To minimise the number of false positives reported by XSS testing tools, JSON endpoints have restricted the JSONP callback to only contain A-Za-z0-9 as well as $._-[]".
Affected files
web/webapps/funnelback-publicui.war
Deployment
Stop the Jetty Web server.
Deploy the provided files on top of an existing install.
As patches are cumulative, apply deployment instructions from previous patches.