.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2019-2020 Huawei Technologies Co., Ltd.
Release Notes¶
EdgeGallery Introduction¶
EdgeGallery 是一个5G MEC开源边缘计算平台,它是一个面向应用和应用开发者的端到端解决方案,对于APP应用来说除支持应用运行的基础MEP平台外,还提供APP应用管理系统(MEC Manager,极简管理面,包括MEPM以及MEAO的部分功能),能够对应用进行端到端生命周期管理,提供X86应用向ARM迁移的工具链,支持应用平滑的跨平台迁移和调优。对应用开发者来说,提供完整的应用开发IDE环境和集成验证环境,为应用开发者提供一站式开发体验,同时通过APP Store功能,对应用开发者开发的APP提供标准的准入验证流程。
Version: v1.0.0¶
- Release Date: 2020-12-31
- Image Version: v1.0.0
新开源仓库列表
| 模块 | 名称 | 类型 | URL | 说明 |
|---|---|---|---|---|
| ATP(Application Test Platform) | atp | 产品仓 | https://gitee.com/edgegallery/atp | 应用测试平台,为应用认证提供测试支撑 |
| ATP(Application Test Platform) | atp-fe | 产品仓 | https://gitee.com/edgegallery/atp-fe | 提供应用测试认证平台前台支撑 |
| Developer | crane-framework | 产品仓 | https://gitee.com/edgegallery/crane-framework | 为应用开发提供轻量化,插件是的开发框架 |
| MECM | mecm-apprulemgr | 产品仓 | https://gitee.com/edgegallery/mecm-apprulemgr | 管理面提供应用规则配置下发和管理的能力 |
New Features
- 版本规划特性
- 【Developer】优化APP开发测试发布流程,优化API界面,集成多语言SDK
- 优化首页设计,增加应用开发生命周期流程图;
- 优化项目开发流程,全新界面设计;
- 优化部署调测环节,增加可视化展示部署过程展示,增加部署结果POD展示;
- 优化能力中心界面,增加能力分类选择;
- 应用发布环节对接认证测试平台;
- 【AppStore】界面易用性优化,EdgeGallery生态能力优化
- 【MECM】优化拓扑、应用管理及边缘节点管理,新增获取MEP能力功能,AK/SK配置接口
- 【MEP】支持APP心跳检测,新增获取MEP能力接口,AK/SK配置接口,MEP-agent新增获取token接口
- 【ATP】APP应用的测试能力增强
- 【Test】提供健康检查功能,优化安装包,开发测试平台支持测试例管理
- 【Developer】优化APP开发测试发布流程,优化API界面,集成多语言SDK
- PoC 特性
- MEP服务治理页面展示
- 引入插件式应用框架Crane-framework
- AppStore联邦,可注册外部AppStore,应用在不同AppStore间可相互推送和拉取
PoC Test Report
参见EdgeGallery v1.0.0 PoC Test Report
Bug Fixes
参见 EdgeGallery v1.0.0 Test Report
Known Issues
参见 EdgeGallery v1.0.0 Test Report
Security Notes
Fixed Security Issues
参见 EdgeGallery v1.0.0 Test Report
Known Security Issues
参见 EdgeGallery v1.0.0 Test Report
Known Vulnerabilities in Used Modules
EdgeGalelry v1.0.0 版本第三方开源组件存在以下漏洞需要用户自行修复:
- Appstore:
| Component | Version | CVE |
|---|---|---|
| log4j (indirect dependency) | 1.2.17 | CVE-2019-17571 |
| bcprov-jdk15on-1.66.jar | 1.66 | CVE-2020-28052 |
| jackson-databind | 2.10.5 | CVE-2020-25649 |
| spring-security-oauth2 | 2.3.3.RELEASE | CVE-2018-15758 |
| tomcat-embed-core | 9.0.37 | CVE-2020-17525 |
- Developer:
| Component | Version | CVE |
|---|---|---|
| spring-beans (indirect dependency) | 5.1.8.RELEASE | CVE-2020-5398 |
| spring-security-core | 5.3.4.RELEASE | CVE-2018-1258 |
| jackson-databind | 2.10.5 | CVE-2020-25649 |
| mybatis-spring-boot-starter | 2.1.1 | CVE-2020-26945 |
| tomcat-embed-core | 9.0.37 | CVE-2020-17527 |
- ATP
| Component | Version | CVE |
|---|---|---|
| mybatis-spring-boot-starter | 2.1.1 | CVE-2020-26945 |
- User-mgmt:
| Component | Version | CVE |
|---|---|---|
| spring-security-core | 5.3.4.RELEASE | CVE-2018-1258 |
| bcprov-jdk15on | 1.66 | CVE-2020-28052 |
| jackson-databind | 2.10.5 | CVE-2020-25649 |
| mybatis-spring-boot-starter | 2.1.1 | CVE-2020-26945 |
| spring-security-oauth2 | 2.3.3.RELEAS | CVE-2018-15758 |
- Website-gateway:
| Component | Version | CVE |
|---|---|---|
| spring-security-core | 5.2.6.RELEASE | CVE-2018-1258 |
| jackson-databind | 2.10.5 | CVE-2020-26945 |
| spring-security-oauth2 | 2.3.3 | CVE-2018-15758 |
| tomcat-embed-core | 9.0.37 | CVE-2020-17527 |
- MECM:
| Component | Version | CVE |
|---|---|---|
| lodash | 4.17.13 | CVE-2020-8203 |
| minimatch | 3.0.4 | NPM-118 |
Upgrade Notes
N/A
Deprecation Notes
N/A
Other
N/A
Version: v0.9.1¶
- Release Date: 2020-11-11
- Image Version: v0.9.1
新开源仓库列表
| 模块 | 名称 | 类型 | URL | 说明 |
|---|---|---|---|---|
| Developer | api-emulator | 产品仓 | https://gitee.com/edgegallery/api-emulator | 提供基本能力的模拟api |
| Mep | Plugins | 产品仓 | https://gitee.com/edgegallery/plugins | plugins仓 |
| Developer | toolchain | 产品仓 | https://gitee.com/edgegallery/toolchain | 提供x86平台应用上车ARM时源码分析功能 |
New Features
- 安全设计排查问题汇总
- api模拟器和工具链、plugin仓库开源
- 【MEP/MEP Agent】ak/sk配置接口
Bug Fixes
参见 Edgeggallery v0.9.1 Test Report
Known Issues
参见 Edgeggallery v0.9.1 Test Report
Security Notes
Fixed Security Issues
参见 Edgeggallery v0.9.1 Test Report
Known Security Issues
参见 Edgeggallery v0.9.1 Test Report
Known Vulnerabilities in Used Modules
EdgeGalelry v0.9.1版本第三方开源组件存在以下漏洞需要用户自行修复:
- Appstore:
| Component | Version | CVE |
|---|---|---|
| netty-transport (indirect dependency) | 4.1.36.Final | CVE-2019-20444, CVE-2019-20445, CVE-2020-11612, CVE-2019-16869 |
| log4j (indirect dependency) | 1.2.17 | CVE-2019-17571 |
| spring-jdbc (indirect dependency) | 5.1.8.RELEASE | CVE-2020-5398 |
| spring-security-core (indirect dependency) | 5.1.5.RELEASE | CVE-2018-1258 |
| bcprov-jdk15on-1.66.jar | 1.66 | CVE-2020-28052 |
| foundation-ssl | 1.3.0 | CVE-2004-0009 |
| jackson-databind | 2.10.5 | CVE-2020-25649 |
| mybatis | 3.5.3 | CVE-2020-25645 |
| spring-security-oauth2 | 2.3.3.RELEASE | CVE-2018-15758 |
| tomcat-embed-core | 9.0.37 | CVE-2020-17525 |
| vertx-core | 3.6.3 | CVE-2019-17640 |
- Developer:
| Component | Version | CVE |
|---|---|---|
| netty-transport (indirect dependency) | 4.1.36.Final | CVE-2019-20444, CVE-2019-20445, CVE-2020-11612, CVE-2019-16869 |
| spring-beans (indirect dependency) | 5.1.8.RELEASE | CVE-2020-5398 |
| spring-security-config (indirect dependency) | 5.1.5.RELEASE | CVE-2018-1258, CVE-2020-5398 |
| spring-security-core | 5.3.4.RELEASE | CVE-2018-1258 |
| lodash | 4.17.13 | CVE-2020-8203 |
| minimatch | 3.0.4 | NPM-118 |
| spring-security-oauth2 | 2.3.3 | CVE-2018-15758,CVE-2019-11269,CVE-2018-3778 |
| swagger-codegen-cli (shaded: com.fasterxml.jackson.core.jackson-databind:2.10.3) | 3.0.21 | CVE-2020-25649 |
| foundation-ssl | 1.3.0 | CVE-2004-0009 |
| jackson-databind | 2.10.5 | CVE-2020-25649 |
| mybatis-spring | 2.0.3 | CVE-2020-26945 |
| mybatis-spring-boot-starter | 2.1.1 | CVE-2020-26945 |
| swagger-codegen-cli | 3.0.21 | CVE-2017-1000207,CVE-2017-1000208,CVE-2019-10086,CVE-2018-8088,CVE-2017-18640,CVE-2016-6199,CVE-2019-11065,CVE-2019-15052, |
| tomcat-embed-core | 9.0.37 | CVE-2020-17527 |
| vertx-core | 3.6.3 | CVE-2019-17640 |
- User-mgmt:
| Component | Version | CVE |
|---|---|---|
| rxnetty (indirect dependency) | 0.4.9 | CVE-2015-2156 |
| netty-tcnative-boringssl-static (indirect dependency) | 2.0.31.Final | CVE-2015-2156 |
| spring-security-core | 5.2.6.RELEASE | CVE-2018-1258 |
| lodash | 4.17.20 | NPM-1065, NPM-557, NPM-7823 |
| minimatch | 3.0.4 | NPM-118 |
- Website-gateway:
| Component | Version | CVE |
|---|---|---|
| log4j | 1.2.17 | CVE-2019-17571 |
| spring-security-core | 5.2.6.RELEASE | CVE-2018-1258 |
- MECM:
| Component | Version | CVE |
|---|---|---|
| lodash | 4.17.13 | CVE-2020-8203 |
| minimatch | 3.0.4 | NPM-118 |
Upgrade Notes
N/A
Deprecation Notes
N/A
Other
经过安全工作组评审,Plugins仓库遗留问题单I1XA0N将在v0.9版本发布后通过补丁形式修复,详细情况请参见安全工作组会议纪要
Version: v0.9¶
- Release Date: 2020-09-30
- Image Version: v0.9
新开源仓库列表
| 模块 | 名称 | 类型 | URL | 说明 |
|---|---|---|---|---|
| helm-charts | helm-charts | 部署 | https://gitee.com/edgegallery/helm-charts | EdgeGallery部署脚本 |
| website-gateway | website-gateway | 产品仓 | https://gitee.com/edgegallery/website-gateway | 前台封装 |
| user-mgmt | user-mgmt | 产品仓 | https://gitee.com/edgegallery/user-mgmt | usermgmt后台 |
| user-mgmt | user-mgmt-fe | 产品仓 | https://gitee.com/edgegallery/user-mgmt-fe | usermgmt前台 |
| mecm | mecm-fe | 产品仓 | https://gitee.com/edgegallery/mecm-fe | MECM前台 |
| mecm | mecm-applcm | 产品仓 | https://gitee.com/edgegallery/mecm-applcm | MECM应用生命周期管理 |
| mecm | mecm-apm | 产品仓 | https://gitee.com/edgegallery/mecm-apm | MECM应用包管理 |
| mecm | mecm-inventory | 产品仓 | https://gitee.com/edgegallery/mecm-inventory | MECM存量管理 |
| mecm | mecm-appo | 产品仓 | https://gitee.com/edgegallery/mecm-appo | MECM应用编排 |
| developer | developer-be | 产品仓 | https://gitee.com/edgegallery/developer-be | developer后台 |
| developer | developer-fe | 产品仓 | https://gitee.com/edgegallery/developer-fe | developer前台 |
| appstore | appstore-fe | 产品仓 | https://gitee.com/edgegallery/appstore-fe | appstore前台 |
| appstore | appstore-be | 产品仓 | https://gitee.com/edgegallery/appstore-be | appstore后台 |
| platform-mgmt | platform-mgmt | 产品仓 | https://gitee.com/edgegallery/platform-mgmt | 安装k8/docker |
| docs | docs | 产品仓 | https://gitee.com/edgegallery/docs | 文档 |
New Features
- All-in-One MEP/MECM网络隔离
- MEP支持DNS配置
- 支持All-in-One部署
- 多节点离线部署
- 九大维度安全优化
- MECM界面/拓扑管理/资源管理优化
- (PoC)kubeedge集成验证
Bug Fixes
参见 Edgeggallery v0.9 Test Report
Known Issues
参见 Edgeggallery v0.9 Test Report
Security Notes
Fixed Security Issues
参见 Edgeggallery v0.9 Test Report
Known Security Issues
参见 Edgeggallery v0.9 Test Report
Known Vulnerabilities in Used Modules
EdgeGalelry v0.9版本第三方开源组件存在以下漏洞需要用户自行修复:
- Appstore:
| Component | Version | CVE |
|---|---|---|
| netty-transport (indirect dependency) | 4.1.36.Final | CVE-2019-20444, CVE-2019-20445, CVE-2020-11612, CVE-2019-16869 |
| log4j (indirect dependency) | 1.2.17 | CVE-2019-17571 |
| spring-jdbc (indirect dependency) | 5.1.8.RELEASE | CVE-2020-5398 |
| spring-security-core (indirect dependency) | 5.1.5.RELEASE | CVE-2018-1258 |
- Developer:
| Component | Version | CVE |
|---|---|---|
| netty-transport (indirect dependency) | 4.1.36.Final | CVE-2019-20444, CVE-2019-20445, CVE-2020-11612, CVE-2019-16869 |
| spring-beans (indirect dependency) | 5.1.8.RELEASE | CVE-2020-5398 |
| spring-security-config (indirect dependency) | 5.1.5.RELEASE | CVE-2018-1258, CVE-2020-5398 |
| spring-security-core | 5.3.4.RELEASE | CVE-2018-1258 |
| lodash | 4.17.13 | CVE-2020-8203 |
| minimatch | 3.0.4 | NPM-118 |
- User-mgmt:
| Component | Version | CVE |
|---|---|---|
| rxnetty (indirect dependency) | 0.4.9 | CVE-2015-2156 |
| netty-tcnative-boringssl-static (indirect dependency) | 2.0.31.Final | CVE-2015-2156 |
| spring-security-core | 5.2.6.RELEASE | CVE-2018-1258 |
| lodash | 4.17.20 | NPM-1065, NPM-557, NPM-7823 |
| minimatch | 3.0.4 | NPM-118 |
- Website-gateway:
| Component | Version | CVE |
|---|---|---|
| log4j | 1.2.17 | CVE-2019-17571 |
| spring-security-core | 5.2.6.RELEASE | CVE-2018-1258 |
- MECM:
| Component | Version | CVE |
|---|---|---|
| lodash | 4.17.13 | CVE-2020-8203 |
| minimatch | 3.0.4 | NPM-118 |
Upgrade Notes
N/A
Deprecation Notes
N/A
Other
经过安全工作组评审,Plugins仓库遗留问题单I1XA0N将在v0.9版本发布后通过补丁形式修复,详细情况请参见安全工作组会议纪要