Funnelback 16.4.0 release notes

Released: 16 Jun 2021

Supported until: 16 Jun 2024

This applies to Funnelback SaaS v16.4. For Funnelback DXP please see the Funnelback 16 change log.

Use the filter to narrow down what’s in the list below, and the sort controls on each column to help locate what you are looking for.

Type Release version Description

2 Minor improvements

16.4

Improved the security of the download support package feature and enabled users of the Squiz DXP to access this function.

1 New and revised features

16.4

Added administration screens for scheduling of data source and analytics updates.

1 New and revised features

16.4

Added WCAG 2.1 support to accessibility auditor.

The following checks have been added:

  • Technique G208

  • Technique G211

  • Technique G216

  • Technique F107

2 Minor improvements

16.4

The new workflow.publish_hook.batch allows for batching up configuration changes before publishing to query processors to reduce network load.

2 Minor improvements

16.4

Added an option to view the details of configuration keys when the system is running in read only mode.

2 Minor improvements

16.4

Increased the summary text limit (indexer option RSTXT) to 10000000 bytes.

2 Minor improvements

16.4

Revised the top level structure of the documentation to make it easier for users to find relevant information.

2 Minor improvements

16.4

Added a new API for getting the licence usage of a client.

3 Bug fixes

16.4

Fixed a bug in the web crawler where base href tags were not processed correctly.

3 Bug fixes

16.4

Fixed a bug where instant updates would always include the start URLs.

3 Bug fixes

16.4

Fixed a bug where YouTube data sources could not be updated without a channel ID.

3 Bug fixes

16.4

Fixed an issue with the document title fixer filter that caused it to insert bad titles sourced from h1 and h2 tags.

3 Bug fixes

16.4

Fixed an issue where the faceted navigation editor screen became unresponsive when there were too many templates to check for legacy facets.

4 Important changes

16.4

The push API no longer returns a HTTP 302 status code when SAML is enabled. A HTTP 401 status code will be returned to unauthenticated users. Users should authenticate using API tokens rather than directly when using a web browser. When using a web browser to access push API endpoints you should first authenticate using the admin API.

4 Important changes

Change client-based APIs to return what the user has access to based on the clientId rather than just reading the resources role.

3 Bug fixes

Fixed an issue that prevented internal documentation within the administration dashboard from displaying in some circumstances.

3 Bug fixes

Fixed an issue that caused administration dashboard labels to display intermittently.

3 Bug fixes

Fixed an issue where the Freemarker template upgrader incorrectly upgraded custom variables named metaData.

3 Bug fixes

Fixed an issue where trend alerts notifications were not generated.

3 Bug fixes

Fixed an issue preventing the correct export of content auditor and accessibility auditor documents in CSV format.

3 Bug fixes

Fixed an issue where fetching Facebook comments would cause an infinite loop due to changes within the Facebook endpoints.

3 Bug fixes

Fixed a security vulnerability where jackson-databind might allow remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks.

3 Bug fixes

Fixed a security vulnerability where com.google.oauth-client hasn’t implemented PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps.

3 Bug fixes

Fixed the security vulnerability where Spring Framework RCE may be vulnerable to remote code execution (RCE) via data binding [CVE-2022-22965]

3 Bug fixes

Removed broken administration UI used to configure reporting email as since v16 those settings are configured via results page configuration UI.

3 Bug fixes

Upgrades log4j2 to version 2.17 to fix the security vulnerability where Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

3 Bug fixes

Upgrades log4j2 to version 2.15 to fix the security vulnerability where log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints.

3 Bug fixes

Fixes an issue where the collection tool would return an error for the index presence check.

3 Bug fixes

Restored access to data reports from the administration dashboard.

3 Bug fixes

Improves access to documentation for individual plugins from extensions administration UI.

3 Bug fixes

Fixes an issue where the edit metadata mappings administration UI wouldn’t display counts of detected sources in searchable documents properly.

3 Bug fixes

Fixes an issue where the tuning results administration UI couldn’t help apply an outcome of the tuning run.

3 Bug fixes

Fixes an issue where perl file manager throws an exception about untainted values when the users try to upload files.

3 Bug fixes

Fixes an issue where perl file manager throws an exception about untainted values when the users try to publish or delete files.

3 Bug fixes

Fixes an issue where rules defined in redirects.cfg wouldn’t work.

3 Bug fixes

Fixes the Admin API side of the create-collection.pl fix released in patch 16.4.0.1.

3 Bug fixes

Fixes create-collection.pl.