Funnelback patch 15.10.0.39
-
Released: 2019-09-24
-
Applies to: v15.10.0
-
Internal reference: RNDSUPPORT-3041
Description
-
Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates escaped using output formats by inserting zero-width whitespace between consecutive open-curly-brackets.
Deployment
-
(Windows) Stop currently running crawls.
-
Stop the Jetty web server and the Funnelback daemon.
-
If bin/delete-collection.pl is called directly on the command line, take note of the perl referenced in the #! line.
-
Deploy the provided files on top of an existing install, backing up all replaced files.
-
If bin/delete-collection.pl is called directly on the command line, update the perl referenced in the #! line.
-
To support extended tweets, add "cb.setTweetModeExtended(true);" after the "ConfigurationBuilder cb = new ConfigurationBuilder();" line in the twitter custom_gather.groovy script.
-
Start the Jetty web server and the Funnelback daemon.
-
(15.10.0.32) The
conf/<collection>/custom_gather.groovy
of each Facebook collection that are failing to update due to Facebook API changes should be updated to have the content provided inshare/custom_collection_templates/custom_gather.groovy.facebook
. The customer will need to provide a never-expiring page access token to replace the app access token. -
(15.10.0.8) If the installation has Facebook collections, the Version given to the DefaultFacebookClient should be changed to Version.Latest e.g. new DefaultFacebookClient(Version.LATEST).
-
(Windows) Start crawls as needed.
-
Collections suffering from the issue with instant updates and external metadata will need to be updated before instant updates will work.