Release Notes for Mindbreeze InSpire
Version 2018 Spring Release
Mindbreeze GmbH, A-4020 Linz, 2019.
All rights reserved. All hardware and software names used are brand names and/or trademarks of their respective manufacturers.
These documents are strictly confidential. The submission and presentation of these documents does not confer any rights to our software, our services and service outcomes, or any other protected rights. The dissemination, publication, or reproduction hereof is prohibited.
For ease of readability, gender differentiation has been waived. Corresponding terms and definitions apply within the meaning and intent of the equal treatment principle for both sexes.
Innovations and new features
Improved Microsoft File Connector
The Microsoft File Connector now supports SMB Version 2. Configuration
With BestBets it is possible to give priority ranking to important and predefined results.
Summary of the configuration in the Mindbreeze Management Center:
Language detector applies appropriate model according to text length
Now the language detector provides good results even for very small texts. For small texts, the language detector uses specially trained models in which the text length can be configured.
See the documentation.
GSA replacement preconfiguration provided by plugin
Settings needed for configuring a Mindbreeze InSpire appliance as a GSA replacement can be done automatically by installing “GSA-Replacement-Config.tar.gz” as a plugin.
GSA full feed support
The GSA feed adapter supports full content feeds. When full content feeds are indexed, the feed “datasource” attribute value has to be set up as a category instance in a Mindbreeze index. The GSA full content feeds contain all documents from a data source. Documents which were previously indexed and are no longer contained in the feed will be deleted.
You can find more details in the manual Google Search Appliance Feed Indexing with Mindbreeze InSpire.
Confluence indexing without macro execution
The Mindbreeze Atlassian Confluence Connector can index Confluence pages without executing the macros embedded in them. If the option “Use REST API for Page Content” is activated, only the static textual content of the Confluence pages are indexed using REST API calls. This option is useful if the large amount of macro execution during Confluence indexing causes performance issues.
You can find more details in the manual Atlassian Confluence Connector.
Microsoft IIS/SharePoint authentication API proxy
This feature enables transparent authentication using Microsoft IIS or Microsoft SharePoint for the Mindbreeze search.
Details can be found in Microsoft IIS_SharePoint Authentication API Proxy für Client Service (OAuth2).
Character NGRAMs can be deactivated
In a search query for flower, Mindbreeze also returns results like flowerpot. In some cases, the user might not want this behavior. It is now possible to deactivate this feature and only find results for flower. Details can be found in Documentation Mindbreeze InSpire.
G7 SSL certificate upload for the Management Center
SSL certificates for the MMC can now be easily deployed:
Details can be found at Uploading Certificates.
Other product upgrades
- Web Connector: Kerberos Support
- Support Claims in .NET SharePoint Proxy
- Switch to OpenJDK 8 on Windows (LTS from adoptopenjdk) and Linux (LTS from Redhat via CentOS)
- SAML Authentication: 404 Error when using additional contexts and authenticated URL pattern : "/*"
- GSA Transformer: new features: sort, previous page, Best Bets
- Performance improvement when using restictions on referenced properties
- Update Atomic Host to 7.1811 (CVE-2018-14634, CVE-2018-14633, CVE-2018-14646, CVE-2018-15688, CVE-2018-12384)
- IBM Lotus Notes Principal Cache: Roles with read-permissions were not resolved completely
- IBM Lotus Notes Principal Cache: Group members defined with wildcard were not resolved
- Best Bets: Keyword matches with common keywords were not processed correctly
- Support of Claims as Principals of the identity
- Incorrect date conversion whe using Entity Recognation
- Incorrect highlighting in PDF Preview
- Confluence Crawler: Rest URLs with base-path could not be indexed
- OCR defaults to incorrect encoding
- GSA Feed Adapater: new statistics port may lead to a port conflict
- GSAReplace baseconfig plugin does not configure a VocabularySynonymTransformer if any transformer was added already.
- Typo in mmc.json
- Out of The Box Synonyms are displayed as txt instead of csv in the MMC
- G7 Base Config – ReplacementTransformer is not enabled by default on G7 Appliances
- GSA Feed Adapter: Collection Statistics are available
- G7 defaultconfig und gsareplace Plugins still included old paths to SearchExperience Resources
- GSA Feed Adapter: Use streaming for indexation auf downloaded Web documents.
- GSA Feed Adapter: Insufficent logging and non unique Feed IDs id feeds arrive at the same second.
- Log Backup did not work on G7 Appliances for /data/logs
- GSA Feed Adapter: fqcategory is configurable from header information
- G6 Security Updates CVE-2018-539, CVE-2018-14634, CVE-2018-12384
- Deactivation selected entries of hierachical filters does not work over multiple levels.
- Java Security Update 8u191: CVE-2018-3183,CVE-2018-3209,CVE-2018-3169,CVE-2018-3149,CVE-2018-3211,CVE-2018-3180,CVE-2018-3214,CVE-2018-3157,CVE-2018-3150,CVE-2018-13785,CVE-2018-3136,CVE-2018-3139
- mindbreeze.webapp.Resources RESOURCE target may be an URL
- Robustified Stemming with multiple languages
- Best Bets - GSA KeyMatch Adaption
- After re-invert new buckets are also reinverted (isFreshBucket wird bei reinit auf false gesetzt)
- api.v2.search JSON request with empty quoted_term field causes Index Service segmentation fault
- Provide app.telemetry Informationen using SNMPv3
- Simpler creation of thread-dumps of native processes
- Web Connector: Login Cookie order may not be preserved
- Server-Side Request Forgery (SSRF) vulnerability web.telemetry servlets
- Server-Side Request Forgery (SSRF) vulnerability for binaryCache
- Suggest result on facets is not always selectd
- When a metadataname is mapped to an internal ID bigger than 65536 restriction on this metadata do not work
- InSpire roles for vocabulary, relevance and resource management
- The URL /mashup-login?resource=URL allows redirections to third party sites
- Client Services with ports in the range 23350-23360 cannot start after installing the BestBets configruation plugin
- Support for Jive 9.0.5
- SharePoint Connector: option to disable webpage thumbnails
- Improved line breaks in the preview on extra long words
- XSS in Tab component
- Tomcat Information Disclosure on Windows platforms
- Prevented timeouts of the Kerberos Tool
- Improved Index stability when using computed properties
- Improved Index stability on Windows (processitems servlet)
- IE8 compatibility for the Annotation Popup component
- ACL Constraints are used with PDF preview
- GSA Feed Adapter: display_url von X-Gsa-doc-controls header is used w/ linked pages
- Totalcount corrected when using no aggregation/filtered_facet
- AuthorizationProvider app.telemetry instrumentation
- Best Bets: constant values and patterns are configurable once per data source
- Synedra authorization app.telemetry instrumentation of network requests
- Medical Cockpit – deleting annotations support for IE
- BestBets list properties are case insensitive
- Estimated totalcount is rounded according based on the number of results
- ClientService setting Maximum Custom Metadata Count is applied on value lists
- Query Service memory footprint reduction for complex ACLs
- Medical Cockpit: multi word annotations is corrected
- Medical Cockpit: multi word annotations are support on IE
- Web Connector: login with LoginHandler corrected, if redirecting to non-Login URL-s
- Inspire Update perform_udpate.sh is performed only once if started multiple times concurrently
- Option "Lowercase Principals" for SessionAuthenticationService.HeaderAuthentication
- SessionAuthenticationService.HeaderAuthentication is builtin plugin
- Atlassian Confluence Plugin: Only list non deleted attachments in sitemap
- Oauth Authentication for Microsoft SharePoint-Connector
- Microsoft SharePoint Connector: Traversal optimization works correctly when using the option: "Allow Documents Without ACLs"
- Memory Optimization Microsoft File Connector
- apiRequestHeaders Option for setting additional API-Headers
- Hierarchical Facet (Show more/less)
- Improved logging: Microsoft CRM Principal Resolution Service
- IBM Lotus Notes: Improved indexation of attachments
- GSAFeedAdapter Trusted IP Restriction does not work with multiple X-forwarded-For Addresses (multiple Proxy Servers)
- Java Index SDK Crawler streamed content using Multipart HTTP directly from the source
- Microsoft File Connector : too many error messages: "Failed to find domain of server..."
- Java Security Update 8u181: CVE-2018-2938,CVE-2018-2964,CVE-2018-2941,CVE-2018-2942,CVE-2018-2972,CVE-2018-2973,CVE-2018-2940,CVE-2018-2952
- Best Bets Connector: Open action not available in default Search Client
- LdapClient does not work anymore after intial connection issues
- Microsoft File Connector SMB2: Certain File Handles stayed open (SamrOpenAlias returned error code: 0xC000009A
- Export column name are replaced by their technical names when using Export
- Open Tags (<a ) in App Designer template may crash the browser
- Improved CountLimit when using Aggregations
- Reference Inversion for inverted referencing of properties
- Launched Service Properties are not displayed in Management UI
- Tomcat 8.5.32: ServletException: It is not allowed to configure supportsCredentials=[true] when allowedOrigins=[*]
- Disable TLS 1.0 on Port 8443
- Security: Apache Tomcat Session Reuse / DoS (Update to 8.5.32) CVE-2018-8037,CVE-2018-8034,CVE-2018-8034,CVE-2018-1336
- showMoreAfter-Tab vanishes after second custom tab was deleted
- update-MES-IndexStats.sh: number format changed after jq Update
- Prevent Index inconsistency if shutdown during syncdelta
- GSA Feed Adapter Service: Support source IP Restrictions when using HTTPS
- Custom-Tabs are not focused automaticall when using the showMoreAfter-Option
- Metadataenrichment Doku referneces ClientService instead of Index
- Content Highlighting Optimzation
- Microsoft File Connector: FileIteratorPlugin
- SSH Server: deactivate CBC Mode Ciphers for SSH Server on Port 22 and 2222
- Kernel Security Update : CVE-2018-3639,CVE-2018-3665,CVE-2018-10675,CVE-2018-10872
- RPM Dependency missing: libobasis5.3-pyuno
- ReferenceMetadataBuilderPostFilter and SitemapParser build non-key references incorrectly
- mesapi-Method ItemHelper.buildReferenceItemValue(String categoryOrNull, String categoryInstanceOrNull, String key) ignores category and category instance
- Source_Context is not used by alerts in certain cases (conflicts with tabs)
- mesconfig.xml with <?xml version="1.0" encoding="UTF-8"?> as first line does not work
- GSA Feed Adapter is parsing HTTP-Headers case-insensitive
- ACLs and other improvements for Microsoft Dynamics CRM 365 Connector
- Encoding Problems are possible when using File-Based configuration
- GSA Feed Adapter support ACLs definied with X-gsa-doccontrols Headers
- Improved mime-type detection for the GSA Adapter
- Encoding Issue in Chart Lables
- Suggests are not checked when selecting in a hierachical Filter
- HttpClient NullPointerException in PrincipalResolutionCache
- Renewed Code Signing Certificate
- Permissions Issue on /data/apps
- Improved BestBets Editor
- Configurable case-sensitivity of Stemmer Transformer
- Security: yum CVE-2018-10897
- G6/G7 Kernel Security Update : CVE-2018-3620, CVE-2018-3646, CVE-2018-3693, CVE-2018-5390, CVE-2017-15265, CVE-2018-7566, CVE-2018-1000004, CVE-2018-10675, CVE-2017-13215
- Filesystem Crawler mit "SMB2 Support" re-inidexes files even if only Flags or ADS changed
- Sitemap-based Crawling with redirects extracts no metadaten (mes:meta) from the sitemap
- Kernel security update: CVE-2018-3639
- Java version 8u172
- BestBets connector for 2018 Winter Release
- Apache Tika: no sporadic exceptions when filtering certain pptx files
- CVE security Issue: Zip-Slip vulnerability
- Inverter improvements when merging large documents
- Jericho control metadata for <meta> tag extraction
- GSA replacement base configuration improvement regarding port registration
- Item value is aggregated as ProtobufTextual
- Improved behavior when the sandbox of a plugin cannot register because of resource shortage
- Jericho filter supports plaintext
- OPTIONS supplies CORS header
- Icon for BestBets is selectable
- backup-indices.sh: Free space detection does not work on centos 6; missing index directory is now skipped
- iFrame src can be customized using resource.json (protocol, hostname, port)
- Temporary file name clashing for certificate in CreditionalStore
- Optimization of order by property – using ValueReader and QuantityReader
- Client: CORS with an authenticated ClientService does not work with AjaxChannel
- Pass filter language neutral filter values
- TLS protocols are configurable for the ClientService
- Custom Searchapp name is sent on suggest-init
- Microsoft File Connector supports SMB > 1
- Merge participants are logged on merge errors
- Exclusive use of "LDAP Server" is possible
- HTTP URL parameters are passed to SessionAuthenticationPlugin.
- Improved stability of PDFPreview Filter
- Diacritic characters are considered on export
- Port 80 available as ClientService port on G7 Appliances
- Enabled mount inside the InSpire container
- G7 appliance image now enforces root passwort change on first login
- Preparation for GSA feeds via HTTPS