2.4.5 Release Notes

Important
Fusion 2.4.5 ships with Solr 5.5.4, which fixes a vulnerability to a ReplicationHandler path traversal attack which can leave any file readable to the Solr server process exposed unless the server is protected and restricted by firewall rules or authentication. If you are using an earlier version of Solr, be sure to upgrade to 5.5.4. If you must use an earlier version, set up proper firewalls, or disable ReplicationHandler if not in use.

New features

  • Support for Sharepoint 2016

    Fusion 2.4.5 includes many improvements to the Sharepoint connector, including support for Sharepoint 2016 and a new anda.forceRefresh.clearSignatures system property that controls whether to clear each item’s signature when forceRefresh is "true" (the default). To use this property, add it to CONNECTORS_JAVA_OPTIONS in config.sh like this:

    CONNECTORS_JAVA_OPTIONS=(-Xmx2g -XX:MaxPermSize=256m -Dapple.awt.UIElement=true -Danda.forceRefresh.clearSignatures)
  • Box.com connector: support for proxying and security trimming

    Box.com access control lists are now indexed in the acl_users_ss and acl_groups_ss fields. Several new configuration keys are introduced in this release:

    • enable_security_trimming

    • f.isSecurityGroupTrimming

    • f.fs.proxyHost

    • f.fs.proxyPort

    • f.fs.proxyType

    • f.excludedMimeTypes

    • f.includedMimeTypes

    Additionally, the connector now generates a clickable Box.com URL for all files.

  • Google Drive connector: support for security trimming, enterprise crawl, and Google native formats

    Security trimming for this connector is now fully functional. Additionally, Google’s native file formats are now indexed correctly.

    These new configuration keys are introduced in this release:

    • f.fs.mime_type_excludes

    • f.fs.mime_type_includes

    • f.fs.serviceAccountEmail

    • f.fs.serviceAccountId

    • f.fs.serviceAccountPrivateKeyFile

    • f.fs.serviceAccountPrivateKeyFilePassword

    • f.fs.userExcludeList

    • f.fs.userSearchQuery

  • Solr 5.5.4

    Fusion 2.4.5 ships with Solr 5.5.4, which fixes the potential vulnerability described above. See more details about this release here.

Improvements

  • MongoDB connector

    • To support incremental crawls, the perform_initial_sync configuration property has been removed and the connector no longer stores timestamps in a file on disk.

    • Failover and recovery are improved in this release.

  • Solr Partial Index Updater index stage

    This stage has two new configuration keys:

    • rejectUpdatesIfDocNotPresent

    • updateAllDocFields

  • Advanced Boosting query stage

    This stage now correctly recognizes scaleMin and scaleMax values, and allows removal of those values once they are added.

  • The Active Directory Security Trimming query pipeline stage has new configuration parameters to control which format Active Directory uses for usernames and which datasources require security trimming:

    • filterAttribute lets you specify one of the following Active Directory attributes to use as the filter criterion to do security trimming:

      • objectSid (default)

      • sAMAccountName

      • userPrincipalName

    • filterDatasources controls the set of datasources to which filtering should be restricted, allowing content from other datasources (or content not from any Fusion datasource) to pass through.

Known issues

  • Time-based partitioning does not work with the searchlogs collection.