Funnelback patch

  • Released: 2019-09-23

  • Applies to: v15.22.0

  • Internal reference: RNDSUPPORT-3041


  • Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets.

  • Please note, this patch was retracted due to an incomplete solution causing template errors when used with certain Freemarker escaping modes. The patch, which addresses this issue, should be used instead.

Affected files

  • web/webapps/funnelback-publicui.war: Reverted to a previous version.


  • Stop the Jetty web server.

  • Deploy the provided files on top of an existing install.

  • Start the Jetty web server.