Funnelback 15.8 patches

Patches

Show entries

Filter change log:

Type Release version Description

Bug fixes

Type	Release version	Description
Bug fixes
3 Bug fixes	15.8.0.36	Upgrades log4j2 to version 2.17 to fix the security vulnerability where Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.
3 Bug fixes	15.8.0.35	Removes the screens for file-manager rule editing which could create security issues
3 Bug fixes	15.8.0.35	Fixes an issue where support packages could contain unintended files
3 Bug fixes	15.8.0.35	Fixes an issue where the running Funnelback jetty web server could retain permissions via supplemental groups after startup
3 Bug fixes	15.8.0.35	Limits an administration CGI script to redirect only within the Funnelback administration interface as intended
3 Bug fixes	15.8.0.35	Removes the unused administration debug.cgi script which reflected input parameters without proper escaping
3 Bug fixes	15.8.0.34	Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates escaped using output formats by inserting zero-width whitespace between consecutive open-curly-brackets.
3 Bug fixes	15.8.0.33	Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets.
3 Bug fixes	15.8.0.32	Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets.
3 Bug fixes	15.8.0.31	Prevents creation of objects within Freemarker template files to ensure that template editors can not cause external code to be executed.
3 Bug fixes	15.8.0.30	Fixes security issues where: The default form-not-found template reflected the given form id without proper escaping. The default configuration of URL previewing could be used to expose local log file content. Please ensure any custom form-not-found.ftl templates in collections are updated to perform correct escaping if they were derived from the previously vulnerable form-not-found.default.ftl. Please ensure that any customised value for the global `default_url_renderer.permitted_url_pattern` setting in global.cfg prevents access to file:// URLs.
3 Bug fixes	15.8.0.29	Fixes a bug where ratio to run full or incremental updates was not being applied and only a full update was triggered.
3 Bug fixes	15.8.0.28	Fixes a bug for scheduled updates where the 'schedule.incremental_crawl_ratio' parameter was not being respected.
3 Bug fixes	15.8.0.27	Fixes a bug where the Admin API was passing the comment to the publish hook as multiple arguments where it should have been passing the comment as a single argument.
3 Bug fixes	15.8.0.26	Adds time-based reloading of type-caching objects (XStream and Jackson serialisers) to avoid leaking metaspace memory when groovy classes are serialised and reloaded over time. By default, reloading occurs every 10 minutes, and can be configured in modernui.properties.
3 Bug fixes	15.8.0.25	Fixed an issue where the user editing interface for a user with no permitted collections would be presented with all collections selected, rather than none.
3 Bug fixes	15.8.0.24	Allow groovy servlet filters to abort processing in preFilterResponse by returning null.
3 Bug fixes	15.8.0.24	Changes the click tracking endpoint to no longer depend on the referrer. This does result in the click logs no longer containing the referrer URL.
3 Bug fixes	15.8.0.23	To minimise the number of false positives reported by XSS testing tools, JSON endpoints have restricted the JSONP callback to only contain `A-Za-z0-9` as well as `$._-[]"`.
3 Bug fixes	15.8.0.22	Restores the behavior of update.pl such that the gatherer (e.g. the web crawler) will use the same collection.cfg file that is passed to update.pl.
3 Bug fixes	15.8.0.22	Improves the creation of snapshots on empty push collections.
3 Bug fixes	15.8.0.21	Updates the location of the Push sync restart API call to be consistent with other state changing calls. The existing API call is kept for compatibility.
3 Bug fixes	15.8.0.21	Adds a new Push sync health API calls that never return null for the value of the boolean in the response. The new calls are under /v2/ of the API.
3 Bug fixes	15.8.0.21	Adds support for fixing a bug where a data folder for a non-existent collection would be created when a request was made on the search interface to the collection. Affects Linux only.
3 Bug fixes	15.8.0.20	Avoids the output of the DiskAggregator reports phase being overwritten by the DataMiner phase.
3 Bug fixes	15.8.0.19	Introduces the ability to customise the jetty access logging configuration with logback. The default behaviour of logging is unchanged, however with this patch it is possible to configure access log compression, filtering and size-based retention policies if desired. See Funnelback version 15.12 "Configuring embedded web server" documentation for details and example of how to customise access logging configurations.
3 Bug fixes	15.8.0.18	Updates the version of restfb so that custom Facebook gatherers may use a later version of the graph API.
3 Bug fixes	15.8.0.17	Adds a `customData` map in the `SearchQuestion` for convenience
3 Bug fixes	15.8.0.16	Fixes a bug in the query processor when promote URLs was used with URLs that contained double dash.
3 Bug fixes	15.8.0.16	Fixes a bug in the query processor where sorting on file size did not work.
3 Bug fixes	15.8.0.15	Fixes a bug where exporting the top queries to csv on the marketing dashboard was not working in Internet Explorer 11.
3 Bug fixes	15.8.0.14	Fixes a bug where Push Replication would re-attempt a connection to master without sleeping if the response from master was not a 200.
3 Bug fixes	15.8.0.14	Improves Push collections so that snapshots are marked incomplete during creation to help avoid incomplete snapshots from being used.
3 Bug fixes	15.8.0.14	Improves Push Replication performance by enabling compression on more files.
3 Bug fixes	15.8.0.13	Fixes an issue where the Accessibility Auditor would not be able to connecting servers using the SNI extension when checking an individual document. This patch will cause Accessibility Auditor to no longer be able to connect to web servers with untrusted SSL certificates.
3 Bug fixes	15.8.0.12	Fixes an issue where the `mail.on_failure_only` collection configuration option was not respected by updated.
3 Bug fixes	15.8.0.12	Fixes an issue with a spelling mistake in the email subject.
3 Bug fixes	15.8.0.11	Fixes an issue where instant delete tries to kill documents from an index that doesn’t exist causing the update to fail
3 Bug fixes	15.8.0.10	Fixes an issue where HSTS was not disabled on all end points.
3 Bug fixes	15.8.0.10	Fixes an issue where the analytics log was always appended to, resulting in a log file that always grew in size.
3 Bug fixes	15.8.0.9	Fixes an issue where the URL sent in Trend Alerts emails would not be correctly redirected to the Trend Alerts dashboard.
3 Bug fixes	15.8.0.8	Updates the version of pdfbox used for filtering so that more PDFs can be correctly filtered.
3 Bug fixes	15.8.0.7	Fixes two issues with form interaction which could prevent the web crawler logging into authenticated sites: Updated cookie values would not overwrite the initial values of cookies. When crawler.accept_cookies=false was set, form interaction cookies were ignored.
3 Bug fixes	15.8.0.6	Fixes an issue with anchors not being preserved in the `displayUrl` node of the data model.
3 Bug fixes	15.8.0.6	Fixes an issue where Analytics would remove the anchor separator from the URL.
3 Bug fixes	15.8.0.6	Fixes an issue where date sorting in the query processor would not sort future dates correctly.
3 Bug fixes	15.8.0.5	Fixes an issue where web collections with Accessibility Auditor (WCAG) enabled would not be able to run instant updates.
3 Bug fixes	15.8.0.5	Fixes an issue where updates could not be started from the Collection Overview section of the admin home page.
3 Bug fixes	15.8.0.4	Fixes issues with auditing tools when crawling from `localhost`, non-standard ports or with deep folders documents.
3 Bug fixes	15.8.0.3	Fixes a problem in the query processor (introduced in 15.8.0.2) which could slow query processing or cause an OutOfMemoryError within the web server.
3 Bug fixes	15.8.0.3	Fixes an issue where the Recommender database would fail to build on meta collections.
3 Bug fixes	15.8.0.2	Fixes a bug with promoted URLs where those that were only partial matches would not be promoted to the top position.
3 Bug fixes	15.8.0.2	Fixes a bug with Trend Alerts links always referring to the ‘Classic UI’ interface. These links will now refer to the collection’s configured search interface.
3 Bug fixes	15.8.0.1	Fixes a bug with the license usage API which included documents which are not normally searchable e.g duplicate documents and binary documents. This patch also excludes documents in the included funnelback_documentation collection from counting towards the license limit.

15.8.0.36

Upgrades log4j2 to version 2.17 to fix the security vulnerability where Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

15.8.0.35

Removes the screens for file-manager rule editing which could create security issues

15.8.0.35

Fixes an issue where support packages could contain unintended files

15.8.0.35

Fixes an issue where the running Funnelback jetty web server could retain permissions via supplemental groups after startup

15.8.0.35

Limits an administration CGI script to redirect only within the Funnelback administration interface as intended

15.8.0.35

Removes the unused administration debug.cgi script which reflected input parameters without proper escaping

15.8.0.34

Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates escaped using output formats by inserting zero-width whitespace between consecutive open-curly-brackets.

15.8.0.33

Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets.

15.8.0.32

Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets.

15.8.0.31

Prevents creation of objects within Freemarker template files to ensure that template editors can not cause external code to be executed.

15.8.0.30

Fixes security issues where:

The default form-not-found template reflected the given form id without proper escaping.
The default configuration of URL previewing could be used to expose local log file content.

Please ensure any custom form-not-found.ftl templates in collections are updated to perform correct escaping if they were derived from the previously vulnerable form-not-found.default.ftl.

Please ensure that any customised value for the global default_url_renderer.permitted_url_pattern setting in global.cfg prevents access to file:// URLs.

15.8.0.29

Fixes a bug where ratio to run full or incremental updates was not being applied and only a full update was triggered.

15.8.0.28

Fixes a bug for scheduled updates where the 'schedule.incremental_crawl_ratio' parameter was not being respected.

15.8.0.27

Fixes a bug where the Admin API was passing the comment to the publish hook as multiple arguments where it should have been passing the comment as a single argument.

15.8.0.26

Adds time-based reloading of type-caching objects (XStream and Jackson serialisers) to avoid leaking metaspace memory when groovy classes are serialised and reloaded over time.

By default, reloading occurs every 10 minutes, and can be configured in modernui.properties.

15.8.0.25

Fixed an issue where the user editing interface for a user with no permitted collections would be presented with all collections selected, rather than none.

15.8.0.24

Allow groovy servlet filters to abort processing in preFilterResponse by returning null.

15.8.0.24

Changes the click tracking endpoint to no longer depend on the referrer. This does result in the click logs no longer containing the referrer URL.

15.8.0.23

To minimise the number of false positives reported by XSS testing tools, JSON endpoints have restricted the JSONP callback to only contain A-Za-z0-9 as well as $._-[]".

15.8.0.22

Restores the behavior of update.pl such that the gatherer (e.g. the web crawler) will use the same collection.cfg file that is passed to update.pl.

15.8.0.22

Improves the creation of snapshots on empty push collections.

15.8.0.21

Updates the location of the Push sync restart API call to be consistent with other state changing calls. The existing API call is kept for compatibility.

15.8.0.21

Adds a new Push sync health API calls that never return null for the value of the boolean in the response. The new calls are under /v2/ of the API.

15.8.0.21

Adds support for fixing a bug where a data folder for a non-existent collection would be created when a request was made on the search interface to the collection. Affects Linux only.

15.8.0.20

Avoids the output of the DiskAggregator reports phase being overwritten by the DataMiner phase.

15.8.0.19

Introduces the ability to customise the jetty access logging configuration with logback.

The default behaviour of logging is unchanged, however with this patch it is possible to configure access log compression, filtering and size-based retention policies if desired.

See Funnelback version 15.12 "Configuring embedded web server" documentation for details and example of how to customise access logging configurations.

15.8.0.18

Updates the version of restfb so that custom Facebook gatherers may use a later version of the graph API.

15.8.0.17

Adds a customData map in the SearchQuestion for convenience

15.8.0.16

Fixes a bug in the query processor when promote URLs was used with URLs that contained double dash.

15.8.0.16

Fixes a bug in the query processor where sorting on file size did not work.

15.8.0.15

Fixes a bug where exporting the top queries to csv on the marketing dashboard was not working in Internet Explorer 11.

15.8.0.14

Fixes a bug where Push Replication would re-attempt a connection to master without sleeping if the response from master was not a 200.

15.8.0.14

Improves Push collections so that snapshots are marked incomplete during creation to help avoid incomplete snapshots from being used.

15.8.0.14

Improves Push Replication performance by enabling compression on more files.

15.8.0.13

Fixes an issue where the Accessibility Auditor would not be able to connecting servers using the SNI extension when checking an individual document. This patch will cause Accessibility Auditor to no longer be able to connect to web servers with untrusted SSL certificates.

15.8.0.12

Fixes an issue where the mail.on_failure_only collection configuration option was not respected by updated.

15.8.0.12

Fixes an issue with a spelling mistake in the email subject.

15.8.0.11

Fixes an issue where instant delete tries to kill documents from an index that doesn’t exist causing the update to fail

15.8.0.10

Fixes an issue where HSTS was not disabled on all end points.

15.8.0.10

Fixes an issue where the analytics log was always appended to, resulting in a log file that always grew in size.

15.8.0.9

Fixes an issue where the URL sent in Trend Alerts emails would not be correctly redirected to the Trend Alerts dashboard.

15.8.0.8

Updates the version of pdfbox used for filtering so that more PDFs can be correctly filtered.

15.8.0.7

Fixes two issues with form interaction which could prevent the web crawler logging into authenticated sites:

Updated cookie values would not overwrite the initial values of cookies.
When crawler.accept_cookies=false was set, form interaction cookies were ignored.

15.8.0.6

Fixes an issue with anchors not being preserved in the displayUrl node of the data model.

15.8.0.6

Fixes an issue where Analytics would remove the anchor separator from the URL.

15.8.0.6

Fixes an issue where date sorting in the query processor would not sort future dates correctly.

15.8.0.5

Fixes an issue where web collections with Accessibility Auditor (WCAG) enabled would not be able to run instant updates.

15.8.0.5

Fixes an issue where updates could not be started from the Collection Overview section of the admin home page.

15.8.0.4

Fixes issues with auditing tools when crawling from localhost, non-standard ports or with deep folders documents.

15.8.0.3

Fixes a problem in the query processor (introduced in 15.8.0.2) which could slow query processing or cause an OutOfMemoryError within the web server.

15.8.0.3

Fixes an issue where the Recommender database would fail to build on meta collections.

15.8.0.2

Fixes a bug with promoted URLs where those that were only partial matches would not be promoted to the top position.

15.8.0.2

Fixes a bug with Trend Alerts links always referring to the ‘Classic UI’ interface. These links will now refer to the collection’s configured search interface.

15.8.0.1

Fixes a bug with the license usage API which included documents which are not normally searchable e.g duplicate documents and binary documents. This patch also excludes documents in the included funnelback_documentation collection from counting towards the license limit.

Showing 1 to 54 of 54 entries

Previous1Next

Help Center

Menu

Funnelback 15.8 patches

Patches