Help Center

Menu

Funnelback patch 14.2.3.39

  • Released: 2016-12-05

  • Applies to: v14.2.3

  • Internal reference: SUPPORT-2335, FUN-9496

Description

Fixes a cross site scripting vulnerability when unescaped HTML was provided to the CheckBlending macro’s linkText attribute.

Affected files

  • web/templates/modernui/funnelback.ftl: Fix CheckBlending macro to escape all HTML (except 'em' tags historically used in this context).

Deployment

  • Deploy the provided files on top of an existing install (Note: No jetty restart is required for this change).

  • As patches are cumulative, apply deployment instructions from any previously unapplied patches.