Funnelback 15.18 patches
Patches
| Type | Release version | Description |
|---|---|---|
3 Bug fixes |
Upgrades log4j2 to version 2.16 to fix the security vulnerability where log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints. |
|
3 Bug fixes |
Removes the screens for file-manager rule editing which could create security issues |
|
3 Bug fixes |
Fixes an issue where support packages could contain unintended files |
|
3 Bug fixes |
Fixes an issue where the running Funnelback jetty web server could retain permissions via supplemental groups after startup |
|
3 Bug fixes |
Limits an administration CGI script to redirect only within the Funnelback administration interface as intended |
|
3 Bug fixes |
Removes the unused administration debug.cgi script which reflected input parameters without proper escaping |
|
3 Bug fixes |
Improves support for running faceted navigation on extra searches. |
|
3 Bug fixes |
Adds method 'getEffectiveExtraSearchName()' to the search transaction which gets the name of the extra search this search should be considered to be under. The result of this should be used when modifying a particular extra search. As Funnelback may create extra searches under an existing search, for example for faceted navigation, this could be used to work out if the search transaction should be modified. |
|
3 Bug fixes |
Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates escaped using output formats by inserting zero-width whitespace between consecutive open-curly-brackets. |
|
3 Bug fixes |
Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets. |
|
3 Bug fixes |
Improves the task-picker such that it can load dependencies from custom 'jar' files located '$SEARCH_HOME/lib/java/task-picker/'. |
|
3 Bug fixes |
Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets. |
|
3 Bug fixes |
Improve the performance of the Accessibility Auditor interface by requesting less data. |
|
3 Bug fixes |
Fixes an issue where some of the text on the Accessibility Auditor dashboard was showing out of date information. |
|
3 Bug fixes |
Fixes an issue where the Accessibility Auditor dashboard would not generate the thumbnail screenshots for each domain. |
|
3 Bug fixes |
Improves the query response time when sorting. |
|
3 Bug fixes |
Fixes an issue where large (>2GB) index.dt files would cause padre-gs to fail when setting gscopes. |
|
3 Bug fixes |
Fixes an issue where jetty stopped logging after deploying knowledge-graph. |
|
3 Bug fixes |
Fixes an issue where jetty would terminate on invalid 'index.autoc' (query completion) files. |
|
3 Bug fixes |
Makes the funnelback-graph service run as the Funnelback user on Unix. |
|
3 Bug fixes |
Fixes an issue that prevents the funnelback-graph service from restarting when requested. |
|
3 Bug fixes |
Fixes an issue that prevents scheduled tasks from appearing in the Administration interface on Windows Server 2016. |
|
3 Bug fixes |
Fixes an issue where recording Accessibility Auditor details would fail during the swap views step if the server is in read-only mode. |
|
3 Bug fixes |
Fixes an issue where swap-views.pl did not clear the redis state before running the pipeline. |
|
3 Bug fixes |
Fixes cases where related document processing could:
|
|
3 Bug fixes |
Improves the Accessibility Auditor historical data storage. The data is stored in less space while also being significantly faster when storing and retrieving data. The Accessibility Auditor historical data APIs are also improved to reduce the amount of memory needed to help reduce the chance of 'OutOfMemoryError' exceptions from being thrown. The Accessibility Auditor historical data will be automatically moved to the new storage format when Jetty is restarted (one collection at a time) or on the first Accessibility Auditor historical data API request. |
|
3 Bug fixes |
The default timeout for 'push.scheduler.delay-between-meta-dependencies-runs' has been increased to '1200' (20 minutes). This has been increased to reduce the frequency at which Accessibility Auditor historical data is recorded. This option will need to be overridden if meta collections containing push collections need a smaller delay in updating the spelling index and auto completion. |
|
3 Bug fixes |
Fixes a bug where the API 'GET /account/v2/permitted-values/profiles' would return profiles the current user did not have access to within collections the user did have access to. |
|
3 Bug fixes |
Improves query processing so that non ASCII apostrophes are treated the same as ASCII apostrophes. |
|
3 Bug fixes |
Fixes a bug where queries may not return when instant updates include URLs that contain ampersands. |
|
3 Bug fixes |
Corrects the list of security permissions which generate a warning in the release notes. |
|
3 Bug fixes |
Prevents creation of objects within Freemarker template files to ensure that template editors can not cause external code to be executed. |
|
3 Bug fixes |
Fixes a bug where 'FineTune' may crash when 'query_processor_options' is longer than '1000' bytes. |
|
3 Bug fixes |
Removes a restriction where users without 'sec.administer.system' could not see the link to the new user management screens. |
|
3 Bug fixes |
Fixes an issue with page navigation being broken in the adminstration screens when you dismiss unsaved changes. |
|
3 Bug fixes |
Stops user.ini files which were not upgraded by the installer from being corrupted by clicking links in the administration home page. |