Funnelback patch 15.14.0.36

  • Released: 2019-09-24

  • Applies to: v15.14.0

  • Internal reference: RNDSUPPORT-3041

Description

  • Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates escaped using output formats by inserting zero-width whitespace between consecutive open-curly-brackets.

Affected files

  • web/webapps/funnelback-publicui.war

Deployment

  • (Windows) Stop currently running crawls.

  • Stop the Jetty web server and the Funnelback daemon.

  • Deploy the provided files on top of an existing install, backing up all replaced file- Start the Jetty web server and the Funnelback daemon.

  • (15.14.0.14) The conf/<collection>/custom_gather.groovy of each Facebook collection that is failing to update due to Facebook API changes should be updated to have the content provided in share/custom_collection_templates/custom_gather.groovy.facebook. The customer will need to provide a never-expiring page access token to replace the app access token.

  • (Windows) Start crawls as needed.