Release Notes for Mindbreeze InSpire

Copyright ©

Mindbreeze GmbH, A-4020 Linz, 2018.

All rights reserved. All hardware and software names are brand names and/or trademarks of their respective manufacturers.

These documents are strictly confidential. The submission and presentation of these documents does not confer any rights to our software, our services and service outcomes or other protected rights. The dissemination, publication or reproduction hereof is prohibited.

For ease of readability, gender differentiation has been waived. Corresponding terms and definitions apply within the meaning and intent of the equal treatment principle for both sexes.

Online demo about the new featuresPermanent link for this heading

In our webinar “What's New Mindbreeze InSpire 2017 Summer Release“, Patrick Geschwentner presents all the new features in detail and demonstrates how to configure them.

The recording is available for download: Download Recordings: What's New - Mindbreeze InSpire 2017 Summer Release.

Innovations and new featuresPermanent link for this heading

Global configuration of query and item transformation pluginsPermanent link for this heading

In the new “Global Index Settings“ area, you can now configure transformation plugins that are automatically active for all indices. This does away with the more complex individual configuration.

For more information, see Mindbreeze InSpire configuration .

Profiles on the clientPermanent link for this heading

Profiles now allow you to change the language for individual users and to define the number of search results to be loaded per page.

For more information about the configuration, see Profile configuration.

Improved relevancePermanent link for this heading

The order of the search results now clearly reflects their relevance to the search query. In the new update, the order of search results is automatically altered so that the first hits better match the search query. Extended settings in the relevance model can be configured extensively in the Management Center.

More information at Mindbreeze Query Expression Transformation

Updates in Management CenterPermanent link for this heading

In the future, new Mindbreeze InSpire updates can be installed using the new update wizard. The new SFX file is uploaded without the command line, and the update is executed on a new Mindbreeze InSpire version.

For more information see: Mindbreeze-InSpire-SFX-Update

Exporting search results in Excel and JSON file formatsPermanent link for this heading

In addition to the CSV file format, search results can now also be downloaded in Excel (xlsx), JSON, and ZIP file formats.

For configuration details, see Configuration---Export functionality

PDF preview: new featuresPermanent link for this heading

Navigation between search resultsPermanent link for this heading

In addition to color highlighting the search query, navigation buttons now enable you to navigate to the next hit in the PDF preview.

New interaction possibilities with hyperlinks in PDFsPermanent link for this heading

An API extension allows developers to react to hyperlinks in the PDF preview. For example, an interactive tooltip for a component in a technical drawing can be displayed.

For more information, see Development of search applications

New "suggestlist" component in the search app designerPermanent link for this heading

The new “suggestlist“ component lists the suggestions from the suggest API. For example, “popular searches“ can be displayed under the results list.

For more information, see Development of search applications

New connectorsPermanent link for this heading

SharePoint Online connectorPermanent link for this heading

With this new connector, the content from SharePoint Online can now be indexed. For more information, see SharePoint Online connector configuration.

Google Drive connectorPermanent link for this heading

Mindbreeze InSpire can now index all stored files and Google Docs documents from Google Drive. For more information, see Google-Drive-Connector configuration.

IBM Connections connectorPermanent link for this heading

The new IBM Connections connector allows all content from IBM's on-premises solutions to be indexed. See IBM Connections connector configuration for more information.

GitHub connectorPermanent link for this heading

With the new GitHub connector, content from public and private GitHub repositories can be indexed. See GitHub connector configuration for more information.

Atlassian Jira connectorPermanent link for this heading

Mindbreeze InSpire now supports indexing content from Atlassian Jira. For more information, visit Configuration – Jira Connector.

GSA feed adapter: GSA content feedsPermanent link for this heading

The GSA adapter now supports Google GSA content feeds. More information at GSA adapter service configuration.

Technical upgradesPermanent link for this heading

Web Connector: support for googleon/googleoff tagsPermanent link for this heading

Explanation: Google GSA defines a mechanism for marking certain parts within a single HTML website (e.g. menu, footer) as “non-searchable“. Consequently, these designated sections are not indexed, although the rest of the page is. The marks take the form of HTML comments that are set in pairs.

Example: fish <!--googleoff: index-->shark <!--googleon: index-->dog
“fish“ and “dog“ are indexed, “shark“ is not.

The Mindbreeze InSpire Web Connector now detects googleon/googleoff tags and automatically skips unwanted sections without the need for complicated configuration using XPath rules.

For more information, see Web Connector configuration .

Faster restart of servicesPermanent link for this heading

The system for starting and stopping services has been improved. Indexes are now shut down simultaneously. This reduces the waiting time for configuration changes, especially in large installations. In addition, only the affected services will be restarted if the configuration is changed.

For more information, see Service Restart Behavior after Configuration Changes.

Easier Kerberos configuration with keytab assistantPermanent link for this heading

The new keytab assistant in Management Center simplifies the setup of Kerberos. The assistant automatically detects the Kerberos configuration, diagnoses possible errors, and ensures that the configuration is correct. In the event of an error, the system outputs a detailed error message.

For more information see: Configuration-Kerberos-Authentication

Various optimizationsPermanent link for this heading

Performance optimizationsPermanent link for this heading

  • The index has been optimized and now requires less memory. In addition, performance optimizations mean that the index is also faster now.
  • The configuration surface now loads much faster in large installations.

New version of app.telemetryPermanent link for this heading

Mindbreeze InSpire now has the new app.telemetry version 17.1. release notes.

In rare cases, the updated version is not installed automatically. In this case, please request an updated app.telemetry license.

Additional ChangesPermanent link for this heading

Spectre and MeltdownPermanent link for this heading

Spectre and Meltdown refer to 3 vulnerabilities (Variant 1 – 3) that allow an unprivileged attacker to bypass conventional memory security restrictions in order to gain read access to privileged memory that would otherwise be inaccessible. Mindbreeze strongly advises to install the fixes for InSpire as soon as they are available. Please note that as of this writing the firmware updates are not yet released by Dell and therefore are not available to be updated according to [1].  The fixes have a negative performance impact. As all updates are not yet available we can only measure parts of the impact, which is considered low. Mindbreeze InSpire is interacting with unprivileged third party code remotely via HTTPS, therefore the immediate risk of gaining access to privileged memory is considered impractical [2].

As of today Redhat has already released operating system patches included in the currently released InSpire Update Image. This addresses variant 1, and variant 3. Variant 2 requires firmware update. As soon as the firmware is made available, we will make the update available to our customers.

Exploited Vulnerability

CVE

Exploit
Name

Public Vulnerability Name

Silicon Microcode Update ALSO Required on Host

Spectre

2017-5753

Variant 1

Bounds Check Bypass

No

Spectre

2017-5715

Variant 2

Branch Target Injection

Yes

Meltdown

2017-5754

Variant 3

Rogue Data Cache Load

No

[1] http://www.dell.com/support/article/at/de/atbsdt1/sln308588/microprocessor-side-channel-vulnerabilities-cve-2017-5715-cve-2017-5753-cve-2017-5754-impact-on-dell-emc-products-dell-enterprise-servers-storage-and-networking-?lang=en

[2] https://github.com/marcan/speculation-bugs/blob/master/README.md

New featuresPermanent link for this heading

  • Support for translation of metadata based on a plugin. Documentation.
  • Start Optional Producer without QEng and without queryable announcement. Documentation.
  • Search behavior reporting (clicks, preview, etc.) based on additional metadata (country, data source, language, etc.). Documentation.
  • Collected results can be persisted. Documentation.
  • Configurable delay for reinverting at index start so that all plugins can register. Documentation.
  • Support for per-record ACLs in GSA adapter service. Documentation.
  • Performace inprovements

DefectsPermanent link for this heading

The version contains fixes for the following defects:

  • Operating System patches for Spectre/Meltdown
  • Security improvements
  • Exchange Mailboxpermissions are not added as ACLs
  • Search Apps: collect-component wiht persistence cannot be used standalone
  • Search Apps: search restriction is not applied on export
  • PDF Highlighting search hit is highlighted incorrectly
  • Race-Condition in custom plugin component
  • Tomcat Update to 8.5.23
  • Service: API Transformation Endpoint (XSLT Transformation / Manipulation Response-JSON)
  • LicenceCheck without master adds 20 second deyals to queries
  • Egnyte Connector: Regression with path-metadata
  • Error im Manager UI
  • Nodeconfig Builder Problem: two plugins having the same ID
  • MetadataAuthorizationTransformer with View-/Zone-Restrictions only works with One Phase Search and Enrich
  • LDAP-Principal-Cache hangs
  • Mindbreeze Web Client: selection of quoted query terms
  • Memory leak in `SandboxedPrincipalResolver::resolvePrincipals()`
  • Web Client: Preview empty when exporting search results
  • NWayMergeDocumentEntryIterator Optimization
  • HTTP configuration for Management Center: SSL Parameter optimization
  • HTTP-based ItemTransformation: no Retry on Connection Errors
  • Manuelle Backups (z.B. mesconfig.xml.backup_2017_08_31) are preventing conig saves
  • Protobuffer Parsing Error
  • SharePoint Connector: Metadata with duplicate values" (e.g. sp_ContentTypeId: 2x same value)"
  • FileConnector ACL problem (domain controller builtin groups)
  • Filesystem Crawler Performance Problem
  • Support for SHA256 Signatures for SAML 2.0
  • split function in the PropertyExpr language
  • Confluence Sitemap Generator does not work with Confluence 6.1.4.
  • Memory leak in PropertyExprEvaluationSDKValueEnvironment<ContextT>::_emitStringAsParsedDate()` function
  • APIV2SearchRequestResponseTransformer url should include the pluginID
  • SFX Update GUI: /tmp cannot be used to execute SFX
  • Security improvements
  • java Security Update 8u151
  • Umlauts in Alerting Queries are not working
  • Shortcut-DynamicConstraint source_expr is not simplified (searches everything)
  • Custom AuthorizationService + PrincipalResolutionService does not replace existing access Plugin
  • Exchange Connector: ACLs are not lowercase
  • Missing permission to create the index directory results in an error that is difficult to diagnose
  • GitHub crawler proxy is hardcoded
  • Performance problems at ACL cache flush times
  • ACL Internalisation-Cache defines empty ACL as ownACL with outcome INCONCLUSIVE (instead of forwarding to the next authorizer)
  • ClassifyingAuthorizationAdapter is default enabled and cannot be configured
  • Dynamic Constraints yield no results if emptied (empty query)
  • When “Suppress Internal Identity Conversion” is activated, the configured “Identity Conversion Services” are no longer called up
  • Category icon missing for new data sources (GitHub, SharePoint Online, etc.)
  • Kerberos configuration error in Detect Config
  • Null pointer exception with XLSX export
  • Timeline view can’t be overwritten (prototype)
  • Export writes “Export job was canceled” in the export output with repeated clicks (although the last export job must be processed correctly)
  • (LDAP Principals cache) The user name in the generated UPN is not sAMAccountName
  • Novell sitemap generator generates an unnecessarily large amount of network traffic
  • IBM Connections: Wiki binary attachments cause the crawl run to abort
  • IBM Connections: Forum replies are not parsed correctly
  • IBM Connections: Wiki attachments – relative URLs in seed list cause “404 not found”
  • GSA Feed Adapter: URL-s with whitespace are indexed without metadata
  • GSA URL-encoded feeds are incorrectly decoded:  "+" is interpreted as whitespace.
  • GSA feed adapter: delete only works if content is set
  • GSA feed adapter: ACL parser delivers errors
  • GSA feed adapter: Unsupported file extension “.bin”
  • GSA feed adapter cannot parse <meta .. > “metadata with multiple values”
  • GSA content feed performance problems
  • GSA feed adapter: Unparsable date
  • GSA connector indexes metadata with the metadatum: “Prefix for content feeds”
  • Launched service remote service stubs are only generated if service and launched service are running on the same node
  • apps/pdfviewer/index.html instead of apps/client/pdfviewer.html (too sensitive when the application is moved)
  • HTML title overwrites e-mail subject
  • FilterAndIndexClient cannot shut down its ExecuterService
  • Diacritical variants of a word (e.g., über vs. uber) are not highlighted in preview
  • Index plugins properties are not fully forwarded in the NodeConfigBuilder to the appropriate Extenspoint service
  • Race condition with cache identity::hashCode (not thread safe)
  • Telemetry no longer works with embedded search applications
  • Jive principals cache: Anonymous users cannot find the public content
  • NoSuchMethodError with Apache Tika and Office documents
  • JSON format: Parse error if missing field is an empty JSON object or array
  • Google Drive connector OAuth doesn’t work without proxy
  • File connector ACL problems (domain controller Builtin groups)