Release Notes for Mindbreeze InSpire

Mindbreeze GmbH, A-4020 Linz, 2018.

These documents are strictly confidential. The submission and presentation of these documents does not confer any rights to our software, our services and service outcomes or other protected rights. The dissemination, publication or reproduction hereof is prohibited.

For ease of readability, gender differentiation has been waived. Corresponding terms and definitions apply within the meaning and intent of the equal treatment principle for both sexes.

Online demo about the new features

In our webinar “What's New − Mindbreeze InSpire 2017 Summer Release“, Patrick Geschwentner presents all the new features in detail and demonstrates how to configure them.

The recording is available for download: Download Recordings: What's New - Mindbreeze InSpire 2017 Summer Release.

Innovations and new features

Global configuration of query and item transformation plugins

In the new “Global Index Settings“ area, you can now configure transformation plugins that are automatically active for all indices. This does away with the more complex individual configuration.

For more information, see Mindbreeze InSpire configuration .

Profiles on the client

Profiles now allow you to change the language for individual users and to define the number of search results to be loaded per page.

For more information about the configuration, see Profile configuration.

Improved relevance

The order of the search results now clearly reflects their relevance to the search query. In the new update, the order of search results is automatically altered so that the first hits better match the search query. Extended settings in the relevance model can be configured extensively in the Management Center.

More information at Mindbreeze Query Expression Transformation

Updates in Management Center

In the future, new Mindbreeze InSpire updates can be installed using the new update wizard. The new SFX file is uploaded without the command line, and the update is executed on a new Mindbreeze InSpire version.

For more information see: Mindbreeze-InSpire-SFX-Update

Exporting search results in Excel and JSON file formats

In addition to the CSV file format, search results can now also be downloaded in Excel (xlsx), JSON, and ZIP file formats.

For configuration details, see Configuration---Export functionality

PDF preview: new features

Navigation between search results

In addition to color highlighting the search query, navigation buttons now enable you to navigate to the next hit in the PDF preview.

New interaction possibilities with hyperlinks in PDFs

An API extension allows developers to react to hyperlinks in the PDF preview. For example, an interactive tooltip for a component in a technical drawing can be displayed.

For more information, see Development of search applications

New "suggestlist" component in the search app designer

The new “suggestlist“ component lists the suggestions from the suggest API. For example, “popular searches“ can be displayed under the results list.

For more information, see Development of search applications

New connectors

SharePoint Online connector

With this new connector, the content from SharePoint Online can now be indexed. For more information, see SharePoint Online connector configuration.

Google Drive connector

Mindbreeze InSpire can now index all stored files and Google Docs documents from Google Drive. For more information, see Google-Drive-Connector configuration.

IBM Connections connector

The new IBM Connections connector allows all content from IBM's on-premises solutions to be indexed. See IBM Connections connector configuration for more information.

GitHub connector

With the new GitHub connector, content from public and private GitHub repositories can be indexed. See GitHub connector configuration for more information.

Atlassian Jira connector

Mindbreeze InSpire now supports indexing content from Atlassian Jira. For more information, visit Configuration – Jira Connector.

GSA feed adapter: GSA content feeds

The GSA adapter now supports Google GSA content feeds. More information at GSA adapter service configuration.

Technical upgrades

Web Connector: support for googleon/googleoff tags

Explanation: Google GSA defines a mechanism for marking certain parts within a single HTML website (e.g. menu, footer) as “non-searchable“. Consequently, these designated sections are not indexed, although the rest of the page is. The marks take the form of HTML comments that are set in pairs.

Example: fish shark dog
“fish“ and “dog“ are indexed, “shark“ is not.

The Mindbreeze InSpire Web Connector now detects googleon/googleoff tags and automatically skips unwanted sections without the need for complicated configuration using XPath rules.

For more information, see Web Connector configuration .

Faster restart of services

The system for starting and stopping services has been improved. Indexes are now shut down simultaneously. This reduces the waiting time for configuration changes, especially in large installations. In addition, only the affected services will be restarted if the configuration is changed.

For more information, see Service Restart Behavior after Configuration Changes.

Easier Kerberos configuration with keytab assistant

The new keytab assistant in Management Center simplifies the setup of Kerberos. The assistant automatically detects the Kerberos configuration, diagnoses possible errors, and ensures that the configuration is correct. In the event of an error, the system outputs a detailed error message.

For more information see: Configuration-Kerberos-Authentication

Various optimizations

Performance optimizations

The index has been optimized and now requires less memory. In addition, performance optimizations mean that the index is also faster now.
The configuration surface now loads much faster in large installations.

New version of app.telemetry

Mindbreeze InSpire now has the new app.telemetry version 17.1. release notes.

In rare cases, the updated version is not installed automatically. In this case, please request an updated app.telemetry license.

Additional Changes

Spectre and Meltdown

Spectre and Meltdown refer to 3 vulnerabilities (Variant 1 – 3) that allow an unprivileged attacker to bypass conventional memory security restrictions in order to gain read access to privileged memory that would otherwise be inaccessible. Mindbreeze strongly advises to install the fixes for InSpire as soon as they are available. Please note that as of this writing the firmware updates are not yet released by Dell and therefore are not available to be updated according to [1]. The fixes have a negative performance impact. As all updates are not yet available we can only measure parts of the impact, which is considered low. Mindbreeze InSpire is interacting with unprivileged third party code remotely via HTTPS, therefore the immediate risk of gaining access to privileged memory is considered impractical [2].

As of today Redhat has already released operating system patches included in the currently released InSpire Update Image. This addresses variant 1, and variant 3. Variant 2 requires firmware update. As soon as the firmware is made available, we will make the update available to our customers.

Exploited Vulnerability	CVE	Exploit Name	Public Vulnerability Name	Silicon Microcode Update ALSO Required on Host
Spectre	2017-5753	Variant 1	Bounds Check Bypass	No
Spectre	2017-5715	Variant 2	Branch Target Injection	Yes
Meltdown	2017-5754	Variant 3	Rogue Data Cache Load	No

[1] http://www.dell.com/support/article/at/de/atbsdt1/sln308588/microprocessor-side-channel-vulnerabilities-cve-2017-5715-cve-2017-5753-cve-2017-5754-impact-on-dell-emc-products-dell-enterprise-servers-storage-and-networking-?lang=en

[2] https://github.com/marcan/speculation-bugs/blob/master/README.md

New features

Support for translation of metadata based on a plugin. Documentation.
Start Optional Producer without QEng and without queryable announcement. Documentation.
Search behavior reporting (clicks, preview, etc.) based on additional metadata (country, data source, language, etc.). Documentation.
Collected results can be persisted. Documentation.
Configurable delay for reinverting at index start so that all plugins can register. Documentation.
Support for per-record ACLs in GSA adapter service. Documentation.
Performace inprovements

Defects

The version contains fixes for the following defects:

Operating System patches for Spectre/Meltdown
Security improvements
Exchange Mailboxpermissions are not added as ACLs
Search Apps: collect-component wiht persistence cannot be used standalone
Search Apps: search restriction is not applied on export
PDF Highlighting search hit is highlighted incorrectly
Race-Condition in custom plugin component
Tomcat Update to 8.5.23
Service: API Transformation Endpoint (XSLT Transformation / Manipulation Response-JSON)
LicenceCheck without master adds 20 second deyals to queries
Egnyte Connector: Regression with path-metadata
Error im Manager UI
Nodeconfig Builder Problem: two plugins having the same ID
MetadataAuthorizationTransformer with View-/Zone-Restrictions only works with One Phase Search and Enrich
LDAP-Principal-Cache hangs
Mindbreeze Web Client: selection of quoted query terms
Memory leak in `SandboxedPrincipalResolver::resolvePrincipals()`
Web Client: Preview empty when exporting search results
NWayMergeDocumentEntryIterator Optimization
HTTP configuration for Management Center: SSL Parameter optimization
HTTP-based ItemTransformation: no Retry on Connection Errors
Manuelle Backups (z.B. mesconfig.xml.backup_2017_08_31) are preventing conig saves
Protobuffer Parsing Error
SharePoint Connector: Metadata with duplicate values" (e.g. sp_ContentTypeId: 2x same value)"
FileConnector ACL problem (domain controller builtin groups)
Filesystem Crawler Performance Problem
Support for SHA256 Signatures for SAML 2.0
split function in the PropertyExpr language
Confluence Sitemap Generator does not work with Confluence 6.1.4.
Memory leak in PropertyExprEvaluationSDKValueEnvironment<ContextT>::_emitStringAsParsedDate()` function
APIV2SearchRequestResponseTransformer url should include the pluginID
SFX Update GUI: /tmp cannot be used to execute SFX
Security improvements
java Security Update 8u151
Umlauts in Alerting Queries are not working
Shortcut-DynamicConstraint source_expr is not simplified (searches everything)
Custom AuthorizationService + PrincipalResolutionService does not replace existing access Plugin
Exchange Connector: ACLs are not lowercase
Missing permission to create the index directory results in an error that is difficult to diagnose
GitHub crawler proxy is hardcoded
Performance problems at ACL cache flush times
ACL Internalisation-Cache defines empty ACL as ownACL with outcome INCONCLUSIVE (instead of forwarding to the next authorizer)
ClassifyingAuthorizationAdapter is default enabled and cannot be configured
Dynamic Constraints yield no results if emptied (empty query)
When “Suppress Internal Identity Conversion” is activated, the configured “Identity Conversion Services” are no longer called up
Category icon missing for new data sources (GitHub, SharePoint Online, etc.)
Kerberos configuration error in Detect Config
Null pointer exception with XLSX export
Timeline view can’t be overwritten (prototype)
Export writes “Export job was canceled” in the export output with repeated clicks (although the last export job must be processed correctly)
(LDAP Principals cache) The user name in the generated UPN is not sAMAccountName
Novell sitemap generator generates an unnecessarily large amount of network traffic
IBM Connections: Wiki binary attachments cause the crawl run to abort
IBM Connections: Forum replies are not parsed correctly
IBM Connections: Wiki attachments – relative URLs in seed list cause “404 not found”
GSA Feed Adapter: URL-s with whitespace are indexed without metadata
GSA URL-encoded feeds are incorrectly decoded: "+" is interpreted as whitespace.
GSA feed adapter: delete only works if content is set
GSA feed adapter: ACL parser delivers errors
GSA feed adapter: Unsupported file extension “.bin”
GSA feed adapter cannot parse <meta .. > “metadata with multiple values”
GSA content feed performance problems
GSA feed adapter: Unparsable date
GSA connector indexes metadata with the metadatum: “Prefix for content feeds”
Launched service remote service stubs are only generated if service and launched service are running on the same node
apps/pdfviewer/index.html instead of apps/client/pdfviewer.html (too sensitive when the application is moved)
HTML title overwrites e-mail subject
FilterAndIndexClient cannot shut down its ExecuterService
Diacritical variants of a word (e.g., über vs. uber) are not highlighted in preview
Index plugins properties are not fully forwarded in the NodeConfigBuilder to the appropriate Extenspoint service
Race condition with cache identity::hashCode (not thread safe)
Telemetry no longer works with embedded search applications
Jive principals cache: Anonymous users cannot find the public content
NoSuchMethodError with Apache Tika and Office documents
JSON format: Parse error if missing field is an empty JSON object or array
Google Drive connector OAuth doesn’t work without proxy
File connector ACL problems (domain controller Builtin groups)