docs: update changelog and add known knowns section in readme

CHANGELOG.md

@@ -6,29 +6,29 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
 
 ### Change
 * **Backend Logic**
-  * Save the error details of the clearinghouse service inside the portal db of application checklist/process worker
+  * saved the error details of the clearinghouse service inside the portal db of application checklist/process worker
 * **Apps Services**
   * updated backend logic of `PUT /api/apps/AppReleaseProcess/{appId}/submit` to allow the submission without defined/configured technical user profile
 * **Administration Service**
-  * remove obsolete endpoints
+  * removed obsolete endpoints
     * `GET /api/user/app/{appId}/roles` ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
     * `PUT /api/user/app/{appId}/roles` ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
   * included connector URL in responses for connector-related endpoints (GET /api/administration/Connectors, GET /api/administration/Connectors/managed, GET /api/administration/Connectors/{connectorID})
   * modified POST: api/administration/companydata/useCaseParticipation logic to create framework credentials via the SSI credential issuer interface
   * improved GET /serviceAccounts/{serviceAccountID} and GET /serviceAccounts to return service accounts regardless of state (excluding DELETE) and included userStatus in the payload
   * updated PUT /api/administration/SubscriptionConfiguration/owncompany to allow URL deletion by submitting an empty URL
-  * enhanced GET /api/administration/registration/application/{applicationId}/companyDetailsWithAddress payload with "created", "lastChanged", "documents" details.
-  * removed "documents" from GET /api/administration/registration/application/{applicationId}/companyDetailsWithAddress payload (Breaking Change). ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
+  * enhanced GET /api/administration/registration/application/{applicationId}/companyDetailsWithAddress payload with "created", "lastChanged", "documents" details
+  * removed "documents" from GET /api/administration/registration/application/{applicationId}/companyDetailsWithAddress payload (Breaking Change) ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
 * **Services Service**
   * updated permission validation for api endpoints
     * GET /api/services/subscribed/subscription-status ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
     * GET /api/services/{serviceId}/subscription/{subscriptionId}/subscriber ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
     * GET /api/services/{serviceId}/subscription/{subscriptionId}/provider ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
 * updated swagger (endpoint documentation, payload examples and allowed values)
 * changed the CompanyInvitationData to class instead of record
-* **Updated seeding**
+* **Seeding**
   * removed service account sa-cl5-custodian-1 ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
-  * added missing service accounts and improve descriptions
+  * added missing service accounts and improved descriptions
   * removed the following roles: BPDM Gate Read, BPDM Gate Read & Write, BPDM Partner Gate, BPDM Management, BPDM Pool ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
   * added the following roles: BPDM Sharing Admin, BPDM Sharing Input Manager, BPDM Sharing Input Consumer, BPDM Sharing Output Consumer, BPDM Pool Admin, BPDM Pool Consumer, Business Partner Data Manager, BPDM Pool Sharing Consumer
   * added self description document to release company record (operator)
@@ -39,10 +39,10 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
   * released new endpoint to view other companies certificates via the document ID `GET /api/administration/companydata/companyCertificates/documents/{documentId}`
   * released specific document endpoint to fetch owned company certificates by documentID `GET /api/administration/companydata/companyCertificates/{documentId}`
   * added auditing
-    * Certificate Uploads: Capture the event when a new certificate is uploaded to the system.
-    * Certificate Deletions: Capture the event when an existing certificate is deleted from the system.
-    * User Identification: Log the identity of the user who performed the action.
-    * Timestamp Recording: Log the exact date and time when the action was performed.
+    * Certificate Uploads: Capture the event when a new certificate is uploaded to the system
+    * Certificate Deletions: Capture the event when an existing certificate is deleted from the system
+    * User Identification: Log the identity of the user who performed the action
+    * Timestamp Recording: Log the exact date and time when the action was performed
 * **Process Worker**
   * released new process step "SEND_MAIL" and integrated the step for all mail jobs
 * **Self-Soverein-Identity Next (Support Central (MIW) and Decentral (DIM) Identity Management Systems)** ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
@@ -56,21 +56,21 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
     * added didDocument publication flow and validation of the successful publication
     * added process worker step and backend logic to register didDocument received from integrated wallet inside the BDRS (BPN-DID Resolver) service
   * **Multi Provider Technical User**
-    * enabled feature to allow technical user creation for mutliple providers
-    * enhanced response data of technical user-related endpoints to include user status, addressing the need for comprehensive user management:
+    * enabled feature to allow technical user creation for multiple providers
+    * enhanced response data of technical user related endpoints to include user status, addressing the need for comprehensive user management:
       * POST /api/apps/autoSetup
       * GET /api/apps/{appId}/subscription/{subscriptionId}/provider
       * GET /api/apps/{appId}/subscription/{subscriptionId}/subscriber
       * GET /api/services/{serviceId}/subscription/{subscriptionId}/provider
-      * GET /api/services/{serviceId}/subscription/{subscriptionId}/subscriber  
+      * GET /api/services/{serviceId}/subscription/{subscriptionId}/subscriber
   * **Service Account Secret Retrieval**
-    * Modified GET api/administration/serviceaccount/owncompany/serviceaccounts/{serviceAccountId} to differentiate secret retrieval based on the service account provider (database vs integrated identity provider
+    * modified GET api/administration/serviceaccount/owncompany/serviceaccounts/{serviceAccountId} to differentiate secret retrieval based on the service account provider (database vs integrated identity provider
   * **Clearinghouse Data Interface Adjustment**
-    * Altered the interface to retrieve a company's DID directly from the database when the DIM wallet feature is active, as opposed to sourcing it from MIW, simplifying the data retrieval process and reducing dependencies on external services.
+    * altered the interface to retrieve a company's DID directly from the database when the DIM wallet feature is active, as opposed to sourcing it from MIW, simplifying the data retrieval process and reducing dependencies on external services
 * **Registration Decline**
   * released function to decline as customer the registration process and delete user accounts
   * added registration decline process worker steps
-  * enabled decline feature via url inside the email template "invite" 
+  * enabled decline feature via url inside the email template "invite"
 * **Autosetup Process Worker**
   * adjusted offer autosetup process to create dim technical users
 * **Agreement Status**
@@ -86,25 +86,22 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
   * enabled email service for create user account under owned IdP as well as for migration of an user account from any IdP to a ownedIdP
 * **Others**
   * released GET: api/administration/companydata/decentralidentity/urls endpoint to provide connector registration relevant information
-  * added GET /api/apps/AppChange/{appId}/roles to recetrieve app configured roles for owned apps
-  * added GET /api/apps/AppReleaseProcess/{appId}/roles to recetrieve app uploaded roles
+  * added GET /api/apps/AppChange/{appId}/roles to retrieve app configured roles for owned apps
+  * added GET /api/apps/AppReleaseProcess/{appId}/roles to retrieve app uploaded roles
 
 ### Technical Support
-* adjusted the get_current_version script for nuget packages to only return the tag name
-* introduced codeql scan
-* removed veracode workflow
+* upgraded all services and jobs to .Net 8
+* Token lifetime: set ClockSkew (security configuration jwtBearerOptions) to 5 minutes for token expiration
+* moved api paths from BPDM out of code into config / helm chart
+* upgraded nuget packages
 * removed unused deprecated packages
+* adjusted the get_current_version script for nuget packages to only return the tag name
+* introduced CodeQL scan
+* removed Veracode workflow
 * improved workflows and documentation
 * upgraded gh actions and change to pinned actions full length commit sha
-* add dependabot.yml file
-* moved api paths from BPDM out of code into config / helm chart
-* introduced grouping of pull request for version updates
-* upgraded Npgsql and EntityFrameworkCore packages
+* add dependabot.yml file and introduced grouping of pull request for version updates
 * reworked year in file header
-* Token lifetime - set ClockSkew (security configuration jwtBearerOptions) to 5 minutes for token expiration
-* upgraded all services and jobs to .net 8
-* upgraded nuget packages
-* merged all migrations since v1.8.0-rc6 into one 2.0.0-alpha
 
 ### Bugfix
 * adjusted endpoint `GET api/administration/serviceaccount/owncompany/serviceaccounts` to filter for active service accounts by default
@@ -115,7 +112,7 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
   * use identifier.Value instead of repeating its type
   * use CompanyUniqueIdData instead of UniqueIdentifierData
 * fixed sonar findings
-* fixed codeql findings
+* fixed CodeQL findings
 * CONTRIBUTING.md: linked to contribution details
 * updated eclipse dash tool for dependencies check
 * Core role assignment - fixed query for core offer to prevent role assignment triggering cascading role assignments
@@ -128,18 +125,22 @@ The following are known issues identified in the current release:
 * **Email Template Issues:**
   * The `verified_credential_approved.html` email template does not populate the "wallet" value as expected.
   * The `decline_registration.html` email template is triggered when a customer utilizes the self-decline feature.
-* **Validation Limitations:**
-  * Pattern validation for URL inputs in `POST` and `PUT` endpoints is currently limited, potentially allowing invalid URLs to be accepted.
-* **Obsolete Code:**
-  * Redundant backend code from a previous version of the SSI implementation remains in the codebase and has not been purged.
-* **SonarCloud Analysis Finding:**
-  * A potential null reference for 'identityProviderLinks' has been identified by SonarCloud static analysis, indicating that it could be null on at least one execution path.
 * **Autosetup Feature Limitation:**
   * The autosetup feature lacks support for service providers and app providers to automatically retrieve customer connector configuration details such as `authURL`, `WalletURL`, etc.
 * **Deletion Support Deficiencies:**
-  * The deletion of technical users from external providers is not currently supported.
-  * Removal of BDRS (BPN-DID Resolver Service) entries is not currently supported.
+  * The deletion of technical users from external providers is currently not supported.
+  * Removal of BDRS (BPN-DID Resolver Service) entries is currently not supported.
   * Deletion of wallet tenants has not been implemented.
+* **Obsolete Code:**
+  * Redundant backend code from a previous version of the SSI implementation remains in the codebase and has not been purged.
+* **Code quality Finding:**
+  * A potential null reference for 'identityProviderLinks' has been identified, indicating that it could be null on at least one execution path. [#694](https://github.com/eclipse-tractusx/portal-backend/issues/694)
+* **Validation Limitations:**
+  * Pattern validation for URL inputs in `POST` and `PUT` endpoints is currently limited, potentially allowing invalid URLs to be accepted. [#587](https://github.com/eclipse-tractusx/portal-backend/issues/587)
+* **Validation of File Upload Limitation:**
+  * It is recommended to make make use of an existing trustworthy 3rd party virus-scan service for a more broad scan for known malicious signatures. [#779](https://github.com/eclipse-tractusx/portal-backend/issues/779)
+* **In Memory Storage Limitation**:
+  * Sensitive information (such as passwords) is read in an unencrypted manner in memory.
 
 ## 1.8.1
 

README.md

@@ -34,6 +34,10 @@ Run the following command from the CLI in the directory of the service you want
 dotnet run
 ```
 
+## Known Issues and Limitations
+
+See [Known Knowns](/CHANGELOG.md#known-knowns).
+
 ## Notice for Docker image
 
 This application provides container images for demonstration purposes.