Funnelback 15.18.0 release notes

Released: 3 December 2018

Supported until: 3 December 2019 (Short Term Support Version)

15.18.0 - New features

  • Funnelback Knowledge Graph

    • An extension to Funnelback search that analyses data from your enterprise systems, links it together and then presents it in a browsable interface. Enables people to more easily find and contextualise organisational information.

  • Redesigned user management system including:

    • Greatly improved user interface for creating and managing users.

    • Support for roles to streamline user permission management.

    • Ability to restrict user management permissions based on a user list or username suffixes.

    • Documentation of all permission settings within Funnelback.

15.18.0 - Selected improvements and bug fixes

  • Sessions API cart.json now sets the collection to the one which provided the URL rather than setting it to the meta collection. Note the value is only changed for values in the cart added after the upgrade.

  • Upgraded Tika to version 1.19.1

  • Introduced a boolean-expression lock-key-matcher and a raw lockstring storage mode.

  • Added a security manager to prevent hook scripts calling System.exit (which would terminate the web server process).

  • Fixed MetadataScraper applyIfNoMatch logic.

  • Fixed MetadataNormaliser to work correctly with the new filter framework and under push collections.

  • Introduced the ability to return the complete summarisable text for documents in results.

  • Changes to allow many collection.cfg settings affecting query-time behaviour to be set in profile.cfg

  • Funnelback now bundles the current OpenJDK 8 build from AdoptJDK rather than Oracle’s version.

  • Fixed handling of absolute paths in the crawler.form_interaction_file setting.

  • Fixed handling of some special characters in reporting blacklist for pattern analyser.

  • Added processing of wmeta weighting for phrase queries.

  • Added new query processing laxity and sort_ignoring_tiers options.

  • SAML Identity provider initiated login now redirects to the marketing dashboard.

  • Avoided the web crawler potentially loading sitemap.xml files multiple times.

  • Fixed several cases where SAML authentication did not operate as expected in some web browsers or when the funnelback_documentation collection was inaccessible.

  • Removed some no-longer-supported Facebook permissions and fields from the Facebook gatherer.

  • Added fields to Twitter documents containing reply related metadata.

  • Fixed web crawler link decoding behaviour.

  • Fixes support for sort mode '3' in query completion, allowing the 'alpha' setting to be respected.

  • Improved the performance of the directory gatherer by caching attribute syntax definitions.

  • Fixed the default form-not-found template which reflected the given form id without proper escaping.

  • Fixed the default configuration of URL previewing which could previously be used to expose local log file content.

  • Push slaves will now actively pull down merge/vacuumed generations, rather than waiting for commits to trigger this.

  • Under Browse Collection Configuration Files users will be able to list/view/edit/etc files under all profiles which exist and the which the user has access to without specific file manager rules being created.

15.18.0 - Configuration Upgrade Steps

The following changes will be automatically performed on all configurations during the upgrade process. Configurations migrated from older versions after the upgrade will need to have update-configs.pl manually run to apply these changes.

  • Users with a pre-15.18 user-info section will be upgraded to the new 15.18 format in which this section is renamed to user-details. The 15.18 format changes the interpretation of the profile setting within this section such that an empty value now denotes access to no profile rather than to all, with * granting all-access instead. This makes the behaviour consistent with collections and other similar settings.

  • Users who previously had the sec.administrator permission are granted permission to:

    • Create and delete users and roles (sec.accounts.create-users, sec.accounts.delete-users, sec.accounts.create-roles, sec.accounts.delete-roles)

    • Change user passwords (cp.change.passwd)

    • Edit and grant all roles (roles -> can-edit-roles = *, roles -> can-grant-roles = *)

    • Edit all users (user-details -> can-edit-users = *)

    • Create roles and users with any suffix (roles -> can-create-roles-with-suffix = *, user-details -> can-create-users-with-suffix = *).

  • All users are granted sec.knowledge-graph-labels, sec.knowledge-graph-relationships and sec.knowledge-graph-templates to allow customisation of knowledge graph relationships and presentation.

  • All users have a version section with the setting version=15.18 added to support any future upgrade operations.

15.18.0 - Upgrade Issues

  • The Sessions database schema has been changed, so for installations using external databases the update-session-db.groovy will need to be run (see Search sessions and history for instructions). The script will be run automatically on upgrade for installations using the default sessions DB.

  • The MetadataScraper filter has fixed its implementation of rules with applyIfNoMatch: true. Previously, setting this flag on a rule meant that it would apply on all documents (i.e. even if the selector did not match). This has now changed so that the rule only applies when the selector does not match. Any implementations relying on the old behaviour will need to be updated accordingly.

  • The following permissions will now generate a warning if present in user ini files as they have either been removed or upgraded in a previous version or they where never used plugin.agencies.help, plugin.emergency.contacts, plugin.ip.records.tracker, plugin.mgt.clients, plugin.publish.config, plugin.qld.logs.archive, sec.accessibility-auditor.admin, sec.accessibility-reports, sec.content.optimiser, sec.edit.advanced, sec.edit.clients, sec.fareporter, sec.kill.doc, sec.kiosk, sec.perform.feed, sec.qldagency, sec.service.manifold, sec.service.manifoldcf, sec.stop.manual, sec.superuser, sec.synonyms, sec.view.collection, sec.wcag.

Patches

Type Release version Description

3 Bug fixes

Upgrades log4j2 to version 2.16 to fix the security vulnerability where log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints.

3 Bug fixes

Removes the screens for file-manager rule editing which could create security issues

3 Bug fixes

Fixes an issue where support packages could contain unintended files

3 Bug fixes

Fixes an issue where the running Funnelback jetty web server could retain permissions via supplemental groups after startup

3 Bug fixes

Limits an administration CGI script to redirect only within the Funnelback administration interface as intended

3 Bug fixes

Removes the unused administration debug.cgi script which reflected input parameters without proper escaping

3 Bug fixes

Improves support for running faceted navigation on extra searches.

3 Bug fixes

Adds method 'getEffectiveExtraSearchName()' to the search transaction which gets the name of the extra search this search should be considered to be under. The result of this should be used when modifying a particular extra search. As Funnelback may create extra searches under an existing search, for example for faceted navigation, this could be used to work out if the search transaction should be modified.

3 Bug fixes

Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates escaped using output formats by inserting zero-width whitespace between consecutive open-curly-brackets.

3 Bug fixes

Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets.

3 Bug fixes

Improves the task-picker such that it can load dependencies from custom 'jar' files located '$SEARCH_HOME/lib/java/task-picker/'.

3 Bug fixes

Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets.

3 Bug fixes

Improve the performance of the Accessibility Auditor interface by requesting less data.

3 Bug fixes

Fixes an issue where some of the text on the Accessibility Auditor dashboard was showing out of date information.

3 Bug fixes

Fixes an issue where the Accessibility Auditor dashboard would not generate the thumbnail screenshots for each domain.

3 Bug fixes

Improves the query response time when sorting.

3 Bug fixes

Fixes an issue where large (>2GB) index.dt files would cause padre-gs to fail when setting gscopes.

3 Bug fixes

Fixes an issue where jetty stopped logging after deploying knowledge-graph.

3 Bug fixes

Fixes an issue where jetty would terminate on invalid 'index.autoc' (query completion) files.

3 Bug fixes

Makes the funnelback-graph service run as the Funnelback user on Unix.

3 Bug fixes

Fixes an issue that prevents the funnelback-graph service from restarting when requested.

3 Bug fixes

Fixes an issue that prevents scheduled tasks from appearing in the Administration interface on Windows Server 2016.

3 Bug fixes

Fixes an issue where recording Accessibility Auditor details would fail during the swap views step if the server is in read-only mode.

3 Bug fixes

Fixes an issue where swap-views.pl did not clear the redis state before running the pipeline.

3 Bug fixes

Fixes cases where related document processing could:

  1. Fail on invalid URLs which would result in 500 errors on search result pages. Invalid URLs are now logged and then ignored.

  2. Fail when a large number (or total length) of URLs were processed in a single request. URLs are now processed in batches when necessary.

3 Bug fixes

Improves the Accessibility Auditor historical data storage. The data is stored in less space while also being significantly faster when storing and retrieving data. The Accessibility Auditor historical data APIs are also improved to reduce the amount of memory needed to help reduce the chance of 'OutOfMemoryError' exceptions from being thrown. The Accessibility Auditor historical data will be automatically moved to the new storage format when Jetty is restarted (one collection at a time) or on the first Accessibility Auditor historical data API request.

3 Bug fixes

The default timeout for 'push.scheduler.delay-between-meta-dependencies-runs' has been increased to '1200' (20 minutes). This has been increased to reduce the frequency at which Accessibility Auditor historical data is recorded. This option will need to be overridden if meta collections containing push collections need a smaller delay in updating the spelling index and auto completion.

3 Bug fixes

Fixes a bug where the API 'GET /account/v2/permitted-values/profiles' would return profiles the current user did not have access to within collections the user did have access to.

3 Bug fixes

Improves query processing so that non ASCII apostrophes are treated the same as ASCII apostrophes.

3 Bug fixes

Fixes a bug where queries may not return when instant updates include URLs that contain ampersands.

3 Bug fixes

Corrects the list of security permissions which generate a warning in the release notes.

3 Bug fixes

Prevents creation of objects within Freemarker template files to ensure that template editors can not cause external code to be executed.

3 Bug fixes

Fixes a bug where 'FineTune' may crash when 'query_processor_options' is longer than '1000' bytes.

3 Bug fixes

Removes a restriction where users without 'sec.administer.system' could not see the link to the new user management screens.

3 Bug fixes

Fixes an issue with page navigation being broken in the adminstration screens when you dismiss unsaved changes.

3 Bug fixes

Stops user.ini files which were not upgraded by the installer from being corrupted by clicking links in the administration home page.