CVE-2020-10132: Version 9.1

Changelog

• fixed: Search support for special characters such as backslash and colon
• fixed: Issue with indexing URLs with spaces
• fixed: Issue with long title PDF titles
• fixed: SearchBlox minor search issues
• fixed: Security Vulnerability issues listed below
  • Vulnerability #1: Stored Cross-site Scripting – Username Field
  • Vulnerability #2: Stored Cross-site Scripting – Role Field
  • Vulnerability #3: Stored Cross-site Scripting – Group, New-group Fields
  • Vulnerability #4: Stored Cross-site Scripting –Add cluster node, Name of the cluster Fields of Cluster
  • Vulnerability #5: Stored Cross-site Scripting – Multiple Fields of Featured Results.
  • Vulnerability #6: Privilege Escalation: Lower user has access to Admin Tab
• fixed: Issue with ignore canonical setting on refresh
• fixed: Issue with the description in Mongo DB, Database collection
• fixed: Updated libraries for Database collection
• fixed: Encoding issue with search servlet
• fixed: Jetty security fix
• fixed: Issue with context encoding
• fixed: Issue with Delete API and Delete Document
• fixed: Minor issues with HTTP collection settings
• fixed: Issue with indexing of Visio file
• fixed: Replicas in the cluster have been set to 2 by default
• fixed: Issue with indexing URLs with encoded values
• fixed: Issue with search context with HTML tags
• fixed: Issue with search settings update while uploading config file
• fixed: Issue with the hyphen in phrase and exact match in featured results
• fixed: Issue with stopwords in URL