Funnelback 15.24 patches
Patches
| Type | Release version | Description |
|---|---|---|
3 Bug fixes |
Prevented the creation of objects within Freemarker template files to ensure that template editors can not cause external code to be executed. |
|
1 New and revised features |
Added new server configuration keys to configure the Jetty HTTP connection. |
|
3 Bug fixes |
Fixed an issue where the post-update hook script was executed even if the knowledge graph import had failed. |
|
1 New and revised features |
Added a new knowledge graph public endpoint |
|
3 Bug fixes |
Fixed an issue where PDF files are not crawled when form interaction is enabled with in-crawl authentication. |
|
3 Bug fixes |
Fixed an issue where fetching Facebook comments would cause an infinite loop due to changes within the Facebook endpoints. |
|
3 Bug fixes |
Fixed a security vulnerability where jackson-databind might allow remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks. |
|
3 Bug fixes |
Fixed a security vulnerability where com.google.oauth-client hasn’t implemented PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps. |
|
3 Bug fixes |
Fixed the security vulnerability where Spring Framework RCE may be vulnerable to remote code execution (RCE) via data binding [CVE-2022-22965] |
|
3 Bug fixes |
Upgrades log4j2 to version 2.17 to fix the security vulnerability where Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. |
|
3 Bug fixes |
Upgrades log4j2 to version 2.15 to fix the security vulnerability where log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints. |
|
3 Bug fixes |
Fixes an issue where the edit metadata mappings administration dashboard wouldn’t display counts of detected sources in searchable documents properly. |
|
3 Bug fixes |
Search session cookies are now explicitly marked with |
|
3 Bug fixes |
Fixes an issue where faceted navigation UI would freeze due to numerous API requests done to check templates' backups for the usage of legacy facets. |
|
3 Bug fixes |
Fixes a bug with |
|
3 Bug fixes |
Fixes a bug in which instant updates would always include the start URLs. |
|
3 Bug fixes |
Fixes a cross-site scripting vulnerability in Freemarker templates. |
|
3 Bug fixes |
Fixes a bug with YouTube collections when no channel id is provided |
|
3 Bug fixes |
Reduces logging from build_spelling_index |
|
3 Bug fixes |
Fixes a bug in filtering in which outlook files with attachments could not be parsed correctly. |
|
3 Bug fixes |
Fixes an issue in which character |
|
3 Bug fixes |
Fixes a bug in which some autocompletion suggestions would be wrongly excluded from the profiles. |
|
1 New and revised features |
Adds support for parsing MSG ( |
|
3 Bug fixes |
Improves how meta components are determined, avoiding synchronisation issues in multi-server installations. |
|
3 Bug fixes |
Fixes an issue where displaying of numerical/date content in administration dashboard was broken when default browser language was not set to English. |
|
3 Bug fixes |
Fixes a bug in which form interactions may not work with config environments. |
|
3 Bug fixes |
Fixes a bug in which invalid XML characters in the query could cause queries to fail. |
|
3 Bug fixes |
Restores support for the web crawler |
|
3 Bug fixes |
Make it possible to send empty parameters in crawler form interactions. |
|
3 Bug fixes |
Fixes a bug in which the text "Is it me?" appeared at the end of all query biased summaries. |
|
3 Bug fixes |
Fixes a bug that prevented access restrictions set by hostname from working correctly when Funnelback was deployed behind a load-balancer. |
|
3 Bug fixes |
Fixes various XML encoding issues which would cause search not to work. |
|
3 Bug fixes |
Best Bet option to remove search result if it has the same URL as the best bet is fixed to compare the link URL rather than the URL to display. |
|
3 Bug fixes |
Fixes the daemon service broken by patch 15.24.0.26. |
|
3 Bug fixes |
The search interface’s |
|
3 Bug fixes |
Reduces memory usage when returning search results as XML. |
|
3 Bug fixes |
Fixes a bug in PDF filtering when the PDF contains invalid XML characters. |
|
3 Bug fixes |
Eliminate a warning emitted when using the delete-collection.pl command line tool |
|
3 Bug fixes |
Fixes incremental filecopy gathering to preserve any additional metadata (e.g. metadata added by custom filters) |
|
3 Bug fixes |
Fixes a cosmetic issue where the Marketing Dashboard tiles were not aligned correctly. |
|
3 Bug fixes |
Fixes an issue where enabling access restriction was blocking acceess to Content Auditor, Accessibility Auditor and SEO Auditor API endpoints |
|
3 Bug fixes |
Fixes an issue where searches on collections with sub-searches can fail with a NullPointerException |
|
3 Bug fixes |
Fixes an issue where sessions are not terminated on logout events triggered by perl pages. |
|
3 Bug fixes |
Fixes an XXE issue where input to the webdav endpoint could be manipulated to trigger http requests. |
|
3 Bug fixes |
Fixes an issue with the web-resources interface which could not cope with unusual file names. |
|
3 Bug fixes |
Fixes an issue in which Push replication would fail because the client would not renew its authentication token. |
|
3 Bug fixes |
Fixes an issue where the tuning UI may freeze due to the large number of API requests being performed. |
|
3 Bug fixes |
Fixes an issue in which instant updates would fail due to long log file names. |
|
3 Bug fixes |
Improves tuning so that it can run when collections have no documents. |
|
3 Bug fixes |
Fixes admin-ui handling of profiles with hyphens in their IDs. |
|
3 Bug fixes |
Fixes an issue where Faceted Navigation extra searches may fail because of an index out of bounds error. |
|
3 Bug fixes |
Improves logging when extra searches take too long. |
|
3 Bug fixes |
Fixes an issue where marketing dashboard refers a non-existing URL when |
|
3 Bug fixes |
Fixes ip pseudonymization when Funnelback is behind a load balancer and client ip details are in the |
|
3 Bug fixes |
Reduces memory consumption and improves performance of the purge sessions endpoint. |
|
3 Bug fixes |
Avoids an error in the admin search interface when SAML authentication is used. |
|
3 Bug fixes |
Adds a tinkey.jar tool for managing password encryption keys. |
|
3 Bug fixes |
Fixes an issue where knowledge graph update fails when having numbers as metadata class names. |
|
3 Bug fixes |
Fixes a bug in auto-completion widget where custom URL parameters set in |
|
3 Bug fixes |
Fixes a bug where WebDAV client could lock files with long timeouts and not release them. |
|
3 Bug fixes |
Fixes a bug where a session was not saved if a user is not set. |
|
3 Bug fixes |
Fixes a bug where trend alerts shapes (graphs) haven’t been displayed in marketing dashboard. |
|
3 Bug fixes |
Upgrades the version of |
|
3 Bug fixes |
Fixes an issue where Facebook collections gathered less number of documents due to a pagination issue in the Facebook Graph API. |
|
3 Bug fixes |
Facebook Graph API deprecated fields |
|
3 Bug fixes |
Fixes an XML formatting issue in Faceted Navigation click logs. |
|
3 Bug fixes |
Fixes a bug with merging under Push. |
|
3 Bug fixes |
Fixes a bug in which white space was not preserved in summaries from anchor text when the |
|
3 Bug fixes |
The Push API client used in multi server push now has timeouts enabled allowing it to abandon problematic HTTP requests. |
|
3 Bug fixes |
Removes the screens for file-manager rule editing which could create security issues |
|
3 Bug fixes |
Fixes an issue where support packages could contain unintended files |
|
3 Bug fixes |
Fixes an issue where the running Funnelback jetty web server could retain permissions via supplemental groups after startup |
|
3 Bug fixes |
Limits an administration CGI script to redirect only within the Funnelback administration interface as intended |
|
3 Bug fixes |
Removes the unused administration debug.cgi script which reflected input parameters without proper escaping |
|
3 Bug fixes |
Fixes a bug where a horizontal display of columns in auto-completion dropdown doesn’t work. |
|
3 Bug fixes |
Fixes a bug where insecure operation on CSS files list was performed when CSS file was exposed via the same domain as auto-completion widget but different port. |
|
3 Bug fixes |
Fixes an issue where the push API failed to start up when using SAML authentication. |
|
3 Bug fixes |
Fixes an issue where concurrently encrypting passwords for the first time could create multiple master keysets but store only one, remaining encrypted passwords could not subsequently be decrypted. |
|
3 Bug fixes |
Fixes an issue where a NullPointerException is sometimes thrown when using the country name Curator trigger. |
|
3 Bug fixes |
Fixes an issue where Filecopier would sometimes log passwords. |
|
3 Bug fixes |
Fixes an issue where Knowledge Graph groovy scripts are not executed when they are defined at the profile preview level. |
|
3 Bug fixes |
Fixes an issue where the Knowledge Graph class |
|
3 Bug fixes |
Fixes an issue where Knowledge Graph API does not work when a JDBC driver is specified for the session database. |
|
3 Bug fixes |
Fixes a bug in which uploading configuration files in the administration dashboard stopped working. |