Funnelback patch 15.10.0.22

  • Released: 2017-11-08

  • Applies to: v15.10.0

  • Internal reference: SUPPORT-2531 SUPPORT-2522

Description

To minimise the number of false positives reported by XSS testing tools, JSON endpoints have restricted the JSONP callback to only contain A-Za-z0-9 as well as $._-[]".

Fixes an issue where bin/reports-send-email.pl was not reading profile email configuration options from reporting-email.cfg.

Affected files

  • web/webapps/funnelback-publicui.war

  • lib/java/all/funnelback-reporting.jar

Deployment

  • (15.10.0.8) If the installation has Facebook collections, the Version given to the DefaultFacebookClient should be changed to Version.Latest e.g. new DefaultFacebookClient(Version.LATEST).

  • (Windows) Stop currently running crawls.

  • Stop the Jetty web server and the Funnelback daemon.

  • If bin/delete-collection.pl is called directly on the command line, take note of the perl referenced in the #! line.

  • Deploy the provided files on top of an existing install, backing up all replaced files.

  • If bin/delete-collection.pl is called directly on the command line, update the perl referenced in the #! line.

  • Start the Jetty web server and the Funnelback daemon.

  • (Windows) Start crawls as needed.

  • Collections suffering from the issue with instant updates and external metadata will need to be updated before instant updates will work.