Funnelback patch 15.12.0.32

  • Released: 2019-09-04

  • Applies to: v15.12.0

  • Internal reference: RNDSUPPORT-3041

Description

  • Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets.

Affected files

  • web/webapps/funnelback-publicui.war

Deployment

  • (Windows) Stop currently running crawls.

  • Stop the Jetty web server and the Funnelback daemon.

  • Deploy the provided files on top of an existing install, backing up all replaced files.

  • Start the Jetty web server and the Funnelback daemon.

  • 15.12.0.21 The conf/<collection>/custom_gather.groovy of each Facebook collection that are failing to update due to Facebook API changes should be updated to have the content provided in share/custom_collection_templates/custom_gather.groovy.facebook. The customer will need to provide a never-expiring page access token to replace the app access token.