Funnelback patch 15.20.0.19
-
Released: 2019-09-24
-
Applies to: v15.20.0
-
Internal reference: RNDSUPPORT-3041
Description
-
Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates escaped using output formats by inserting zero-width whitespace between consecutive open-curly-brackets.
Deployment
-
(Windows) Stop any tuning runs that are in progress
-
Stop the Jetty web server
-
Deploy the provided files on top of an existing install.
-
(15.20.0.2) Run $SEARCH_HOME/bin/setup/start_funnelback_on_boot.pl - Please note that this will cause Funnelback services to be restarted.
-
(15.20.0.2) On unix only, run
chown -R search:search $SEARCH_HOME/databases/neo4j/ $SEARCH_HOME/log/neo4j
as root to fix file ownership replacing search with your funnelback user’s username if you used a different one. -
(15.20.0.2) Restart the Funnelback server to ensure any prior funnelback-graph service is terminated.
-
Start the Jetty web server
-
(15.20.0.3) Perform an update of knowledge graph on any applicable collections to ensure "mention" relationships that reference themselves are removed.
-
(15.20.0.7) As wcag was deprecated in version 15.12 it is recommended to switch to using its replacement by editing collection.cfg to have 'wcag.check=false', remove
FAChecker
from 'filter.classes=' and set 'accessibility-auditor.check=true'. The wcag check may be completely removed from future versions.