Funnelback 15.4 patches
Patches
| Type | Release version | Description |
|---|---|---|
3 Bug fixes |
Upgrades log4j2 to version 2.17 to fix the security vulnerability where log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints. |
|
3 Bug fixes |
Removes invalid XML 1.0 characters from indexed documents. |
|
3 Bug fixes |
Fixes security issues where:
Please ensure any custom form-not-found.ftl templates in collections are updated to perform correct escaping if they were derived from the previously vulnerable form-not-found.default.ftl. Please ensure that any customised value for the global |
|
3 Bug fixes |
Fixed an issue where the user editing interface for a user with no permitted collections would be presented with all collections selected, rather than none. |
|
3 Bug fixes |
Changes the click tracking endpoint to no longer depend on the referrer. This does result in the click logs no longer containing the referrer URL. |
|
3 Bug fixes |
Avoids the output of the DiskAggregator reports phase being overwritten by the DataMiner phase. |
|
3 Bug fixes |
Updates the version of restfb so that custom Facebook gatherers may use a later version of the graph API. |
|
3 Bug fixes |
Fixes an issue where instant delete tries to kill documents from an index that doesn’t exist causing the update to fail |
|
3 Bug fixes |
Fixes an issue where HSTS was not disabled on all end points. |
|
3 Bug fixes |
Fixes an issue where the analytics log was always appended to, resulting in a log file that always grew in size. |
|
3 Bug fixes |
Fixes an issue where the URL sent in Trend Alerts emails would not be correctly redirected to the Trend Alerts dashboard. |
|
3 Bug fixes |
Updates the version of pdfbox used for filtering so that more PDFs can be correctly filtered. |
|
3 Bug fixes |
Improves the performance of Content Auditor as well as some faceted navigation queries. |
|
3 Bug fixes |
Fixes a bug in the query processor introduced in patch 15.4.1.19. The previous query processor may be slower or cause a OutOfMemoryError on the Jetty web server. |
|
3 Bug fixes |
Fixes a bug with promoted URLs where those that were only partial matches would not be promoted to the top position. |
|
3 Bug fixes |
Fixes a bug with Trend Alerts links always referring to the ‘Classic UI’ interface. These links will now refer to the collection’s configured search interface. |
|
3 Bug fixes |
Fixes an issue with patch 15.4.1.16 which may cause indexing to fail. |
|
3 Bug fixes |
Fixes an issue where a space would not be added after a UTF-8 punctuation character. |
|
3 Bug fixes |
Fixes a bug with the license usage API which included documents which are not normally searchable e.g duplicate documents and binary documents. |
|
3 Bug fixes |
Fixes a bug where spaces may be inserted after a unicode (non ASCII) punctuation character for example 'foo’s'. |
|
3 Bug fixes |
Fixes a cross site scripting vulnerability when unescaped HTML was provided to the CheckBlending macro’s linkText attribute. |
|
3 Bug fixes |
Fix an issues where content auditor forced faceted navigation config to be read from the live folder rather than from the config folder when it was configured to read from |
|
3 Bug fixes |
Fixes issues with Directory gatherer not closing WARC files properly, resulting in broken cached copies. |
|
3 Bug fixes |
Corrected the XSS Vulnerability in Anchors.html |
|
3 Bug fixes |
Fixes the content auditor URI dropdown which was having issues with a spacing displacement. Adds in a JavaScript function and some minor CSS Changes to resolve the issue. |
|
3 Bug fixes |
Fix a bug where reset passwords would be reverted on the next classic administration dashboard password change. Please note that bin/setup/post_install* scripts are not updated with this patch, and will no longer operate correctly until the next released version of Funnelback is installed. |
|
3 Bug fixes |
Fix a bug in the Admin API (affecting the dashboard) where the "top clicks" for a service would not be scoped to the service but would show all URLs for the collection. |
|
3 Bug fixes |
Prevents a deadlock from occurring in the admin-api which may cause the marketing UI to not respond. |
|
3 Bug fixes |
Ensure crawler’s User-Agent header applies everywhere when setting it collection.cfg |
|
3 Bug fixes |
Make the 'all query words trigger' ignore any empty words in it’s match list. |
|
3 Bug fixes |
A few improvements for content auditor templates. |
|
3 Bug fixes |
Fixes a bug where the HTTPClient library attempts to get user permission to store a cookie by creating a dialogue box. |
|
3 Bug fixes |
Fixes a bug where data loss could occur in Push collections if commits failed. |
|
3 Bug fixes |
Fixes a bug on Windows where commits could fail if index files in a snapshot are held opened. |
|
3 Bug fixes |
Fixes various DLS security flaws. |
|
3 Bug fixes |
Fixes a bug where data loss could occur in push on Windows. The problem is more likely to occur when Push is used in a meta collection. |
|
3 Bug fixes |
Increases the size of form submissions permitted by the administration interface. |
|
3 Bug fixes |
Prevents creation of objects within Freemarker template files to ensure that template editors can not cause external code to be executed. |
|
3 Bug fixes |
Fixes security issues where:
Please ensure any custom form-not-found.ftl templates in collections are updated to perform correct escaping if they were derived from the previously vulnerable form-not-found.default.ftl. Please ensure that any customised value for the global |
|
3 Bug fixes |
Fixed an issue where the user editing interface for a user with no permitted collections would be presented with all collections selected, rather than none. |
|
3 Bug fixes |
Fixes a bug where data loss could occur in Push collections if commits failed. |
|
3 Bug fixes |
Fixes a bug on Windows where commits could fail if index files in a snapshot are held opened. |
|
3 Bug fixes |
Fixes various DLS security flaws. |
|
3 Bug fixes |
Fixes a bug where data loss could occur in push on Windows. The problem is more likely to occur when Push is used in a meta collection. |