Help Center

Menu

Funnelback patch 15.22.0.12

  • Released: 2019-10-28

  • Applies to: v15.22.0

  • Internal reference: RNDSUPPORT-3079

Description

  • Prevents XSS vulnerabilities found in the classic administration dashboard.

Affected files

  • lib/perl/Funnelback/Files.pm

  • web/admin/delete-file.cgi

  • web/admin/download-conf.cgi

  • web/admin/edit-conf.cgi

  • web/admin/edit-form.cgi

  • web/admin/example-gui.cgi

  • web/admin/load-ctest.cgi

  • web/admin/publish.cgi

  • web/admin/restore-conf.cgi

  • web/admin/show-file.cgi

  • web/admin/show-monitor-log.cgi

  • web/admin/svn.cgi

  • web/admin/upload-conf.cgi

Deployment

  • Stop the Jetty web server.

  • Deploy the provided files on top of an existing install, backing up all replaced files.

  • (15.22.0.11) Run $SEARCH_HOME/bin/setup/start_funnelback_on_boot.pl to regenerate service files from the templates. Please note that this will cause each Funnelback service to be restarted.

  • (15.22.0.11) Reboot the Funnelback server to ensure systemd picks up the changes to the service files.

  • Start the Jetty web server if the server was not restarted.