Funnelback 16.4.0 release notes

Released: 16 Jun 2021

Supported until: 16 Jun 2024

This applies to Funnelback multi-tenanted, dedicated and Squiz Cloud v16.4. For Squiz DXP please see the Funnelback 16 change log.

Use the filter to narrow down what’s in the list below, and the sort controls on each column to help locate what you are looking for.

Type Release version Description

Type	Release version	Description
2 Minor improvements	16.4	Improved the security of the download support package feature and enabled users of the Squiz DXP to access this function.
1 New and revised features	16.4	Added administration screens for scheduling of data source and analytics updates.
1 New and revised features	16.4	Added WCAG 2.1 support to accessibility auditor. The following checks have been added: Technique G208 Technique G211 Technique G216 Technique F107
2 Minor improvements	16.4	The new workflow.publish_hook.batch allows for batching up configuration changes before publishing to query processors to reduce network load.
2 Minor improvements	16.4	Added an option to view the details of configuration keys when the system is running in read only mode.
2 Minor improvements	16.4	Increased the summary text limit (indexer option `RSTXT`) to 10000000 bytes.
2 Minor improvements	16.4	Revised the top level structure of the documentation to make it easier for users to find relevant information.
2 Minor improvements	16.4	Added a new API for getting the licence usage of a client.
3 Bug fixes	16.4	Fixed a bug in the web crawler where base href tags were not processed correctly.
3 Bug fixes	16.4	Fixed a bug where instant updates would always include the start URLs.
3 Bug fixes	16.4	Fixed a bug where YouTube data sources could not be updated without a channel ID.
3 Bug fixes	16.4	Fixed an issue with the document title fixer filter that caused it to insert bad titles sourced from h1 and h2 tags.
3 Bug fixes	16.4	Fixed an issue where the faceted navigation editor screen became unresponsive when there were too many templates to check for legacy facets.
4 Important changes	16.4	The push API no longer returns a HTTP 302 status code when SAML is enabled. A HTTP 401 status code will be returned to unauthenticated users. Users should authenticate using API tokens rather than directly when using a web browser. When using a web browser to access push API endpoints you should first authenticate using the admin API.
3 Bug fixes	16.4.0.21	Prevented the creation of objects within Freemarker template files to ensure that template editors can not cause external code to be executed.
1 New and revised features	16.4.0.21	Added new server configuration keys to configure the Jetty HTTP connection.
3 Bug fixes	16.4.0.20	Fixed an issue where the search results were skewed by ranking option `cool.23` 'host_incoming_link_score'.
3 Bug fixes	16.4.0.19	Fixed the issue where numbers greater than 1000 were returning NaN while trying to calculate percentages in content auditor.
3 Bug fixes	16.4.0.19	Fixed an issue with the calculation of main host scores that caused inaccurate and inconsistent information to be displayed in SEO auditor.
3 Bug fixes	16.4.0.18	Fixed the issue where the Perl script to trigger analytics update didn’t set the correct update type.
3 Bug fixes	16.4.0.17	Fixed an issue where the environment was not detected correctly in the configuration, resulting in configuration key values to revert to the default value.
3 Bug fixes	16.4.0.17	Fixed an issue with client-based APIs where incorrect permissions were returned.
3 Bug fixes	16.4.0.17	Fixed an issue with the `IncludeUrl` Freemarker macro that prevented some relative links from being converted to absolute links. Added a new option `convertRelativeRequiresSpace` to the Freemarker `IncludeUrl` macro that expects a space between HTML attributes while converting relative URLs into absolute ones. The extraction of relative links now follows the W3C standard regarding the validity of HTML pages.
4 Important changes	16.4.0.16	Change client-based APIs to return what the user has access to based on the clientId rather than just reading the resources role.
3 Bug fixes	16.4.0.15	Fixed an issue that prevented internal documentation within the administration dashboard from displaying in some circumstances.
3 Bug fixes	16.4.0.14	Fixed an issue that caused administration dashboard labels to display intermittently.
3 Bug fixes	16.4.0.13	Fixed an issue where the Freemarker template upgrader incorrectly upgraded custom variables named `metaData`.
3 Bug fixes	16.4.0.13	Fixed an issue where trend alerts notifications were not generated.
3 Bug fixes	16.4.0.13	Fixed an issue preventing the correct export of content auditor and accessibility auditor documents in CSV format.
3 Bug fixes	16.4.0.12	Fixed an issue where fetching Facebook comments would cause an infinite loop due to changes within the Facebook endpoints.
3 Bug fixes	16.4.0.11	Fixed a security vulnerability where jackson-databind might allow remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks.
3 Bug fixes	16.4.0.11	Fixed a security vulnerability where com.google.oauth-client hasn’t implemented PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps.
3 Bug fixes	16.4.0.10	Fixed the security vulnerability where Spring Framework RCE may be vulnerable to remote code execution (RCE) via data binding [CVE-2022-22965]
3 Bug fixes	16.4.0.9	Removed broken administration dashboard used to configure reporting email as since v16 those settings are configured via results page configuration UI.
3 Bug fixes	16.4.0.8	Upgrades log4j2 to version 2.17 to fix the security vulnerability where Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.
3 Bug fixes	16.4.0.7	Upgrades log4j2 to version 2.15 to fix the security vulnerability where log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints.
3 Bug fixes	16.4.0.6	Fixes an issue where the collection tool would return an error for the index presence check.
3 Bug fixes	16.4.0.6	Restored access to data reports from the administration dashboard.
3 Bug fixes	16.4.0.6	Improves access to documentation for individual plugins from extensions administration dashboard.
3 Bug fixes	16.4.0.5	Fixes an issue where the edit metadata mappings administration dashboard wouldn’t display counts of detected sources in searchable documents properly.
3 Bug fixes	16.4.0.5	Fixes an issue where the tuning results administration dashboard couldn’t help apply an outcome of the tuning run.
3 Bug fixes	16.4.0.4	Fixes an issue where perl file manager throws an exception about untainted values when the users try to upload files.
3 Bug fixes	16.4.0.3	Fixes an issue where perl file manager throws an exception about untainted values when the users try to publish or delete files.
3 Bug fixes	16.4.0.3	Fixes an issue where rules defined in `redirects.cfg` wouldn’t work.
3 Bug fixes	16.4.0.2	Fixes the Admin API side of the `create-collection.pl` fix released in patch 16.4.0.1.
3 Bug fixes	16.4.0.1	Fixes `create-collection.pl`.

2 Minor improvements

16.4

Improved the security of the download support package feature and enabled users of the Squiz DXP to access this function.

1 New and revised features

16.4

Added administration screens for scheduling of data source and analytics updates.

1 New and revised features

16.4

Added WCAG 2.1 support to accessibility auditor.

The following checks have been added:

Technique G208
Technique G211
Technique G216
Technique F107

2 Minor improvements

16.4

The new workflow.publish_hook.batch allows for batching up configuration changes before publishing to query processors to reduce network load.

2 Minor improvements

16.4

Added an option to view the details of configuration keys when the system is running in read only mode.

2 Minor improvements

16.4

Increased the summary text limit (indexer option RSTXT) to 10000000 bytes.

2 Minor improvements

16.4

Revised the top level structure of the documentation to make it easier for users to find relevant information.

2 Minor improvements

16.4

Added a new API for getting the licence usage of a client.

3 Bug fixes

16.4

Fixed a bug in the web crawler where base href tags were not processed correctly.

3 Bug fixes

16.4

Fixed a bug where instant updates would always include the start URLs.

3 Bug fixes

16.4

Fixed a bug where YouTube data sources could not be updated without a channel ID.

3 Bug fixes

16.4

Fixed an issue with the document title fixer filter that caused it to insert bad titles sourced from h1 and h2 tags.

3 Bug fixes

16.4

Fixed an issue where the faceted navigation editor screen became unresponsive when there were too many templates to check for legacy facets.

4 Important changes

16.4

The push API no longer returns a HTTP 302 status code when SAML is enabled. A HTTP 401 status code will be returned to unauthenticated users. Users should authenticate using API tokens rather than directly when using a web browser. When using a web browser to access push API endpoints you should first authenticate using the admin API.

3 Bug fixes

16.4.0.21

Prevented the creation of objects within Freemarker template files to ensure that template editors can not cause external code to be executed.

1 New and revised features

16.4.0.21

Added new server configuration keys to configure the Jetty HTTP connection.

3 Bug fixes

16.4.0.20

Fixed an issue where the search results were skewed by ranking option cool.23 'host_incoming_link_score'.

3 Bug fixes

16.4.0.19

Fixed the issue where numbers greater than 1000 were returning NaN while trying to calculate percentages in content auditor.

3 Bug fixes

16.4.0.19

Fixed an issue with the calculation of main host scores that caused inaccurate and inconsistent information to be displayed in SEO auditor.

3 Bug fixes

16.4.0.18

Fixed the issue where the Perl script to trigger analytics update didn’t set the correct update type.

3 Bug fixes

16.4.0.17

Fixed an issue where the environment was not detected correctly in the configuration, resulting in configuration key values to revert to the default value.

3 Bug fixes

16.4.0.17

Fixed an issue with client-based APIs where incorrect permissions were returned.

3 Bug fixes

16.4.0.17

Fixed an issue with the IncludeUrl Freemarker macro that prevented some relative links from being converted to absolute links.

Added a new option convertRelativeRequiresSpace to the Freemarker IncludeUrl macro that expects a space between HTML attributes while converting relative URLs into absolute ones.

The extraction of relative links now follows the W3C standard regarding the validity of HTML pages.

4 Important changes

16.4.0.16

Change client-based APIs to return what the user has access to based on the clientId rather than just reading the resources role.

3 Bug fixes

16.4.0.15

Fixed an issue that prevented internal documentation within the administration dashboard from displaying in some circumstances.

3 Bug fixes

16.4.0.14

Fixed an issue that caused administration dashboard labels to display intermittently.

3 Bug fixes

16.4.0.13

Fixed an issue where the Freemarker template upgrader incorrectly upgraded custom variables named metaData.

3 Bug fixes

16.4.0.13

Fixed an issue where trend alerts notifications were not generated.

3 Bug fixes

16.4.0.13

Fixed an issue preventing the correct export of content auditor and accessibility auditor documents in CSV format.

3 Bug fixes

16.4.0.12

Fixed an issue where fetching Facebook comments would cause an infinite loop due to changes within the Facebook endpoints.

3 Bug fixes

16.4.0.11

Fixed a security vulnerability where jackson-databind might allow remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks.

3 Bug fixes

16.4.0.11

Fixed a security vulnerability where com.google.oauth-client hasn’t implemented PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps.

3 Bug fixes

16.4.0.10

Fixed the security vulnerability where Spring Framework RCE may be vulnerable to remote code execution (RCE) via data binding [CVE-2022-22965]

3 Bug fixes

16.4.0.9

Removed broken administration dashboard used to configure reporting email as since v16 those settings are configured via results page configuration UI.

3 Bug fixes

16.4.0.8

Upgrades log4j2 to version 2.17 to fix the security vulnerability where Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

3 Bug fixes

16.4.0.7

Upgrades log4j2 to version 2.15 to fix the security vulnerability where log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints.

3 Bug fixes

16.4.0.6

Fixes an issue where the collection tool would return an error for the index presence check.

3 Bug fixes

16.4.0.6

Restored access to data reports from the administration dashboard.

3 Bug fixes

16.4.0.6

Improves access to documentation for individual plugins from extensions administration dashboard.

3 Bug fixes

16.4.0.5

Fixes an issue where the edit metadata mappings administration dashboard wouldn’t display counts of detected sources in searchable documents properly.

3 Bug fixes

16.4.0.5

Fixes an issue where the tuning results administration dashboard couldn’t help apply an outcome of the tuning run.

3 Bug fixes

16.4.0.4

Fixes an issue where perl file manager throws an exception about untainted values when the users try to upload files.

3 Bug fixes

16.4.0.3

Fixes an issue where perl file manager throws an exception about untainted values when the users try to publish or delete files.

3 Bug fixes

16.4.0.3

Fixes an issue where rules defined in redirects.cfg wouldn’t work.

3 Bug fixes

16.4.0.2

Fixes the Admin API side of the create-collection.pl fix released in patch 16.4.0.1.

3 Bug fixes

16.4.0.1

Fixes create-collection.pl.

Help Center

Menu

Funnelback 16.4.0 release notes