Funnelback patch 15.24.0.21

  • Released: 2020-09-25

  • Applies to: v15.24.0

  • Internal reference: RNDSUPPORT-3259, RNDSUPPORT-3258, RNDSUPPORT-3260

Description

  • Fixes an issue where sessions are not terminated on logout events triggered by perl pages.

  • Fixes an XXE issue where input to the webdav endpoint could be manipulated to trigger http requests.

  • Fixes an issue with the web-resources interface which could not cope with unusual file names.

Affected files

  • lib/perl/Funnelback/HTML.pm

  • web/webapps/funnelback-admin-api.war

  • web/adminui/index.html

  • web/adminui/3rdpartylicenses.txt

  • web/adminui/assets/licenses.json

  • web/adminui/assets/worker-javascript.js

  • web/adminui/common.bf9ce4c8d49661e4dba1.js replaced by web/adminui/common.0f89ce443184d5244db1.js

  • web/adminui/main.c507aa1dc93399d2bb4f.js replaced by web/adminui/main.c80bf209a24f55657ab3.js

  • web/adminui/polyfills.d52c8f92e3bfd2903c44.js replaced by web/adminui/polyfills.391c0a9989755423c8df.js

  • web/adminui/runtime.4b20b72036b37e3758de.js replaced by web/adminui/runtime.5e8685d8ec1103966059.js

  • web/adminui/scripts.2a1cb4233e2d466a4533.js replaced by web/adminui/scripts.8b63c8cdb07585d6e37e.js

  • web/adminui/styles.7b5d47e63b819d293f19.css replaced by web/adminui/styles.51816d42746f4f47bcff.css

Deployment

  • Stop the Jetty web server.

  • Deploy the provided files on top of an existing install, backing up all replaced files.

  • Start the Jetty web server.

  • (15.24.0.12, 15.24.0.13) Perform an update of knowledge graph on any applicable collections in order to apply patch changes.