Funnelback patch

  • Released: 2017-11-08

  • Applies to: v15.8.0

  • Internal reference: SUPPORT-2531


To minimise the number of false positives reported by XSS testing tools, JSON endpoints have restricted the JSONP callback to only contain A-Za-z0-9 as well as $._-[]".

Affected files

  • web/webapps/funnelback-publicui.war


  • Stop the Jetty Web server.

  • Deploy the provided files on top of an existing install.

  • As patches are cumulative, apply deployment instructions from previous patches.

  • Start the Jetty Web server.