Funnelback 15.2.0 release notes
Released: 9th March 2016
15.2.0 - Selected improvements and bug fixes
-
Renamed Modern administration dashboard to Administration Interface (in general) and Marketing Dashboard (for specific marketing focused functionality). Note that both are distinct from the older Classic administration dashboard.
-
Curator can now be configured to examine additional URL parameters with the ui.modern.curator.query-parameter-pattern setting.
-
Synonym blending will now run on complex queries.
-
The query processor will execute queries when the query parameter is not set and the system query s is set.
-
Push will now correctly read the correct worker thread count config option from push.worker-thread-count rather than from worker-thread-count.
-
Fixed an issue where duplicate pagination within content auditor would persist even after leaving the duplicate area.
-
Improved styling of the documentation, content auditor and the administration interfaces.
-
Added support for iframe tags within best bet previews.
-
Fixed default search template to display curator driven best bets.
-
Improved html tag boundary sentence detection within content auditor’s readability grade calculation.
-
Fixed result collapsing presentation for result pages after the first.
15.2.0 - Upgrade Issues
-
The Administration Interface now respects additional permissions for synonyms (
sec.synonym), best bet (sec.best-bet) and curator (sec.curator). These permissions will be granted to users with the "administrator" and "editor" roles on upgrade. These permissions grant complete access to the corresponding feature (view & modify). If custom file manager rules were previously configured in the users INI files to control specific permissions on corresponding configuration files (e.g.synonyms.cfg), the users INI file will need to be reviewed to add or remove the new permissions as needed. -
The
modernui.logused to contain logs for both the public and admin context. It is now split two separate log filesmodernui.Public.logandmodernui.Admin.log.
Patches
| Type | Release version | Description |
|---|---|---|
3 Bug fixes |
Upgrades log4j2 to version 2.17 to fix the security vulnerability where log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints. |
|
3 Bug fixes |
Prevents creation of objects within Freemarker template files to ensure that template editors can not cause external code to be executed. |
|
3 Bug fixes |
Fixes security issues where:
Please ensure any custom form-not-found.ftl templates in collections are updated to perform correct escaping if they were derived from the previously vulnerable form-not-found.default.ftl. Please ensure that any customised value for the global |
|
3 Bug fixes |
Fixed an issue where the user editing interface for a user with no permitted collections would be presented with all collections selected, rather than none. |
|
3 Bug fixes |
Changes the click tracking endpoint to no longer depend on the referrer. This does result in the click logs no longer containing the referrer URL. |
|
3 Bug fixes |
Fixes an issue where auto completion with partials did not respect the profile scope. |
|
3 Bug fixes |
Fixes a cross site scripting vulnerability when unescaped HTML was provided to the CheckBlending macro’s linkText attribute. |
|
3 Bug fixes |
Corrected the XSS Vulnerability in Anchors.html |
|
3 Bug fixes |
Fixes a bug where data loss could occur in Push collections if commits failed. |
|
3 Bug fixes |
Fixes a bug on Windows where commits could fail if index files in a snapshot are held opened. |
|
3 Bug fixes |
Fixes various DLS security flaws. |
|
3 Bug fixes |
Fixes a bug where data loss could occur in push on Windows. The problem is more likely to occur when Push is used in a meta collection. |
|
3 Bug fixes |
Fixes an issue when copying best bets using a match type other than "exact query match". |
|
3 Bug fixes |
Fixes a race condition when saving a meta collection configuration on Windows if a component collection is updating in the background. |