.5.RELEASE |
CVE-2018-1258 |
spring-core |
5.1.8.RELEASE |
CVE-2020-5398 |
MEP
Component |
Version |
CVE |
---|---|---|
golang.org/x/net |
v0.0.0-20200301022130 |
CVE-2021-33194 |
Version: v1.1.0¶
Release Date: 2020-04-09
Image Version: v1.1.0
List of new open source repositories
Module |
name |
type |
URL |
illustrate |
---|---|---|---|---|
Example Applications |
example-apps |
PoC warehouse |
https://gitee.com/edgegallery/example-apps |
Provide a sample app based on EdgeGallery |
EdgeGallery Frontend Component |
eg-view |
Product warehouse |
https://gitee.com/edgegallery/eg-view |
Provide normalized EdgeGallery front-end components |
EdgeGallery Testing Platform |
edgeT |
PoC warehouse |
https://gitee.com/edgegallery/edgeT |
Provide users with a tool chain for local testing |
New Features
Requirements/Release Plan Detailed Description
AI software and hardware capabilities Support Ascend/Atlas hardware and open API
AI image repair, edge detection, cartoon image generation, image coloring, object classification, target detection, etc.;
Cross-platform support Supports the incubation integration of Openstack-based virtual machine applications and K8S container applications
Experience optimization
APP classification, APP recommendation, dynamic refresh of hot models
EdgeNative support
IaaS/PaaS/applications all support on-demand deployment and automatic application framework generation
Visualization of MEP microservice management architecture
Provide EdgeGallery applet, design state, etc.
API management ETSI MEC API, 3GPP CAPIF, and Shengteng capability support situation match
Security, user management
Decentralization of authority and domain, authority control of key operations and data
Application remote login (such as VNC) supports secure protocol login
Community Lab Enhancement
Provide a real E2E 5G verification environment
One-click resource application, one-click release, visual management
Application Innovation
AppStore Federation, can register external AppStore, applications can be pushed and pulled from each other between different AppStores
Complete 80+ application integration, land 17+ innovation bases, and postgraduate courses of Xidian University
Bug Fixes
See EdgeGallery v1.1.0 Test Report
Known Issues
See EdgeGallery v1.1.0 Test Report
Security Notes
Fixed Security Issues
See [EdgeGallery v1.1.0 Test Report](https://gitee.com/edgegallery/community/blob/master/Security%20WG/Security%20Test%20Plan/Release-R1.1/EG%20R1.1%20Security% 20Test%20Plan%20%2Emd)
Known Security Issues
See [EdgeGallery v1.1.0 Security Test Report](https://gitee.com/edgegallery/community/blob/master/Security%20WG/Security%20Test%20Result/Test%20result%20Release%20V1.1/EG%20v1 .1%20Security%20Test%20Report%2Emd)
Known Vulnerabilities in Used Modules
EdgeGallery v1.1.0 version of the third-party open source components has the following vulnerabilities that need to be repaired by users:
Appstore
Component |
Version |
CVE |
---|---|---|
log4j |
1.2.17 |
CVE-2019-17571 |
netty-transport |
4.1.36.Final |
CVE-2019-20444 CVE-2019-20445 CVE-2019-16869 CVE-2020-11612 |
vertx-core |
3.9.4 |
CVE-2019-17640 |
docker-java-core |
3.2.7 |
CVE-2019-13139 CVE-2019-13509 CVE-2019-16884 CVE-2019-5736 |
foundation-ssl |
1.3.0 |
CVE-2004-0009 |
mybatis-spring |
2.0.6 |
CVE-2020-26945 |
mybatis-spring-boot-starter |
2.1.4 |
CVE-2020-26945 |
spring-jdbc |
5.1.8.RELEASE |
CVE-2020-5398 |
spring-security-core |
5.1.5.RELEASE |
CVE-2018-1258 |
Developer
Component |
Version |
CVE |
---|---|---|
netty-transport |
4.1.36.Final |
CVE-2019-20444 CVE-2019-20445 CVE-2019-16869 CVE-2020-11612 |
vertx-core |
3.9.4 |
CVE-2019-17640 |
swagger-codegen-cli |
3.0.21 |
CVE-2018-8088 CVE-2016-6199 CVE-2019-15052 CVE-2020-25649 CVE-2019-10086 CVE-2017-1000207 CVE-2017-1000208 CVE-2017-18640 CVE-2020-11979 |
docker-java-core |
3.2.7 |
CVE-2019-13139 CVE-2019-13509 CVE-2019-16884 CVE-2019-5736 |
foundation-ssl |
1.3.0 |
CVE-2004-0009 |
mybatis-spring |
2.0.6 |
CVE-2020-26945 |
mybatis-spring-boot-starter |
2.1.4 |
CVE-2020-26945 |
spring-security-core |
5.1.5.RELEASE |
CVE-2018-1258 |
ATP
Component |
Version |
CVE |
---|---|---|
netty-transport |
4.1.36.Final |
CVE-2019-20444 CVE-2019-20445 CVE-2019-16869 CVE-2020-11612 |
vertx-core |
3.9.4 |
CVE-2019-17640 |
foundation-ssl |
1.3.0 |
CVE-2004-0009 |
mybatis-spring |
2.0.6 |
CVE-2020-26945 |
mybatis-spring-boot-starter |
2.1.4 |
CVE-2020-26945 |
spring-security-core |
5.1.5.RELEASE |
CVE-2018-1258 |
spring-core |
5.1.8.RELEASE |
CVE-2020-5398 |
User-mgmt
Component |
Version |
CVE |
---|---|---|
vertx-core |
3.9.4 |
CVE-2019-17640 |
foundation-ssl |
1.3.0 |
CVE-2004-0009 |
mybatis-spring |
2.0.6 |
CVE-2020-26945 |
mybatis-spring-boot-starter |
2.1.4 |
CVE-2020-26945 |
spring-security-core |
5.3.8.RELEASE |
CVE-2018-1258 |
Upgrade Notes
N/A
Deprecation Notes
N/A
Other
N/A
Version: v1.0.0¶
Release Date: 2020-12-31
Image Version: v1.0.0
List of new open source repositories
Module |
name |
type |
URL |
illustrate |
---|---|---|---|---|
ATP(Application Test Platform) |
atp |
Product warehouse |
https://gitee.com/edgegallery/atp |
Application test platform, providing test support for application certification |
ATP(Application Test Platform) |
atp-fe |
Product warehouse |
https://gitee.com/edgegallery/atp-fe |
Provide front-end support for application testing and certification platform |
Developer |
crane-framework |
Product warehouse |
https://gitee.com/edgegallery/crane-framework |
Provide lightweight for application development, plug-in is the development framework |
MECM |
mecm-apprulemgr |
Product warehouse |
https://gitee.com/edgegallery/mecm-apprulemgr |
The management plane provides the ability to issue and manage application rule configuration |
New Features
Demand/Release Plan Detailed Description
Version Planning Features
Developer Optimize the APP development and test release process, optimize the API interface, and integrate multi-language SDK
Optimize the homepage design and increase the application development life cycle flow chart;
Optimize the project development process, brand new interface design;
Optimize the deployment and commissioning link, increase the visual display of the deployment process, and increase the POD display of the deployment results;
Optimize the ability center interface, increase the ability classification selection;
Application release link docking certification test platform;
AppStore Interface ease of use optimized, EdgeGallery ecological capabilities optimized
MECM Optimize topology, application management and edge node management, add the function of acquiring MEP capability, AK/SK configuration interface
MEP supports APP heartbeat detection, a new interface for acquiring MEP capability, an interface for AK/SK configuration, and a new interface for acquiring token for MEP-agent
ATP APP application testing ability enhancement
Test Provide health check function, optimize installation package, develop test platform to support test case management
PoC Features
MEP service governance page display
Introduce a plug-in application framework Crane-framework
AppStore Federation, can register external AppStore, applications can be pushed and pulled from each other between different AppStores
PoC Test Report
See EdgeGallery v1.0.0 PoC Test Report
Bug Fixes
See EdgeGallery v1.0.0 Test Report
Known Issues
See EdgeGallery v1.0.0 Test Report
Security Notes
Fixed Security Issues
See [EdgeGallery v1.0.0 Test Report](https://gitee.com/edgegallery/community/blob/master/Security%20WG/Security%20Test%20Result/Test%20result%20Release%20V1.0/EG%20v1. 0.0%20Security%20Test%20Report%2Emd)
Known Security Issues
See [EdgeGallery v1.0.0 Test Report](https://gitee.com/edgegallery/community/blob/master/Security%20WG/Security%20Test%20Result/Test%20result%20Release%20V1.0/EG%20v1. 0.0%20Security%20Test%20Report%2Emd)
Known Vulnerabilities in Used Modules
EdgeGalelry v1.0.0 version of the third-party open source components has the following vulnerabilities that need to be repaired by users:
Appstore
Component |
Version |
CVE |
---|---|---|
log4j (indirect dependency) |
1.2.17 |
CVE-2019-17571 |
bcprov-jdk15on-1.66.jar |
1.66 |
CVE-2020-28052 |
jackson-databind |
2.10.5 |
CVE-2020-25649 |
spring-security-oauth2 |
2.3.3.RELEASE |
CVE-2018-15758 |
tomcat-embed-core |
9.0.37 |
CVE-2020-17525 |
Developer
Component |
Version |
CVE |
---|---|---|
spring-beans (indirect dependency) |
5.1.8.RELEASE |
CVE-2020-5398 |
spring-security-core |
5.3.4.RELEASE |
CVE-2018-1258 |
jackson-databind |
2.10.5 |
CVE-2020-25649 |
mybatis-spring-boot-starter |
2.1.1 |
CVE-2020-26945 |
tomcat-embed-core |
9.0.37 |
CVE-2020-17527 |
ATP
Component |
Version |
CVE |
---|---|---|
mybatis-spring-boot-starter |
2.1.1 |
CVE-2020-26945 |
User-mgmt
Component |
Version |
CVE |
---|---|---|
spring-security-core |
5.3.4.RELEASE |
CVE-2018-1258 |
bcprov-jdk15on |
1.66 |
CVE-2020-28052 |
jackson-databind |
2.10.5 |
CVE-2020-25649 |
mybatis-spring-boot-starter |
2.1.1 |
CVE-2020-26945 |
spring-security-oauth2 |
2.3.3.RELEAS |
CVE-2018-15758 |
Website-gateway
Component |
Version |
CVE |
---|---|---|
spring-security-core |
5.2.6.RELEASE |
CVE-2018-1258 |
jackson-databind |
2.10.5 |
CVE-2020-26945 |
spring-security-oauth2 |
2.3.3 |
CVE-2018-15758 |
tomcat-embed-core |
9.0.37 |
CVE-2020-17527 |
MECM
Component |
Version |
CVE |
---|---|---|
lodash |
4.17.13 |
CVE-2020-8203 |
minimatch |
3.0.4 |
NPM-118 |
Upgrade Notes
N/A
Deprecation Notes
N/A
Other
N/A
Version: v0.9.1¶
Release Date: 2020-11-11
Image Version: v0.9.1
List of new open source repositories
Module |
name |
type |
URL |
illustrate |
---|---|---|---|---|
Developer |
api-emulator |
Product warehouse |
https://gitee.com/edgegallery/api-emulator |
Simulate api that provides basic capabilities |
Mep |
Plugins |
Product warehouse |
https://gitee.com/edgegallery/plugins |
plugins warehouse |
Developer |
toolchain |
Product warehouse |
https://gitee.com/edgegallery/toolchain |
Provide the source code analysis function when the x86 platform application gets on the ARM |
New Features
Demand/Release Plan Detailed Description
Summary of security design troubleshooting issues
api simulator and tool chain, plugin warehouse open source
MEP/MEP Agentak/sk configuration interface
Bug Fixes
See EdgeGallery v0.9.1 Test Report
Known Issues
See EdgeGallery v0.9.1 Test Report
Security Notes
Fixed Security Issues
See EdgeGallery v0.9.1 Test Report
Known Security Issues
See EdgeGallery v0.9.1 Test Report
Known Vulnerabilities in Used Modules
EdgeGallery v0.9.1 version of the third-party open source components has the following vulnerabilities that need to be repaired by users:
Appstore
Component |
Version |
CVE |
---|---|---|
netty-transport (indirect dependency) |
4.1.36.Final |
CVE-2019-20444, CVE-2019-20445, CVE-2020-11612, CVE-2019-16869 |
log4j (indirect dependency) |
1.2.17 |
CVE-2019-17571 |
spring-jdbc (indirect dependency) |
5.1.8.RELEASE |
CVE-2020-5398 |
spring-security-core (indirect dependency) |
5.1.5.RELEASE |
CVE-2018-1258 |
bcprov-jdk15on-1.66.jar |
1.66 |
CVE-2020-28052 |
foundation-ssl |
1.3.0 |
CVE-2004-0009 |
jackson-databind |
2.10.5 |
CVE-2020-25649 |
mybatis |
3.5.3 |
CVE-2020-25645 |
spring-security-oauth2 |
2.3.3.RELEASE |
CVE-2018-15758 |
tomcat-embed-core |
9.0.37 |
CVE-2020-17525 |
vertx-core |
3.6.3 |
CVE-2019-17640 |
Developer
Component |
Version |
CVE |
---|---|---|
netty-transport (indirect dependency) |
4.1.36.Final |
CVE-2019-20444, CVE-2019-20445, CVE-2020-11612, CVE-2019-16869 |
spring-beans (indirect dependency) |
5.1.8.RELEASE |
CVE-2020-5398 |
spring-security-config (indirect dependency) |
5.1.5.RELEASE |
CVE-2018-1258, CVE-2020-5398 |
spring-security-core |
5.3.4.RELEASE |
CVE-2018-1258 |
lodash |
4.17.13 |
CVE-2020-8203 |
minimatch |
3.0.4 |
NPM-118 |
spring-security-oauth2 |
2.3.3 |
CVE-2018-15758,CVE-2019-11269,CVE-2018-3778 |
swagger-codegen-cli (shaded: com.fasterxml.jackson.core.jackson-databind:2.10.3) |
3.0.21 |
CVE-2020-25649 |
foundation-ssl |
1.3.0 |
CVE-2004-0009 |
jackson-databind |
2.10.5 |
CVE-2020-25649 |
mybatis-spring |
2.0.3 |
CVE-2020-26945 |
mybatis-spring-boot-starter |
2.1.1 |
CVE-2020-26945 |
swagger-codegen-cli |
3.0.21 |
CVE-2017-1000207,CVE-2017-1000208,CVE-2019-10086,CVE-2018-8088,CVE-2017-18640,CVE-2016-6199,CVE-2019-11065,CVE-2019-15052, |
tomcat-embed-core |
9.0.37 |
CVE-2020-17527 |
vertx-core |
3.6.3 |
CVE-2019-17640 |
User-mgmt
Component |
Version |
CVE |
---|---|---|
rxnetty (indirect dependency) |
0.4.9 |
CVE-2015-2156 |
netty-tcnative-boringssl-static (indirect dependency) |
2.0.31.Final |
CVE-2015-2156 |
spring-security-core |
5.2.6.RELEASE |
CVE-2018-1258 |
lodash |
4.17.20 |
NPM-1065, NPM-557, NPM-7823 |
minimatch |
3.0.4 |
NPM-118 |
Website-gateway
Component |
Version |
CVE |
---|---|---|
log4j |
1.2.17 |
CVE-2019-17571 |
spring-security-core |
5.2.6.RELEASE |
CVE-2018-1258 |
MECM
Component |
Version |
CVE |
---|---|---|
lodash |
4.17.13 |
CVE-2020-8203 |
minimatch |
3.0.4 |
NPM-118 |
Upgrade Notes
N/A
Deprecation Notes
N/A
Other
After review by the Security Working Group, the remaining issue list I1XA0N in the Plugins warehouse will be fixed in the form of patches after the v0.9 version is released. For details, please refer to the Security Working Group Meeting Minutes
Version: v0.9¶
Release Date: 2020-09-30
Image Version: v0.9
List of new open source repositories
Module |
name |
type |
URL |
illustrate |
---|---|---|---|---|
helm-charts |
helm-charts |
deploy |
https://gitee.com/edgegallery/helm-charts |
EdgeGallery deployment script |
website-gateway |
website-gateway |
Product warehouse |
https://gitee.com/edgegallery/website-gateway |
Front-end package |
user-mgmt |
user-mgmt |
Product warehouse |
https://gitee.com/edgegallery/user-mgmt |
usermgmt background |
user-mgmt |
user-mgmt-fe |
Product warehouse |
https://gitee.com/edgegallery/user-mgmt-fe |
usermgmt front desk |
mecm |
mecm-fe |
Product warehouse |
https://gitee.com/edgegallery/mecm-fe |
MECM front desk |
mecm |
mecm-applcm |
Product warehouse |
https://gitee.com/edgegallery/mecm-applcm |
MECM application lifecycle management |
mecm |
mecm-apm |
Product warehouse |
https://gitee.com/edgegallery/mecm-apm |
MECM application package management |
mecm |
mecm-inventory |
Product warehouse |
https://gitee.com/edgegallery/mecm-inventory |
MECM inventory management |
mecm |
mecm-appo |
Product warehouse |
https://gitee.com/edgegallery/mecm-appo |
MECM application orchestration |
developer |
developer-be |
Product warehouse |
https://gitee.com/edgegallery/developer-be |
developer background |
developer |
developer-fe |
Product warehouse |
https://gitee.com/edgegallery/developer-fe |
developer front desk |
appstore |
appstore-fe |
Product warehouse |
https://gitee.com/edgegallery/appstore-fe |
appstore front desk |
appstore |
appstore-be |
Product warehouse |
https://gitee.com/edgegallery/appstore-be |
appstore background |
platform-mgmt |
platform-mgmt |
Product warehouse |
https://gitee.com/edgegallery/platform-mgmt |
Install k8/docker |
docs |
docs |
Product warehouse |
https://gitee.com/edgegallery/docs |
Documentation |
New Features
Demand/Release Plan Detailed Description
All-in-One MEP/MECM network isolation
MEP supports DNS configuration
Support All-in-One deployment
Multi-node offline deployment
Nine dimensions of security optimization
MECM interface/topology management/resource management optimization
(PoC) kubeedge integration verification
Bug Fixes
See EdgeGallery v0.9 Test Report
Known Issues
See EdgeGallery v0.9 Test Report
Security Notes
Fixed Security Issues
See EdgeGallery v0.9 Test Report
Known Security Issues
See EdgeGallery v0.9 Test Report
Known Vulnerabilities in Used Modules
The following vulnerabilities in the third-party open source components of EdgeGallery v0.9 have to be fixed by users:
Appstore
Component |
Version |
CVE |
---|---|---|
netty-transport (indirect dependency) |
4.1.36.Final |
CVE-2019-20444, CVE-2019-20445, CVE-2020-11612, CVE-2019-16869 |
log4j (indirect dependency) |
1.2.17 |
CVE-2019-17571 |
spring-jdbc (indirect dependency) |
5.1.8.RELEASE |
CVE-2020-5398 |
spring-security-core (indirect dependency) |
5.1.5.RELEASE |
CVE-2018-1258 |
Developer
Component |
Version |
CVE |
---|---|---|
netty-transport (indirect dependency) |
4.1.36.Final |
CVE-2019-20444, CVE-2019-20445, CVE-2020-11612, CVE-2019-16869 |
spring-beans (indirect dependency) |
5.1.8.RELEASE |
CVE-2020-5398 |
spring-security-config (indirect dependency) |
5.1.5.RELEASE |
CVE-2018-1258, CVE-2020-5398 |
spring-security-core |
5.3.4.RELEASE |
CVE-2018-1258 |
lodash |
4.17.13 |
CVE-2020-8203 |
minimatch |
3.0.4 |
NPM-118 |
User-mgmt
Component |
Version |
CVE |
---|---|---|
rxnetty (indirect dependency) |
0.4.9 |
CVE-2015-2156 |
netty-tcnative-boringssl-static (indirect dependency) |
2.0.31.Final |
CVE-2015-2156 |
spring-security-core |
5.2.6.RELEASE |
CVE-2018-1258 |
lodash |
4.17.20 |
NPM-1065, NPM-557, NPM-7823 |
minimatch |
3.0.4 |
NPM-118 |
Website-gateway
Component |
Version |
CVE |
---|---|---|
log4j |
1.2.17 |
CVE-2019-17571 |
spring-security-core |
5.2.6.RELEASE |
CVE-2018-1258 |
MECM
Component |
Version |
CVE |
---|---|---|
lodash |
4.17.13 |
CVE-2020-8203 |
minimatch |
3.0.4 |
NPM-118 |
Upgrade Notes
N/A
Deprecation Notes
N/A
Other
After review by the Security Working Group, the remaining issue list I1XA0N in the Plugins warehouse will be fixed in the form of patches after the v0.9 version is released. For details, please refer to the Security Working Group Meeting Minutes