Funnelback 15.22 patches
Patches
| Type | Release version | Description |
|---|---|---|
3 Bug fixes |
Fixed the security vulnerability where Spring Framework RCE may be vulnerable to remote code execution (RCE) via data binding [CVE-2022-22965] |
|
3 Bug fixes |
Upgrades log4j2 to version 2.17 to fix the security vulnerability where Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. |
|
3 Bug fixes |
Upgrades log4j2 to version 2.15 to fix the security vulnerability where log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints. |
|
3 Bug fixes |
Fixes a cross-site scripting vulnerability in Freemarker templates. |
|
3 Bug fixes |
Reduces memory usage when returning search results as XML. |
|
3 Bug fixes |
Fixes an issue where sessions are not terminated on logout events triggered by perl pages. |
|
3 Bug fixes |
Fixes an XXE issue where input to the webdav endpoint could be manipulated to trigger http requests. |
|
3 Bug fixes |
Fixes admin-ui handling of profiles with hyphens in their IDs. |
|
3 Bug fixes |
Fixes an issue where Faceted Navigation extra searches may fail because of an index out of bounds error. |
|
3 Bug fixes |
Improves logging when extra searches take too long. |
|
3 Bug fixes |
Fixes an issue where marketing dashboard refers a non-existing URL when |
|
3 Bug fixes |
Fixes a NullPointerException in ViewModeBanner macro when SAML is enabled |
|
3 Bug fixes |
Fixes ip pseudonymization when Funnelback is behind a load balancer and client ip details are in the |
|
3 Bug fixes |
Reduces memory consumption and improves performance of the purge sessions endpoint |
|
3 Bug fixes |
Upgrades the version of |
|
3 Bug fixes |
Fixes an issue where Facebook collections gathered less number of documents due to a pagination issue in the Facebook Graph API. |
|
3 Bug fixes |
Facebook Graph API deprecated fields |
|
3 Bug fixes |
Fixes an XML formatting issue in Faceted Navigation click logs. |
|
3 Bug fixes |
Fixes a bug with merging under Push. |
|
3 Bug fixes |
Fixes a bug in which white space was not preserved in summaries from anchor text when the |
|
3 Bug fixes |
The Push API client used in multi server push now has timeouts enabled allowing it to abandon problematic HTTP requests. |
|
3 Bug fixes |
Removes the screens for file-manager rule editing which could create security issues |
|
3 Bug fixes |
Fixes an issue where support packages could contain unintended files |
|
3 Bug fixes |
Fixes an issue where the running Funnelback jetty web server could retain permissions via supplemental groups after startup |
|
3 Bug fixes |
Limits an administration CGI script to redirect only within the Funnelback administration interface as intended |
|
3 Bug fixes |
Removes the unused administration debug.cgi script which reflected input parameters without proper escaping |
|
3 Bug fixes |
Fixes a bug where a horizontal display of columns in auto-completion dropdown doesn’t work. |
|
3 Bug fixes |
Fixes a bug where insecure operation on CSS files list was performed when CSS file was exposed via the same domain as auto-completion widget but different port. |
|
3 Bug fixes |
Fixes an issue where the push API failed to start up when using SAML authentication. |
|
3 Bug fixes |
Fixes an issue where Knowledge Graph groovy scripts are not executed when they are defined at the profile preview level. |
|
3 Bug fixes |
Fixes an issue where the Knowledge Graph class |
|
3 Bug fixes |
Fixes an issue where Knowledge Graph API does not work when a JDBC driver is specified for the session database. |
|
3 Bug fixes |
Fixes a bug introduced in the previous patch in which uploading configuration files in the administration dashboard stopped working. |
|
3 Bug fixes |
Prevents XSS vulnerabilities found in the classic administration dashboard. |
|
3 Bug fixes |
Move Funnelback service pid files to |
|
3 Bug fixes |
Include some additional metadata in service template files. |
|
3 Bug fixes |
Relax permissions on creating a service. If user has access to create a profile ( |
|
3 Bug fixes |
Fixed an issue where the crawler would follow |
|
3 Bug fixes |
Improves support for running faceted navigation on extra searches. |
|
3 Bug fixes |
Adds method 'getEffectiveExtraSearchName()' to the search transaction which gets the name of the extra search this search should be considered to be under. The result of this should be used when modifying a particular extra search. As Funnelback may create extra searches under an existing search, for example for faceted navigation, this could be used to work out if the search transaction should be modified. |
|
3 Bug fixes |
Fixes errors in the sorting of faceted navigation values, which could cause a HTTP 500 error code. |
|
3 Bug fixes |
Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates escaped using output formats by inserting zero-width whitespace between consecutive open-curly-brackets. |
|
3 Bug fixes |
Empty XML elements mapped as the document URL are now ignored. |
|
3 Bug fixes |
Fixes a memory leak by disabling the conscrypt SSL provider. |
|
3 Bug fixes |
Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets. |
|
3 Bug fixes |
Please note, this patch was retracted due to an incomplete solution causing template errors when used with certain Freemarker escaping modes. The 15.22.0.7 patch, which addresses this issue, should be used instead. |
|
3 Bug fixes |
Fixes a bug in which the last seen time of an Accessibility Auditor Acknowledgment would not be updated. |
|
3 Bug fixes |
Fixes a bug in which spaces would be removed from query biased summaries which came from 'cdata' sections of XML. |
|
3 Bug fixes |
Improves the task-picker such that it can load dependencies from custom 'jar' files located '$SEARCH_HOME/lib/java/task-picker/'. |
|
3 Bug fixes |
Improves query performance when lots of curator rules are defined for any profile under a collection. |
|
3 Bug fixes |
Improves 'build_autoc' performance for profiles reducing update times. |
|
3 Bug fixes |
Reduces the time taken by the update step |
|
3 Bug fixes |
Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets. |
|
3 Bug fixes |
Reduce the size of the redirector war file to reduce memory overhead and deploy time. |
|
3 Bug fixes |
Improve support for faceted navigation with queries that contain bigrams (such as CJKT characters). |
|
3 Bug fixes |
Fixes an issue where relationships labels in the knowledge graph widget have been created incorrectly. |
|
3 Bug fixes |
Fixes an issue where sorting of related entities has not been applied based on knowledge graph template configuration. |
|
3 Bug fixes |
Fixes an issue where a double request to search endpoint in the knowledge graph widget has been sent on pressing |
|
3 Bug fixes |
Fixes an issue where the saving of profile and server level configuration parameters have not been executed due to incorrect backup file creation. |
|
3 Bug fixes |
Improve the performance of the Accessibility Auditor interface by requesting less data. |
|
3 Bug fixes |
Fixes an issue where some of the text on the Accessibility Auditor dashboard was showing out of date information. |
|
3 Bug fixes |
Fixes an issue where the Accessibility Auditor dashboard would not generate the thumbnail screenshots for each domain. |
|
3 Bug fixes |
Tuning now uses the Perl defined in executables.cfg rather than the Perl defined on the path |