Funnelback 15.0 patches
Patches
Type | Release version | Description |
---|---|---|
3 Bug fixes |
Upgrades log4j2 to version 2.17 to fix the security vulnerability where log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints. |
|
3 Bug fixes |
Prevents creation of objects within Freemarker template files to ensure that template editors can not cause external code to be executed. |
|
3 Bug fixes |
Fixes security issues where:
Please ensure any custom form-not-found.ftl templates in collections are updated to perform correct escaping if they were derived from the previously vulnerable form-not-found.default.ftl. Please ensure that any customised value for the global |
|
3 Bug fixes |
Fixed an issue where the user editing interface for a user with no permitted collections would be presented with all collections selected, rather than none. |
|
3 Bug fixes |
Fixes a cross site scripting vulnerability when unescaped HTML was provided to the CheckBlending macro’s linkText attribute. |
|
3 Bug fixes |
Corrected the XSS Vulnerability in Anchors.html |
|
3 Bug fixes |
Fixes a bug where configs would not be reloaded in some multi server environments. |
|
3 Bug fixes |
Fixes a bug where data loss could occur in Push collections if commits failed. |
|
3 Bug fixes |
Fixes a bug on Windows where commits could fail if index files in a snapshot are held opened. |
|
3 Bug fixes |
Fixes various DLS security flaws. |
|
3 Bug fixes |
Fixes a bug where data loss could occur in push on Windows. The problem is more likely to occur when Push is used in a meta collection. |
|
3 Bug fixes |
Fixes a race condition when saving a meta collection configuration on Windows if a component collection is updating in the background. |
|
3 Bug fixes |
Fixes a bug with Curator based Best Bets, where an OutOfMemoryError would be thrown. |