Funnelback patch 15.22.0.7

  • Released: 2019-09-24

  • Applies to: v15.22.0

  • Internal reference: RNDSUPPORT-3041

Description

  • Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates escaped using output formats by inserting zero-width whitespace between consecutive open-curly-brackets.

Affected files

  • web/webapps/funnelback-publicui.war

Deployment

  • Stop the Jetty web server.

  • Deploy the provided files on top of an existing install.

  • Start the Jetty web server.