Funnelback 15.6 patches
Patches
Type | Release version | Description |
---|---|---|
3 Bug fixes |
Upgrades log4j2 to version 2.17 to fix the security vulnerability where Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. |
|
3 Bug fixes |
Prevents creation of objects within Freemarker template files to ensure that template editors can not cause external code to be executed. |
|
3 Bug fixes |
Fixes security issues where:
Please ensure any custom form-not-found.ftl templates in collections are updated to perform correct escaping if they were derived from the previously vulnerable form-not-found.default.ftl. Please ensure that any customised value for the global |
|
3 Bug fixes |
Fixed an issue where the user editing interface for a user with no permitted collections would be presented with all collections selected, rather than none. |
|
3 Bug fixes |
Changes the click tracking endpoint to no longer depend on the referrer. This does result in the click logs no longer containing the referrer URL. |
|
3 Bug fixes |
Avoids the output of the DiskAggregator reports phase being overwritten by the DataMiner phase. |
|
3 Bug fixes |
Updates the version of restfb so that custom Facebook gatherers may use a later version of the graph API. |
|
3 Bug fixes |
Fixes a bug in the query processor where sorting on file size did not work. |
|
3 Bug fixes |
Fixes an issue where instant delete tries to kill documents from an index that doesn’t exist causing the update to fail |
|
3 Bug fixes |
Fixes an issue where HSTS was not disabled on all end points. |
|
3 Bug fixes |
Fixes an issue where the analytics log was always appended to, resulting in a log file that always grew in size. |
|
3 Bug fixes |
Fixes an issue where the URL sent in Trend Alerts emails would not be correctly redirected to the Trend Alerts dashboard. |
|
3 Bug fixes |
Updates the version of pdfbox used for filtering so that more PDFs can be correctly filtered. |
|
3 Bug fixes |
Improves the performance of Content Auditor as well as some faceted navigation queries. |
|
3 Bug fixes |
Fixes a bug in the query processor introduced in patch 15.6.0.23. The previous query processor may be slower or cause a OutOfMemoryError on the Jetty web server. |
|
3 Bug fixes |
Fixes a bug with promoted URLs where those that were only partial matches would not be promoted to the top position. |
|
3 Bug fixes |
Fixes a bug with Trend Alerts links always referring to the ‘Classic UI’ interface. These links will now refer to the collection’s configured search interface. |
|
3 Bug fixes |
Fixes an issue with patch 15.6.0.20 which may cause indexing to fail. |
|
3 Bug fixes |
Fixes an issue where a space would not be added after a UTF-8 punctuation character. |
|
3 Bug fixes |
Fixes a bug with the license usage API which included documents which are not normally searchable e.g duplicate documents and binary documents. |
|
3 Bug fixes |
Fixes acknowledgements of nested issues in Accessibility Auditor. The acknowledgement popup that opened was the one from the outer issue, rather than the inner one. |
|
3 Bug fixes |
Fixes a bug where spaces may be inserted after a unicode (non ASCII) punctuation character for example 'foo’s'. |
|
3 Bug fixes |
Fixes a bug where administrator users with collection restrictions would have thier user configuration files corrupted when creating new collections. |
|
3 Bug fixes |
Fixes an issue where incorrect profile parameter is passed to Marketing Dashboard’s feature pages when user views the Admin Home Page for the first time or user’s cookie has been cleared or expired. |
|
3 Bug fixes |
Fixes an issue where accessibility auditor acknowledgements could be incorrectly treated as not-editable. |
|
3 Bug fixes |
Fixes an issue where very large images could be uploaded to /s/scale, consuming all memory on the server.
Note that a default size limit of 1MB is now applied, and can be configured with the |
|
3 Bug fixes |
Fixes an issue where the list of available profiles is incorrect and incorrect profile parameter
is passed to Marketing Dashboard’s feature pages when user has access to only one profile listed
in |
|
3 Bug fixes |
Fixes a cross site scripting vulnerability when unescaped HTML was provided to the CheckBlending macro’s linkText attribute. |
|
3 Bug fixes |
Fix an issues where content auditor forced faceted navigation config to be read from the live folder rather than from the config folder when it was configured to read from |
|
3 Bug fixes |
Corrected the XSS Vulnerability in Anchors.html |
|
3 Bug fixes |
Fixes the content auditor URI dropdown which was having issues with a spacing displacement. Adds in a JavaScript function and some minor CSS Changes to resolve the issue. |
|
3 Bug fixes |
Fixes an issue with historical reporting in the Accessibility Auditor, where the chart may not be displayed when scoped to a specific portfolio. |
|
3 Bug fixes |
Fixes an issue where padre-i4u may fail if a URL occurs, non killed, in multiple indexes. |
|
3 Bug fixes |
Fix a bug where reset passwords would be reverted on the next classic administration dashboard password change. Please note that bin/setup/post_install* scripts are not updated with this patch, and will no longer operate correctly until the next released version of Funnelback is installed. |
|
3 Bug fixes |
Fix a bug in marketing dashboard where the link to accessibility auditor report in left side navigation menu is not available. |
|
3 Bug fixes |
Applies the custom servlet filter functionality to push-api requests as well as public-ui ones. This allows additional push requests to be manipulated before Funnelback processes them, and output to be captured for audit logging or other purposes. https://docs.funnelback.com/custom_servlet_filter_hook.html documents the general mechanisim, however this patch changes some details, in particular:
To use the mechanisim with the push-api, a suitable groovy script must be created at $SEARCH_HOME/conf/$COLLECTION_NAME/GroovyServletFilterHookPushImpl.groovy |
|
3 Bug fixes |
Fix a bug in the Admin API (affecting the dashboard) where the "top clicks" for a service would not be scoped to the service but would show all URLs for the collection. |
|
3 Bug fixes |
Prevents a deadlock from occurring in the admin-api which may cause the marketing UI to not respond. |
|
3 Bug fixes |
Ensure crawler’s |
|
3 Bug fixes |
Correct URL to view SEO auditor page in content auditor. |
|
3 Bug fixes |
Fixes a bug the naming of start_time files which caused all non-push collections to display incorrect last update times |
|
3 Bug fixes |
Fixes a bug where the HTTPClient library attempts to get user permission to store a cookie by creating a dialogue box. |