Funnelback patch 15.16.0.20

Upgrades log4j2 to version 2.16 to fix the security vulnerability where log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints.

lib/java/all/admin-api-client-swagger-generated.jar

lib/java/all/funnelback-analytics.jar

lib/java/all/funnelback-api-client-core.jar

lib/java/all/funnelback-collection-update.jar

lib/java/all/funnelback-common.jar

lib/java/all/funnelback-crawler.jar

lib/java/all/funnelback-crawler-http-client.jar

lib/java/all/funnelback-daemon.jar

lib/java/all/funnelback-data-api-connector-padre.jar

lib/java/all/funnelback-data-api-connector-padre-query-parser.jar

lib/java/all/funnelback-dbgather.jar

lib/java/all/funnelback-directory-gather.jar

lib/java/all/funnelback-filecopier.jar

lib/java/all/funnelback-filter.jar

lib/java/all/funnelback-mediator-core.jar

lib/java/all/funnelback-mediator-endpoint-cli.jar

lib/java/all/funnelback-push-api-client.jar

lib/java/all/funnelback-push-core.jar

lib/java/all/funnelback-reporting-api-client.jar

lib/java/all/funnelback-reporting.jar

lib/java/all/funnelback-slack-datasource-export-processor.jar

lib/java/all/funnelback-social-media.jar

lib/java/all/funnelback-springmvc-common.jar

lib/java/all/funnelback-store.jar

lib/java/all/funnelback-warc-library.jar

lib/java/all/funnelback-wca-api-client.jar

lib/java/all/funnelback-wca-checker.jar

lib/java/all/log4j-1.2-api-2.6.2.jar: This is now a empty jar for easy patch application.

lib/java/all/log4j-1.2-api-2.16.0.jar

lib/java/all/log4j-api-2.6.2.jar: This is now a empty jar for easy patch application.

lib/java/all/log4j-api-2.16.0.jar

lib/java/all/log4j-core-2.6.2.jar: This is now a empty jar for easy patch application.

lib/java/all/log4j-core-2.16.0.jar

lib/java/all/log4j-iostreams-2.6.2.jar: This is now a empty jar for easy patch application.

lib/java/all/log4j-iostreams-2.16.0.jar

lib/java/all/log4j-jcl-2.6.2.jar: This is now a empty jar for easy patch application.

lib/java/all/log4j-jcl-2.16.0.jar

lib/java/all/log4j-jul-2.6.2.jar: This is now a empty jar for easy patch application.

lib/java/all/log4j-jul-2.16.0.jar

lib/java/all/log4j-slf4j-impl-2.6.2.jar: This is now a empty jar for easy patch application.

lib/java/all/log4j-slf4j-impl-2.16.0.jar

lib/java/all/log4j-web-2.6.2.jar: This is now a empty jar for easy patch application.

lib/java/all/log4j-web-2.16.0.jar

lib/java/all/publicui-core.jar

lib/java/all/publicui-form-converter.jar

tools/manifoldcf-funnelback-connector.zip

web/server/funnelback-jetty-launcher.jar

web/webapps/funnelback-admin-api.war

web/webapps/funnelback-classic-admin.war

web/webapps/funnelback-mediator-endpoint-http.war

web/webapps/funnelback-publicui.war

web/webapps/funnelback-push-api.war

web/webapps/funnelback-redirector.war

(Windows) Stop currently running crawls.

Stop the Jetty web server and the Funnelback daemon.

Deploy the provided files on top of an existing install, backing up all replaced files.

(15.16.0.20) It is recommended that the following (empty) files are deleted: lib/java/all/log4j-1.2-api-2.6.2.jar, lib/java/all/log4j-api-2.6.2.jar, lib/java/all/log4j-core-2.6.2.jar, lib/java/all/log4j-iostreams-2.6.2.jar, lib/java/all/log4j-jcl-2.6.2.jar, lib/java/all/log4j-jul-2.6.2.jar, lib/java/all/log4j-slf4j-impl-2.6.2.jar, lib/java/all/log4j-web-2.6.2.jar.

(15.16.0.20) Run $SEARCH_HOME/bin/setup/start_funnelback_on_boot.pl - Please note that this will cause Funnelback services to be restarted.

Start the Jetty web server and the Funnelback daemon (if they weren’t already started by the previous step)

(Windows) Start crawls as needed.

Perform an update on the funnelback_documentation collection to ensure the most accurate results.