Funnelback patch 15.16.0.20
-
Released: 2021-12-20
-
Applies to: v15.16.0
-
Internal reference: RNDSUPPORT-3466
Description
-
Upgrades log4j2 to version 2.16 to fix the security vulnerability where log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints.
Affected files
-
lib/java/all/admin-api-client-swagger-generated.jar
-
lib/java/all/funnelback-analytics.jar
-
lib/java/all/funnelback-api-client-core.jar
-
lib/java/all/funnelback-collection-update.jar
-
lib/java/all/funnelback-common.jar
-
lib/java/all/funnelback-crawler.jar
-
lib/java/all/funnelback-crawler-http-client.jar
-
lib/java/all/funnelback-daemon.jar
-
lib/java/all/funnelback-data-api-connector-padre.jar
-
lib/java/all/funnelback-data-api-connector-padre-query-parser.jar
-
lib/java/all/funnelback-dbgather.jar
-
lib/java/all/funnelback-directory-gather.jar
-
lib/java/all/funnelback-filecopier.jar
-
lib/java/all/funnelback-filter.jar
-
lib/java/all/funnelback-mediator-core.jar
-
lib/java/all/funnelback-mediator-endpoint-cli.jar
-
lib/java/all/funnelback-push-api-client.jar
-
lib/java/all/funnelback-push-core.jar
-
lib/java/all/funnelback-reporting-api-client.jar
-
lib/java/all/funnelback-reporting.jar
-
lib/java/all/funnelback-slack-datasource-export-processor.jar
-
lib/java/all/funnelback-social-media.jar
-
lib/java/all/funnelback-springmvc-common.jar
-
lib/java/all/funnelback-store.jar
-
lib/java/all/funnelback-warc-library.jar
-
lib/java/all/funnelback-wca-api-client.jar
-
lib/java/all/funnelback-wca-checker.jar
-
lib/java/all/log4j-1.2-api-2.6.2.jar
: This is now a empty jar for easy patch application. -
lib/java/all/log4j-1.2-api-2.16.0.jar
-
lib/java/all/log4j-api-2.6.2.jar
: This is now a empty jar for easy patch application. -
lib/java/all/log4j-api-2.16.0.jar
-
lib/java/all/log4j-core-2.6.2.jar
: This is now a empty jar for easy patch application. -
lib/java/all/log4j-core-2.16.0.jar
-
lib/java/all/log4j-iostreams-2.6.2.jar
: This is now a empty jar for easy patch application. -
lib/java/all/log4j-iostreams-2.16.0.jar
-
lib/java/all/log4j-jcl-2.6.2.jar
: This is now a empty jar for easy patch application. -
lib/java/all/log4j-jcl-2.16.0.jar
-
lib/java/all/log4j-jul-2.6.2.jar
: This is now a empty jar for easy patch application. -
lib/java/all/log4j-jul-2.16.0.jar
-
lib/java/all/log4j-slf4j-impl-2.6.2.jar
: This is now a empty jar for easy patch application. -
lib/java/all/log4j-slf4j-impl-2.16.0.jar
-
lib/java/all/log4j-web-2.6.2.jar
: This is now a empty jar for easy patch application. -
lib/java/all/log4j-web-2.16.0.jar
-
lib/java/all/publicui-core.jar
-
lib/java/all/publicui-form-converter.jar
-
tools/manifoldcf-funnelback-connector.zip
-
web/server/funnelback-jetty-launcher.jar
-
web/webapps/funnelback-admin-api.war
-
web/webapps/funnelback-classic-admin.war
-
web/webapps/funnelback-mediator-endpoint-http.war
-
web/webapps/funnelback-publicui.war
-
web/webapps/funnelback-push-api.war
-
web/webapps/funnelback-redirector.war
Deployment
-
(Windows) Stop currently running crawls.
-
Stop the Jetty web server and the Funnelback daemon.
-
Deploy the provided files on top of an existing install, backing up all replaced files.
-
(15.16.0.20) It is recommended that the following (empty) files are deleted:
lib/java/all/log4j-1.2-api-2.6.2.jar
,lib/java/all/log4j-api-2.6.2.jar
,lib/java/all/log4j-core-2.6.2.jar
,lib/java/all/log4j-iostreams-2.6.2.jar
,lib/java/all/log4j-jcl-2.6.2.jar
,lib/java/all/log4j-jul-2.6.2.jar
,lib/java/all/log4j-slf4j-impl-2.6.2.jar
,lib/java/all/log4j-web-2.6.2.jar
. -
(15.16.0.20) Run
$SEARCH_HOME/bin/setup/start_funnelback_on_boot.pl
- Please note that this will cause Funnelback services to be restarted. -
Start the Jetty web server and the Funnelback daemon (if they weren’t already started by the previous step)
-
(Windows) Start crawls as needed.
-
Perform an update on the funnelback_documentation collection to ensure the most accurate results.