Funnelback patch

  • Released: 2020-09-25

  • Applies to: v15.22.0

  • Internal reference: RNDSUPPORT-3259, RNDSUPPORT-3258


  • Fixes an issue where sessions are not terminated on logout events triggered by perl pages.

  • Fixes an XXE issue where input to the webdav endpoint could be manipulated to trigger http requests.

Affected files

  • lib/perl/Funnelback/

  • web/webapps/funnelback-admin-api.war


  • Stop the Jetty web server.

  • Deploy the provided files on top of an existing install, backing up all replaced files.

  • ( Run $SEARCH_HOME/bin/setup/ to regenerate service files from the templates. Please note that this will cause each Funnelback service to be restarted.

  • ( Reboot the Funnelback server to ensure systemd picks up the changes to the service files.

  • Start the Jetty web server if the server was not restarted