@Alla.Goldner

@Fernando Oliveira

@Andreas Geißler - proxy: @Michał Jagiełło

@Magnus Buhrgard (Unlicensed)  proxy @Liam Fallon 

@Bin Yang

@N.K. Shankaranarayanan 

@Former user (Deleted) - proxy: @Martin Vezeau 

@Ranny Haiby

@cl664y@att.com

@Seshu Kumar Mudiganti

@Dong Wang

@Timo Perala

@Eric Debeau

@Yuanhong Deng 

log4j bug - CVE-2021-44228

Message from Catherine

Proposal:

• Use SECCOM, or form a working group, to scope the issue within ONAP:

•  

  • identify the necessary changes

  • develop a validation test plan, including automated regression testing

  • develop an implementation plan (who, what, when)

  • socialize with PTLs and TSC and develop consensus

• Devote all available resources to implementing and validating the fix on main, including setting aside work on Jakarta, if necessary

• Cherry pick changes to Istanbul and re-test

• Update Istanbul documentation/release notes, as necessary 

• Generate a maintenance release as quickly as possible, without shortcutting validation of the fix

• https://docs.docker.com/engine/scan/

• https://logging.apache.org/log4j/2.x/security.html

• @Krzysztof Opasiak -Dlog4j2.formatMsgNoLookups=true

#AGREED the TSC approves remediating log4j as the top priority for the ONAP community requiring immediate action to correct in both Istanbul and master branches.

ONAP Vulnerability Management

https://lf-onap.atlassian.net/browse/INT-2039

Release Status Weekly Update

#AGREED The log4j vulnerability will mandate an Istanbul maintenance release. The maintenance release should be limited to log4j remediation only.

@cl664y@att.com - no changes to Jakarta release schedule due to focus on log4j issue for now.  Continue to monitor progress on the issue and re-evaluate as we approach M2 in January.

• Tickets- Open showstoppers:

• Tickets- Waiting on Community:

• Migration Status / Upcoming Changes:

•     Jenkins JCasC Migration today

  • allows the community to set custom setting files

  • change has been reviewed by the entire RelEng staff

  • #AGREED OK to proceed with the JCasC migration today

• Assistance Needed with the LF-IT RelEng Hiring in the EU

• VVP & VNFRQTs No PTL. No Volunteers.

  • Where do we move 3GPP VES specification ownership?

  • Final call email is sent and a decision to move to unmaintained after the Jan. DTF event - FINAL CALL to support the ONAP VNFREQS, VVP Projects
    
    
    

• OOM down to one Committer (@Krzysztof Opasiak finishing his PhD ) - Thank you @Krzysztof Opasiak  for all your contribution - wishing you all the best 

  • OOM PTL please review the list of contributors and identify who from the community to promote
    
    
    

• E2E Network slicing leadership vacancy

  • @N.K. Shankaranarayanan has been reaching out to help establish new leadership for the use case.

LFN + ONAP Marketing Update 

ONAP Marketing update 121621.pptx

CNF Task Force will resume their activities on January 4th, 2022

Enterprise Task Force will resume their activities on January 5th, 2022

• TSC Vice Chair Election kick-off after 1st of the year.
  
  
  

• #AGREED the TSC approves the Istanbul Award definitions
  
  
  

• TSC 2.0 - Project Life Cycle: 2021 Project Lifecycle Proposed Edits - tight to the Unmaintained project discussions - see action items from TSC 2021-12-09

• LFN Board follow-up actions - will resume in January 2022 

• LF's Diversity, Equity & Inclusion report

• TSC meetings canceled for Dec 23 & 30th.

• PTL meetings canceled for Dec 27 & Jan 3

• LFN Developer and Testing Forum, Jan. 10-13, 2022 (4h topics + 30 mins break)/day , Virtual Event 

  • Registration: https://community.lfnetworking.org/events/details/linux-foundation-lfn-developer-testing-forums-presents-lfn-developer-testing-forum-january-2022/
    
    

  • Sessions Page 

  • ONAP Community Program Committee Leads: @Ranny Haiby , @Timo Perala - Thank you  

• Open Networking & Edge Executive Forum (ONEEF)

  • Q1/Q2 Virtual

• LFN Developer & Testing Forum, Week of June 13th 2022

  • Physical Event

  • Porto, Portugal