Funnelback 16.2 patches

Patches

Type Release version Description

3 Bug fixes

Fixed an issue where fetching Facebook comments would cause an infinite loop due to changes within the Facebook endpoints.

3 Bug fixes

Fixed a security vulnerability where jackson-databind might allow remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks.

3 Bug fixes

Fixed a security vulnerability where com.google.oauth-client hasn’t implemented PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps.

3 Bug fixes

Fixed the security vulnerability where Spring Framework RCE may be vulnerable to remote code execution (RCE) via data binding [CVE-2022-22965]

3 Bug fixes

Upgrades log4j2 to version 2.17 to fix the security vulnerability where Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

3 Bug fixes

Upgrades log4j2 to version 2.15 to fix the security vulnerability where log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints.

3 Bug fixes

Fixes an issue where the collection tool would return an error for the index presence check.

3 Bug fixes

Restored access to data reports from the administration dashboard.

3 Bug fixes

Improves access to documentation for individual plugins from extensions administration UI.

3 Bug fixes

Fixes an issue where perl file manager throws an exception about untainted values when the users try to upload files.

3 Bug fixes

Fixes an issue where perl file manager throws an exception about untainted values when the users try to publish or delete files.

3 Bug fixes

Fixes an issue where the tuning results administration UI couldn’t help apply an outcome of the tuning run.

3 Bug fixes

Fixes an issue where the edit metadata mappings administration UI wouldn’t display counts of detected sources in searchable documents properly.

3 Bug fixes

Fixes an issue where rules defined in redirects.cfg wouldn’t work.

3 Bug fixes

Fixes an issue with the admin UI which prevents creation of push and custom data sources.

3 Bug fixes

Fixes create-collection.pl.

3 Bug fixes

Fixes an issue with push replication in SAML mode as push APIs return now 401 rather than 302 for not-authenticated requests.

3 Bug fixes

Search session cookies are now explicitly marked with SameSite=None;Secure to fix functionality in partial integrations.

3 Bug fixes

Fixes an issue in the DocumentFixerFilterProvider filter in which h1 and h2 elements containing only non-breaking spaces could be used as titles.

3 Bug fixes

Fixes an issue where faceted navigation UI would freeze due to numerous API requests done to check templates' backups for the usage of legacy facets.

3 Bug fixes

Fixes a cross-site scripting vulnerability in Freemarker templates.

3 Bug fixes

Enables users to log into the webdav endpoint without specifying a client id. This is now aligned with other the API endpoints.

3 Bug fixes

Fixed a bug with update of YouTube data sources when no channel ID is provided.

3 Bug fixes

Fixes a bug in reports-send-email.pl, which causes high load.

3 Bug fixes

Fixes a bug in filtering in which outlook files with attachments could not be parsed correctly.