Funnelback 15.8 patches
Patches
Type | Release version | Description |
---|---|---|
3 Bug fixes |
Upgrades log4j2 to version 2.17 to fix the security vulnerability where Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. |
|
3 Bug fixes |
Removes the screens for file-manager rule editing which could create security issues |
|
3 Bug fixes |
Fixes an issue where support packages could contain unintended files |
|
3 Bug fixes |
Fixes an issue where the running Funnelback jetty web server could retain permissions via supplemental groups after startup |
|
3 Bug fixes |
Limits an administration CGI script to redirect only within the Funnelback administration interface as intended |
|
3 Bug fixes |
Removes the unused administration debug.cgi script which reflected input parameters without proper escaping |
|
3 Bug fixes |
Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates escaped using output formats by inserting zero-width whitespace between consecutive open-curly-brackets. |
|
3 Bug fixes |
Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets. |
|
3 Bug fixes |
Prevent XSS AngularJS sandbox bypassing injection in Freemarker templates by inserting zero-width whitespace between consecutive open-curly-brackets. |
|
3 Bug fixes |
Prevents creation of objects within Freemarker template files to ensure that template editors can not cause external code to be executed. |
|
3 Bug fixes |
Fixes security issues where:
Please ensure any custom form-not-found.ftl templates in collections are updated to perform correct escaping if they were derived from the previously vulnerable form-not-found.default.ftl. Please ensure that any customised value for the global |
|
3 Bug fixes |
Fixes a bug where ratio to run full or incremental updates was not being applied and only a full update was triggered. |
|
3 Bug fixes |
Fixes a bug for scheduled updates where the 'schedule.incremental_crawl_ratio' parameter was not being respected. |
|
3 Bug fixes |
Fixes a bug where the Admin API was passing the comment to the publish hook as multiple arguments where it should have been passing the comment as a single argument. |
|
3 Bug fixes |
Adds time-based reloading of type-caching objects (XStream and Jackson serialisers) to avoid leaking metaspace memory when groovy classes are serialised and reloaded over time. By default, reloading occurs every 10 minutes, and can be configured in modernui.properties. |
|
3 Bug fixes |
Fixed an issue where the user editing interface for a user with no permitted collections would be presented with all collections selected, rather than none. |
|
3 Bug fixes |
Allow groovy servlet filters to abort processing in preFilterResponse by returning null. |
|
3 Bug fixes |
Changes the click tracking endpoint to no longer depend on the referrer. This does result in the click logs no longer containing the referrer URL. |
|
3 Bug fixes |
To minimise the number of false positives reported by XSS testing tools, JSON endpoints have restricted the JSONP callback to only contain |
|
3 Bug fixes |
Restores the behavior of update.pl such that the gatherer (e.g. the web crawler) will use the same collection.cfg file that is passed to update.pl. |
|
3 Bug fixes |
Improves the creation of snapshots on empty push collections. |
|
3 Bug fixes |
Updates the location of the Push sync restart API call to be consistent with other state changing calls. The existing API call is kept for compatibility. |
|
3 Bug fixes |
Adds a new Push sync health API calls that never return null for the value of the boolean in the response. The new calls are under /v2/ of the API. |
|
3 Bug fixes |
Adds support for fixing a bug where a data folder for a non-existent collection would be created when a request was made on the search interface to the collection. Affects Linux only. |
|
3 Bug fixes |
Avoids the output of the DiskAggregator reports phase being overwritten by the DataMiner phase. |
|
3 Bug fixes |
Introduces the ability to customise the jetty access logging configuration with logback. The default behaviour of logging is unchanged, however with this patch it is possible to configure access log compression, filtering and size-based retention policies if desired. See Funnelback version 15.12 "Configuring embedded web server" documentation for details and example of how to customise access logging configurations. |
|
3 Bug fixes |
Updates the version of restfb so that custom Facebook gatherers may use a later version of the graph API. |
|
3 Bug fixes |
Adds a |
|
3 Bug fixes |
Fixes a bug in the query processor when promote URLs was used with URLs that contained double dash. |
|
3 Bug fixes |
Fixes a bug in the query processor where sorting on file size did not work. |
|
3 Bug fixes |
Fixes a bug where exporting the top queries to csv on the marketing dashboard was not working in Internet Explorer 11. |
|
3 Bug fixes |
Fixes a bug where Push Replication would re-attempt a connection to master without sleeping if the response from master was not a 200. |
|
3 Bug fixes |
Improves Push collections so that snapshots are marked incomplete during creation to help avoid incomplete snapshots from being used. |
|
3 Bug fixes |
Improves Push Replication performance by enabling compression on more files. |
|
3 Bug fixes |
Fixes an issue where the Accessibility Auditor would not be able to connecting servers using the SNI extension when checking an individual document. This patch will cause Accessibility Auditor to no longer be able to connect to web servers with untrusted SSL certificates. |
|
3 Bug fixes |
Fixes an issue where the |
|
3 Bug fixes |
Fixes an issue with a spelling mistake in the email subject. |
|
3 Bug fixes |
Fixes an issue where instant delete tries to kill documents from an index that doesn’t exist causing the update to fail |
|
3 Bug fixes |
Fixes an issue where HSTS was not disabled on all end points. |
|
3 Bug fixes |
Fixes an issue where the analytics log was always appended to, resulting in a log file that always grew in size. |
|
3 Bug fixes |
Fixes an issue where the URL sent in Trend Alerts emails would not be correctly redirected to the Trend Alerts dashboard. |
|
3 Bug fixes |
Updates the version of pdfbox used for filtering so that more PDFs can be correctly filtered. |
|
3 Bug fixes |
Fixes two issues with form interaction which could prevent the web crawler logging into authenticated sites:
|
|
3 Bug fixes |
Fixes an issue with anchors not being preserved in the |
|
3 Bug fixes |
Fixes an issue where Analytics would remove the anchor separator from the URL. |
|
3 Bug fixes |
Fixes an issue where date sorting in the query processor would not sort future dates correctly. |
|
3 Bug fixes |
Fixes an issue where web collections with Accessibility Auditor (WCAG) enabled would not be able to run instant updates. |
|
3 Bug fixes |
Fixes an issue where updates could not be started from the Collection Overview section of the admin home page. |
|
3 Bug fixes |
Fixes issues with auditing tools when crawling from |
|
3 Bug fixes |
Fixes a problem in the query processor (introduced in 15.8.0.2) which could slow query processing or cause an OutOfMemoryError within the web server. |
|
3 Bug fixes |
Fixes an issue where the Recommender database would fail to build on meta collections. |
|
3 Bug fixes |
Fixes a bug with promoted URLs where those that were only partial matches would not be promoted to the top position. |
|
3 Bug fixes |
Fixes a bug with Trend Alerts links always referring to the ‘Classic UI’ interface. These links will now refer to the collection’s configured search interface. |
|
3 Bug fixes |
Fixes a bug with the license usage API which included documents which are not normally searchable e.g duplicate documents and binary documents. This patch also excludes documents in the included funnelback_documentation collection from counting towards the license limit. |