Funnelback 15.12 patches
Patches
Type | Release version | Description |
---|---|---|
3 Bug fixes |
Upgrades log4j2 to version 2.16 to fix the security vulnerability where log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints. |
|
3 Bug fixes |
Fixes an issue where sessions are not terminated on logout events triggered by perl pages. |
|
3 Bug fixes |
Removes the screens for file-manager rule editing which could create security issues |
|
3 Bug fixes |
Fixes an issue where support packages could contain unintended files |
|
3 Bug fixes |
Fixes an issue where the running Funnelback jetty web server could retain permissions via supplemental groups after startup |
|
3 Bug fixes |
Limits an administration CGI script to redirect only within the Funnelback administration interface as intended |
|
3 Bug fixes |
Removes the unused administration debug.cgi script which reflected input parameters without proper escaping |
|
3 Bug fixes |
Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates escaped using output formats by inserting zero-width whitespace between consecutive open-curly-brackets. |
|
3 Bug fixes |
Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets. |
|
3 Bug fixes |
Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets. |
|
3 Bug fixes |
Improve the performance of the Accessibility Auditor interface by requesting less data. |
|
3 Bug fixes |
Fixes an issue where some of the text on the Accessibility Auditor dashboard was showing out of date information. |
|
3 Bug fixes |
Improves the query response time when sorting. |
|
3 Bug fixes |
Fixes an issue where large (>2GB) index.dt files would cause padre-gs to fail when setting gscopes. |
|
3 Bug fixes |
Improves the Accessibility Auditor historical data storage. The data is stored in less space while also being significantly faster when storing and retrieving data. The Accessibility Auditor historical data APIs are also improved to reduce the amount of memory needed to help reduce the chance of 'OutOfMemoryError' exceptions from being thrown. The Accessibility Auditor historical data will be automatically moved to the new storage format when Jetty is restarted (one collection at a time) or on the first Accessibility Auditor historical data API request. |
|
3 Bug fixes |
The default timeout for 'push.scheduler.delay-between-meta-dependencies-runs' has been increased to '1200' (20 minutes). This has been increased to reduce the frequency at which Accessibility Auditor historical data is recorded. This option will need to be overridden if meta collections containing push collections need a smaller delay in updating the spelling index and auto completion. |
|
3 Bug fixes |
Prevents creation of objects within Freemarker template files to ensure that template editors can not cause external code to be executed. |
|
3 Bug fixes |
Fixes a bug where 'FineTune' may crash when 'query_processor_options' is longer than '1000' bytes. |
|
3 Bug fixes |
Push slaves will now actively pull down merge/vacuumed generations, rather than waiting for commits to trigger this. This can help solve problems where the slaves will not reduce the number of generations or re-indexes are not pulled down by the slaves. |
|
3 Bug fixes |
Fixes security issues where:
Please ensure any custom form-not-found.ftl templates in collections are updated to perform correct escaping if they were derived from the previously vulnerable form-not-found.default.ftl. Please ensure that any customised value for the global |
|
3 Bug fixes |
Improves the performance of the directory gatherer. |
|
3 Bug fixes |
Fixes support for sort mode '3' in query completion, allowing 'alpha' to be respected. |
|
3 Bug fixes |
|
|
3 Bug fixes |
Provides additional metadata for twitter records specifying if a tweet is a reply and to what it is a reply to. This is made available in the XML under 'isReply', 'inReplyToScreenName', 'inReplyToStatusId', 'inReplyToUserId' and 'inReplyToUrl'. |
|
3 Bug fixes |
Upgrades the version of our internal libraries to account for recent breaking changes in the Facebook Graph API.
This will fix issues that caused Facebook collections to fail to update on certain user accounts,
when crawling more than 200 posts in an hour, and when crawling events posted by a page.
To update existing Facebook collections that may be failing,
the changes noted in deployment instructions below will need to be made on each groovy script.
|
|
3 Bug fixes |
Fixes an issue where the web crawler parser would time out when parsing large (10MB+) HTML pages. |
|
3 Bug fixes |
Updates the search sessions click history to no longer record all metadata into the DB. Search sessions will only record the metadata classes listed in profile.cfg option 'ui.modern.session.search_history.metadata'. By default this is empty, but can be set with a comma separated list of wanted metadata classes for example: ui.modern.session.search_history.metadata=a,b,c |
|
3 Bug fixes |
Fixes a bug where ratio to run full or incremental updates was not being applied and only a full update was triggered. |
|
3 Bug fixes |
Fixes a bug for scheduled updates where the 'schedule.incremental_crawl_ratio' parameter was not being respected. |
|
3 Bug fixes |
Fixes potential issues introduced by 15.12.0.12 and subsequent patches caused by an incorrect file being included in the patch. |
|
3 Bug fixes |
Fixes a bug in Accessibility Auditor which caused the document audit view to fail when a document contained escaped or unicode characters in their classnames. |
|
3 Bug fixes |
Fixes a potential indexer crash introduced in 15.12.0.14, and some additional cases where multiple dots could be shown in summaries. |
|
3 Bug fixes |
Fixes query biased summaries so that it doesn’t show multiple dots when the original content contains non breaking spaces as the only value within "p" tags. |
|
3 Bug fixes |
Increases the maximum query length to 1MB and maximum query nodes to 16384 on Linux only. |
|
3 Bug fixes |
Fixes a bug where analytics would skip query logs when the query was run with a gscope that was not all numbers. |
|
3 Bug fixes |
Fixes a bug where query processing would not complete if the query contained an isolated colon in it. |
|
3 Bug fixes |
Fixes a bug where query processing would not complete if the query contained "%" in it when search sessions are enabled. |
|
3 Bug fixes |
Fixes a bug in the "JSONToXML" filter which would produce odd XML when a JSON key was set to "content" e.g. |
|
3 Bug fixes |
Fixes a bug where the Accessibility Auditor overview would fail to display correctly when a certain combination of updates were run in a meta collection. |
|
3 Bug fixes |
Cleans up the display of the Accessibility Auditor pages when a site has no failures or all of its failures have been acknowledged. |
|
3 Bug fixes |
Fixes a bug where the Admin API was passing the comment to the publish hook as multiple arguments where it should have been passing the comment as a single argument. |
|
3 Bug fixes |
Upgrades the twitter library to add support for the longer, 280 character tweets. For this to be used, the ConfigurationBuilder object needs to be updated to call "setTweetModeExtended(true)". With the default twitter groovy gather script, this can be done by adding "cb.setTweetModeExtended(true);" immediately after the creation of the new ConfigurationBuilder. |
|
3 Bug fixes |
Fixes a "gscope opstack underflow" error when named gscopes from facets and a gscope1 parameter are combined. In particular, this could occur when using the automatically generated URL scope gscopes in a facet, and then clicking the 'more' link on a contextual navigation list. Named gscopes are now combined correctly to avoid failing in this case, and the redundant gcope1 parameter in contextual navigation links has been removed. |
|
3 Bug fixes |
Fixes an issue which caused the @fb.ExtraSearch Freemarker macro to not return any results. |
|
3 Bug fixes |
Prevents Pattern Analyser from failing when reporting-blacklist.cfg queries contain quotes. |
|
3 Bug fixes |
Pattern analyser will overwrite rather than append to its log. |
|
3 Bug fixes |
Changes the Modern UI sessions such that they no longer use J2EE sessions and always uses the cookie that was set by |
|
3 Bug fixes |
To support backwards compatibility with some existing implementations, create facets for zero count gscopes. |
|
3 Bug fixes |
Fixed an issue where the user editing interface for a user with no permitted collections would be presented with all collections selected, rather than none. |
|
3 Bug fixes |
Fixes a bug where the classic administration dashboard would not be accessible to non locally authenticated users (e.g. ldap) that had a large user .ini file. |
|
3 Bug fixes |
Fixes the metamap.cfg documentation page to display the code blocks correctly. |
|
3 Bug fixes |
Changes the click tracking endpoint to no longer depend on the referrer. This does result in the click logs no longer containing the referrer URL. |
|
3 Bug fixes |
Adds ARIA14 to the Accessibility Auditor and relaxes the requirement for what is considered descriptive text. |
|
3 Bug fixes |
Fixes an issue where analytics might fail to update. |
|
3 Bug fixes |
Allow groovy servlet filters to abort processing in preFilterResponse by returning null. |
|
3 Bug fixes |
Fixes passing Success Criteria being displayed in the Accessibility Auditor when auditing an url. |
|
3 Bug fixes |
Adds better support for the gScopesCount map when used with Integer keys rather than the expected String type keys. 15.12 changed the type of this map to use String keys rather than Integer keys. |
|
3 Bug fixes |
Removes selectUrl and unselectUrl from the faceted navigation data model as it is not required, toggelUrl or the current URL can be used instead. |