Funnelback patch 15.22.0.31

  • Released: 2021-05-18

  • Applies to: v15.22.0

  • Internal reference: RNDSUPPORT-3374

Description

  • Fixes a cross-site scripting vulnerability in Freemarker templates.

Affected files

  • web/templates/modernui/funnelback.ftl

Deployment

  • Stop the Jetty web server.

  • Deploy the provided files on top of an existing install, backing up all replaced files.

  • (15.22.0.11) Run $SEARCH_HOME/bin/setup/start_funnelback_on_boot.pl to regenerate service files from the templates. Please note that this will cause each Funnelback service to be restarted.

  • (15.22.0.11) Reboot the Funnelback server to ensure systemd picks up the changes to the service files.

  • Start the Jetty web server if the server was not restarted