Funnelback patch 15.8.0.34

  • Released: 2019-09-24

  • Applies to: v15.8.0

  • Internal reference: RNDSUPPORT-3041

Description

  • Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates escaped using output formats by inserting zero-width whitespace between consecutive open-curly-brackets.

Affected files

  • web/webapps/funnelback-publicui.war

Deployment

  • (Windows) Stop currently running crawls.

  • Stop the Jetty web server and the Funnelback daemon.

  • Deploy the provided files on top of an existing install, backing up all replaced files.

  • Start the Jetty web server and the Funnelback daemon.

  • (Windows) Start crawls as needed.