Funnelback patch 15.22.0.3

  • Released: 2019-09-04

  • Applies to: v15.22.0

  • Internal reference: RNDSUPPORT-3041, RNDSUPPORT-3051

Description

  • Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets.

  • Reduce the size of the redirector war file to reduce memory overhead and deploy time.

Affected files

  • web/webapps/funnelback-publicui.war

  • web/webapps/funnelback-redirector.war

Deployment

  • Stop the Jetty web server.

  • Deploy the provided files on top of an existing install.

  • Start the Jetty web server.