Funnelback patch

  • Released: 2021-05-18

  • Applies to: v16.2.0

  • Internal reference: RNDSUPPORT-3374


  • Fixes a cross-site scripting vulnerability in Freemarker templates.

Affected files

  • web/templates/modernui/funnelback.ftl


  • Stop the Jetty web server.

  • ( Stop the Daemon service.

  • Deploy the provided files on top of an existing install, backing up all replaced files.

  • ( It is recommended that the following (empty) file is deleted: lib/java/all/commons-codec-1.9.jar.

  • ( Update the first line of the bin/ script to refer to the correct perl interpreter for your Funnelback installation. The perl interpreter can be found in $SEARCH_HOME/conf/executables.cfg.

  • Start the Jetty web server.

  • ( Start the Daemon service.