Help Center

Menu

Funnelback patch 15.8.0.35

  • Released: 2020-03-03

  • Applies to: v15.8.0

  • Internal reference: RNDSUPPORT-3131, RNDSUPPORT-3139, RNDSUPPORT-3145, RNDSUPPORT-3140, RNDSUPPORT-3141

Description

  • RNDSUPPORT-3131 - Removes the screens for file-manager rule editing which could create security issues

  • RNDSUPPORT-3139 - Fixes an issue where support packages could contain unintended files

  • RNDSUPPORT-3145 - Fixes an issue where the running Funnelback jetty web server could retain permissions via supplemental groups after startup

  • RNDSUPPORT-3140 - Limits an administration CGI script to redirect only within the Funnelback administration interface as intended

  • RNDSUPPORT-3141 - Removes the unused administration debug.cgi script which reflected input parameters without proper escaping

Funnelback thanks Ron Schwarzmann and Dugald Shaw for discovering and reporting these issues.

Affected files

  • (RNDSUPPORT-3131) /conf/admin-ui.ini.default

  • (RNDSUPPORT-3131) /web/admin/delete-folder.cgi

  • (RNDSUPPORT-3131) /web/admin/delete-rules.cgi

  • (RNDSUPPORT-3131) /web/admin/edit-folder.cgi

  • (RNDSUPPORT-3131) /web/admin/edit-rules.cgi

  • (RNDSUPPORT-3131) /web/admin/save-folder.cgi

  • (RNDSUPPORT-3131) /web/admin/save-rules.cgi

  • (RNDSUPPORT-3131) /web/admin/show-fm-rules.cgi

  • (RNDSUPPORT-3139) /web/admin/download-support-package.cgi

  • (RNDSUPPORT-3145) tools/jetty/lib/setuid/libsetuid.so

  • (RNDSUPPORT-3145) tools/jetty/lib/setuid/libsetuid-linux.so

  • (RNDSUPPORT-3140) /web/admin/delayed-redirect.cgi

  • (RNDSUPPORT-3141) /web/admin/debug.cgi

Deployment

  • (Windows) Stop currently running crawls.

  • Stop the Jetty web server and the Funnelback daemon.

  • Deploy the provided files on top of an existing install, backing up all replaced files.

  • Start the Jetty web server and the Funnelback daemon.

  • (Windows) Start crawls as needed.