Funnelback 14.2 patches

Patches

Type Release version Description

3 Bug fixes

Fixed an issue where the user editing interface for a user with no permitted collections would be presented with all collections selected, rather than none.

3 Bug fixes

Fixes a cross site scripting vulnerability when unescaped HTML was provided to the CheckBlending macro’s linkText attribute.

3 Bug fixes

Corrected the XSS Vulnerability in Anchors.html

3 Bug fixes

Fixes a bug where configs would not be reloaded in some multi server environments.

3 Bug fixes

Restore the Message Of The Day (MOTD) feature which was erroneously removed. MOTD file can be placed under $SEARCH_HOME/share/include/motd.txt and its content will be displayed at the top of the administration interface.

3 Bug fixes

A few improvements for content auditor templates.

3 Bug fixes

Fixes a bug where data loss could occur in Push collections if commits failed.

3 Bug fixes

Fixes a bug on Windows where commits could fail if index files in a snapshot are held opened.

3 Bug fixes

Fixes various DLS security flaws.

3 Bug fixes

Fixes a bug where data loss could occur in push on Windows. The problem is more likely to occur when Push is used in a meta collection.

3 Bug fixes

Fixes an issue where the submit button does not submit the form after valid user input has been checked and passed upon creation in the curator edit screen.

The button now submits the form and the curator ruleset list is displayed.

3 Bug fixes

Fixes a problem with content auditor display which was introduced in patch 14.2.3.28

3 Bug fixes

Fixes a potential web server crash when autoc files contain no suggestions.

3 Bug fixes

Fixes an issue where after a Curator Rule has been set, the rule will not be shown in the Curator Rulesets list.

The Curator Rule is now shown immediately after it has been created.

3 Bug fixes

Introduces the ability to disable links to WCA from within content auditor.

To disable it, set ui.modern.content-auditor.search_results.show_wcag_link=false within the relevant collection.cfg file.

3 Bug fixes

Fixes an issue where meta dependencies fails when a meta collection contains a Push collection.

3 Bug fixes

Fixes an issue where the wrong collapsing results are shown.

3 Bug fixes

Fixes a issue where cache copies for modern UI would fail on Windows.

3 Bug fixes

Fixes a issue where refresh updates may keep documents which no longer exists.

3 Bug fixes

Fixes a issue where a partial match limit was applied when DAAT was larger than the total number of documents.

3 Bug fixes

Fixes a issue where some characters in query logs would cause analytics to fail.

3 Bug fixes

Fixes a issue where cache copies for warc would be dependent upon the offline view.

3 Bug fixes

Improves groovy hook scripts such that they can load classes under $SEARCH_HOME/lib/java/all as well as the collection @groovy folder.

3 Bug fixes

Makes the reporting update process more error-tolerant of invalid log files.

3 Bug fixes

Fixes a issue where explore queries would have negative weights on query terms, causing the query processor to generate warnings.

3 Bug fixes

Fixes a issue where the query processors was not stemming query terms to all available terms in a meta collection.

3 Bug fixes

Upgrades the Jetty web server to the latest 9.2.x version to fix a buffer bleed vulnerability.

3 Bug fixes

Fixes issue where Facebook gather would stop mid-gather

3 Bug fixes

Default script now supplies fields to request from Facebook

3 Bug fixes

Fixes a issue where index log files would not be emptied before being re-used, this could result in large log files. Affects Meta and push collections.

3 Bug fixes

Fixes issues with the session features with long metadata names and metadata values longer than 4096 characters.

3 Bug fixes

Switching to https://graph.facebook.com/v2.4/ instead of https://graph.facebook.com/v2.2/ means not as much information is returned as was previously. This patch fetches causes comments to be fetched and attached to posts.

3 Bug fixes

Fixes Facebook collections, by reconfiguring restfb to point to https://graph.facebook.com/v2.4/ instead of https://graph.facebook.com/v2.2/

3 Bug fixes

Fixes an issue where the crawler could store a document outside its include_patterns when following redirects

3 Bug fixes

Fixes a concurrency issue with Push when used in meta collections.

3 Bug fixes

Reduces the time Push commits are delayed when Push is used in a meta collection.

3 Bug fixes

Fixed a Modern UI bug where a response would be wrapped in the JSONP callback function twice.

3 Bug fixes

Fixed a bug where crawler did not read the crawler.accept_cookies setting correctly

3 Bug fixes

Fixes a bug in the crawler where cookies having a domain starting with "." were not kept by the crawler, breaking parts of form interaction.

3 Bug fixes

Implemented experimental support for defining click-through actions for confirmation pages which follow forms.

3 Bug fixes

Fixes a bug in how missing cached documents and meta collections are handled in SEO auditor.

3 Bug fixes

Adds support for debugging files which can not be replaced on Windows within Push collections. Details on how to enable this debugging is described in the Push documentation which is updated with this patch.

3 Bug fixes

Significantly reduces memory requirements of the query processor when run over a meta or push collection.

3 Bug fixes

Fixes a issue where the index merger did not preserve the geo location data when merging indexes in a push collection which had geospatial search enabled, as the merger would disable geospatial search causing issues when the query processor ran.

3 Bug fixes

Fixes a issue where the index merger would not correctly merge indexes which had security metadata class names that where longer than 1 character.

3 Bug fixes

Fixes a bug where metadata class names of at least 2 characters which started with the letter 'd' would not work when indexing xml.

3 Bug fixes

Fixes a bug where indexing would fail when using long metadata class names to index CJKT characters

3 Bug fixes

Fixes a bug where the query processor may fail when stemming is used in conjunction with gscopes.

3 Bug fixes

Fixes a concurrency issue when push collections are used in one or more meta collections.

3 Bug fixes

Fixes a cross site scripting bug in the error page displayed when an exception occurs within the modern UI’s cached results page. Also hides completely the underlying error message to prevent leaking backend information.

3 Bug fixes

Fixes a problem in content auditor where the links to accessibility auditor did not respond unless manually opened in a new window.

3 Bug fixes

Fixes a concurrency issue with snapshots where, under heavy load, Push might miss the latest generation in the snapshot.

3 Bug fixes

Fixed an issue where the user editing interface for a user with no permitted collections would be presented with all collections selected, rather than none.

3 Bug fixes

Upgrades the Jetty web server to the latest 9.2.x version to fix a buffer bleed vulnerability.

3 Bug fixes

Fixes a bug which caused collections with @groovy directories in conf to have the collection root directories removed when being updated (every third time gathering occurs).

3 Bug fixes

Fixes a bug with Push where it would create errant Vaccum tasks while the push collection was shutting down.

3 Bug fixes

Fixes a bug where a small number of autocompletion possibilities were not considered.

3 Bug fixes

Provides substantial improvements to the Push API response times.

3 Bug fixes

Fixed an issue where the user editing interface for a user with no permitted collections would be presented with all collections selected, rather than none.

3 Bug fixes

Upgrades the Jetty web server to the latest 9.2.x version to fix a buffer bleed vulnerability.

3 Bug fixes

Fixes a bug with Push where it would create errant Vaccuum tasks while the push collection was shutting down.

3 Bug fixes

Fixes a bug where the Index Merger sometimes fails.

3 Bug fixes

Improves the logging of the indexer specifically for logging when external metadata is used as well as for storing metadata in the index.

3 Bug fixes

Improves the indexer so that metadata that is associated with internally defined metadata classes are not stored in the index unless the metadata class is defined in metamap.cfg or xml.cfg. This is closer to previous versions of the indexer.

3 Bug fixes

Improved the indexer so that values in XML elements that are not defined in xml.cfg do not default to metadata class k.

3 Bug fixes

Fixes a issue with the indexer reading external_metadata.cfg, which contained :.

3 Bug fixes

Fixes a issue with Push collections, where filtering was unable to use Tika to filter documents.

3 Bug fixes

Improves Push so that the reason commits are disabled is remembered.

3 Bug fixes

Improves Push so that the log folder for the last failed commit and merge is not deleted through log rotation.

3 Bug fixes

Adds a feature to Push so that if push.create-snapshot-on-merge-failure is set to true, Push will create a snapshot of the Push collection if a merge fails for further investigation.

3 Bug fixes

Fixes an issue with click logs processing during indexing, where a invalid click log line can cause indexing to fail.

3 Bug fixes

Allows update-configs to update a single collection, rather than the entire server.

To use this new capability provide update.configs.pl with the directory for the collection (e.g. /opt/funnelback/conf/collection_name/) and the upgrade process will be run only on that directory.

Note that running this will not create an empty updates statistic database in admin/reports/collection_name which might be required when upgrading from some old versions.

3 Bug fixes

Fixed an issue where the user editing interface for a user with no permitted collections would be presented with all collections selected, rather than none.