Thunderstone Support Forums

Several updates are now available for the appliance: texis-8.01.1713477544, texisScripts-27.2.0, applianceman-27.2.0.

Note that it may take two complete cycles of checking (System -> System Setup -> Update Software) and applying all offered updates in order to install all possble updates: some updates require others to be installed beforehand, and will not be offered until then.

texis-8.01.1713477544 provides the following:

• Fixed the C# Search SOAP API Example project giving The system cannot find the path specified. when establishing a Service Reference
• Crawling/fetches/Texis now use OpenSSL 3.2.1, which fixes CVE-2024-0727, CVE-2023-6237, CVE-2023-6129, CVE-2023-5678, CVE-2023-5363 since the last Texis product update (OpenSSL 3.1.3). None of these CVEs are thought to affect Texis nor appliances. CVE-2024-0727 (crash), CVE-2023-6237 (time), CVE-2023-5678 (time), CVE-2023-5363 (confidentiality) can cause a crash, excessive time consumption, or loss of confidentiality (as noted), but should not affect Texis as the affected APIs are not known to be used by Texis. CVE-2023-6129 does not affect Texis as there are currently no PowerPC Texis versions. Note that this update does not affect the OpenSSL version used by Appliance server processes, which is updated separately.

texisScripts-27.2.0 provides the following:

• Added ability to choose profile based on hostname used to access the appliance, via Default Profile Sources setting
• Fixed viewing Best Bet Clicks in Query Log sometimes giving query would require post-processing error
• SOAP API improvements:
  • Admin SOAP API now checks all admin restrictions on initial login in addition to actual functionality
  • Functions besides login with auth failure now specify the reason for the failure
  • Responses to requests that have XML parsing errors now include details about the parsing error in the response, instead of just 'An XML parsing error was encountered'
  • Fixed admin SOAP API setSettings() function not returning a proper soap fault when given an invalid profile
  • Added about function from search SOAP service to admin and dataload SOAP services
• Fixed Dashboard javascript errors when there's absolutely no historical dashboard information (e.g. a freshly created machine)
• Fixed application/json MIME type with lots of highbit content not being treated as text
• Fixed System Actions in the Upgrade Data UI not showing their help icon
• Fixes when creating a profile as a copy of another:
  • Now copies best bets, walk schedule and query log rotation schedule
  • Parametric profile copy with "standard" Profile Type selected will now copy the source profile's parametric fields
  • Fix where the copy would show the search results of the source profile until any settings were changed or a walk performed
• Improved search efficiency with many (>1000) Category URL Patterns and many simultaneous searches
• Query Log improvements:
  • Viewing now uses asynchronous tabs for tables of data
  • Download Query Log link now shows the date range that would apply to that download
  • Filenames generated for querylog downloads now reflect the date of the querylog data, rather than the current date
  • Fix query log date searches at boundary conditions
• Update Software now shows some progress messages and an info popup
• Fixed uploaded custom favicon.ico, robots.txt, or homepages in System Wide Settings not being served properly in 4th Generation appliances
• Setting to send security headers on search script set security headers on dowalk
• Handle rpms signed on Rocky 9: previous scripts could not install some Rocky 9 RPMs; fixed. This only affected manually-provided updates, not those obtained via the update server (System -> System Setup -> Update Software).

applianceman-27.2.0 updates the documentation.

These updates are available via the System -> System Setup -> Update Software menu item.

<write> uses a dynamically-sized buffer. It buffers the entire contents of a single print-to-output Vortex statement, then writes that output in a single write() system call to the <write> file. Literal Vortex text is buffered, up to a line I think. There may be exceptions to these rules but I can't find any offhand.

A new appliance update is available: texisScripts-27.1.0. It provides the following fixes and updates:

• Page URL and URL URL settings now invoke Data From Field when processing their assigned URLs
• Fixed Log Viewer not showing Profile Walk Status entries at the bottom in gen4 appliances
• Test Fetch: display now includes Request Headers and Request Body; no longer improperly shows details from subfetch processing in the Test Fetch display; now shows Data From Field rules and Subfetch
• Primer URLs now apply to when walking Single Pages and Page URLs
• Fixed infinite walk loop when multiple sites reference multiple sitemaps in their robots.txt, with each site referencing each others' sitemaps
• Added support for indexing legacy Azure Blob listing formats

Note that this update is available only for Gen3+ (2013+) appliances currently, pending a patch update.

To apply the update, go to the System -> System Setup -> Update Software menu item.

A new set of appliance updates is available: texisScripts-27.0.0, texis-8.01.1696628157-2, applianceman-27.0.0. Overview:

• Additional Login Form Flows
  Multi step login forms are now supported by our Primer URL settings where there may be several steps required to login to the site, and the forms on intermediate pages may have dynamic or session specific information.
• Improved Test Fetch Information
  Test Fetch now provides additional information about the Primer URLs used, and response received to assist with setting up complicated login flows.
• Metasearch Sorting
  Meta search profiles now support sorting on two fields, which is commonly used by Parametric searches.
• Other fixes
  Miscellaneous other bug fixes and enhancements to the crawl and search interfaces.

Details: texisScripts-27.0.0 provides the following:

• Fixed configured Max Load Average printing bad numeric date fmt error
• Fixed DBWalker Oracle EULA Agreement dialog
• DBWalker server issues are now presented more clearly
• Fixed metasearch List/Edit URLs links to the backend profile interfaces
• Editing a DBWalker configuration created with a custom JDBC connection string now defaults to managing that connection string
• Fixed CSRF error when editing DBWalker stylesheets
• DBWalker now properly prevents editing the default.xsl DBWalker stylesheet
• Fixed admin SOAP API getTasks() not returning finished, system-wide tasks without unnecessarily specifying db=!NONE
• Added Remake Task Tables under Repair Tools
• Fixed walks with Attach Query Log=Y rotating the query log with an empty End of Walk Email
• Fixed dispatch infinitely looping when encountering an email address improperly linked to as if it was a website
• Test Fetch now provides detailed, collapsible information on Primers and Unprimers used
• Multiple-field (separated by commas) order parameter order-by now supported for metasearch frontends (up to 2 fields); was silently sorting by rank. More error reporting for unknown metasearch frontend order-by fields.
• Added new walk Primer token, !PREVIOUS_RESPONSE_FORM, to allow submitting forms generated by the previous primer

texis-8.01.1696628157-2 provides:

• Added dbcp connection pooling to DBWalker
• Small (several hundred byte) fetch memleaks fixed
• Walks/fetches now use OpenSSL 3.1.3, which fixes CVE-2023-3817, CVE-2023-3446, CVE-2023-2975, CVE-2023-4807 since the last Texis product update (OpenSSL 3.1.1). These CVEs are not known to affect Appliance walks. This update does not affect the OpenSSL version used by Appliance <em>server</em> processes, only walks/fetches.
• Walks/fetches update to use OpenSSL 3.1.1, which fixes CVE-2022-4304 which has a very low probability of crawl connections being decrypted. Also fixes CVE-2023-0401, CVE-2023-0286, CVE-2023-0217, CVE-2023-0216, CVE-2023-0215, CVE-2022-4450, CVE-2022-4203, CVE-2022-3996, CVE-2023-0286, CVE-2023-2650, CVE-2023-1255, CVE-2023-0466, CVE-2023-0465, CVE-2023-0464 for crawls, which do not affect crawls/fetches. This update does not affect the OpenSSL version used by Appliance server processes, only walks/fetches.

applianceman-27.0.0 updates the documentation.

Note: All of these updates are currently only available for Gen3 (2013+) and later appliances, pending a future thunderstonePatch update for older appliances.

Updates can be found via the System -> System Setup -> Update Software menu item.

A new set of appliance updates is available: texisScripts-26.1.0, texis-8.01.1684793255, applianceman-26.1.0, and thunderstonePatch-2.21.

texisScripts-26.1.0 provides the following:

• Fixed many self-links (query logging clickUrls, cache content, search RSS, etc) when accessing the appliance behind a forwarding proxy
• Fixed Cannot insert value when indexing encounters certain extremely long, malformed URLs
• replication sender no longer affected by Protocols walk setting
• Changes to reduce Connection reset/closed? false-positive errors that terminate requests early; may also miss some true-positive client connection resets

texis-8.01.1684793255 provides:

• Texis monitor was not completely dropping root privileges when run as root but file-setuid non-root (real user remained root, though effective was non-root); fixed

applianceman-26.1.0 updates the documentation for this release.

thunderstonePatch-2.21 provides:

• Disable broken partial TLSv1.3 support for Apache httpd & Webmin until fully supported by both.

Note: All of these updates are currently only available for Gen3 (2013+) and later appliances, pending a future thunderstonePatch update for older appliances.

Updates can be found via the System -> System Setup -> Update Software menu item.

A new set of appliance updates is available: texisScripts-26.0.0 and applianceman-26.0.0.

texisScripts-26.0.0 provides the following:

• Added more Access Control Lists for admin interface sections
• Added Host Aliases setting, for when one site is a copy of (or redirects to) another site
• Canonical URLs now respect Placeholders=Y, storing a placeholder of the non-canonical URL found. This helps indexing multiple sites with cross-site links to non-canonical pages
• file:// walks are now more robust when file server goes down and returns during same walk: URLs attempted after the server comes back up should now succeed, instead of potentially failing due to re-use of stale connection
• Query autocomplete no longer disabled by setting Allow Wildcards=N
• Now better handles character sets in dataload requests that don't explicitly specify <Charset> in Items
• Changed password configuration inputs to use autocomplete=new-password instead of 'off' to avoid overly aggressive browser password managers
• Added placeholder input for Base URL, instead of default http:// value
• Re-Schedule Walks fixes: was not properly maintaining Schedule Rewalk Type; now confirms actions before applying; now applies query log rotation schedules too; now properly removes vestigial schedules for already-deleted profiles; now properly removes schedules improperly applied to other dowalk paths

applianceman-26.0.0 updates the documentation for this release.

Note: All of these updates are currently only available for Gen3 (2013+) and later appliances, pending a future thunderstonePatch update for older appliances.

Probably. No space left on device in an open-shared-mem context means there's no room left to create a new shared mem segment; each in-use database needs one for locks (~220 KB each), and with 1000 created the OS has probably run out of space. If you're not using all 1000 databases at once, you can recover some shared mem with rmlocks -f on each database when you are done with it, to free its lock structure.

You can also try increasing the max number of available shared mem segments; you'll have to check your OS/docker docs to find how to do that. (I think there's a --shm-size docker option.)

A new set of appliance updates is available: texisScripts-25.2.0, applianceman-25.2.0, texis-8.01.1673380933.

texisScripts-25.2.0 provides the following:

• Improved error handling when parts of creating a profile fail. Would sometimes print the UI multiple times
• Dashboard will no longer accumulate errors if refreshing the Document Usage Overview repeatedly fails
• Added Always Refresh Listing Pages, allows for more reliably discovering new content in refresh walks
• Updated Phishing Protection implementation, now on by default for new profiles
• Do datafromfield on each pluginsplit part
• Added bestbet management to the admin SOAP API
• Added SSL Allow Unsafe Renegotiation setting to allow unsafe SSL legacy renegotiation, optionally with warning (default). Allows older https servers (that do not support secure renegotiation) to be crawled with texis-8.01.1667348496 and later releases (which disabled legacy renegotiation by default). Note that support may be removed in a future release, as it is dependent on OpenSSL support. If possible, walked servers should be upgraded to support secure renegotiation (RFC 5746).

An earlier texisScripts-25.1.0 update provides the following (included with 25.2.0):

• Walks now shouldn't pick up Plugin Split parts in a Refresh walk
• Restoring a backup of an existing profile will now always replicate a full "addProfile" command, in case the profile doesn't exist on a replication target
• Replication Tools' "Send Profile Settings" now sends Best Bets too
• file:// crawls no longer print smbclienthead trace/debug messages for Verbosity > 2; must set Trace Settings smbdebuglevel > 0
• Test Fetch might not print the IP Address (or might print the incorrect one) for the host of the URL if it is in brackets (IPv6 address) or followed by a colon and port; fixed. Final URL IP Address was probably never printed; fixed. Test Fetch now mentions that Verbosity is set to 4, regardless of profile setting.
• Added File URL Get Owner Headers setting to get file:// URL owner and group SID and name headers (requires texis-8.01.1669072604 or later, to be released 1Q 2023)
• Fixed Table refs not found error when performing a Test Fetch with system default settings
• Schedule column in the Profile list now properly includes walks with custom Rewalk Types, no longer includes scheduled Query Log rotations
• Indexing a file server will no longer attempt to fetch '/robots.txt' for the host
• dataload now properly rejects empty URL insertions
• file:// URLs with query strings or anchors were causing errors when crawled; fixed
• Replication Status now shows if it starts a replication sender task

applianceman-25.2.0 updates the documenation.

texis-8.01.1673380933 provides the following:

• Support for new File URL Get Owner Headers setting on some platforms (Gen2, Gen3)

Note: All of these updates are currently only available for Gen3 (2013+) and later appliances, pending a future thunderstonePatch update for older appliances.

A new set of appliance updates are available: texisScripts-25.0.2, applianceman-25.0.2, texis-8.01.1667348496, thunderstonePatch-2.20.

texisScripts-25.02 provides these features and fixes:

• Admin accounts are now always listed in alphabetical order
• Creating a profile can give getDataspaceDir ... FOP_EDOMAIN error if a /data* mounted filesystem is smaller than 1GB total, and profile creation may prefer smaller such disks for dataspace too much; fixed
• Exponential notation could appear for some floating-point numbers greater than 10^6 (e.g. populating a Parametric Number field, Maximum Refresh Time); now only used if value is greater than 10^12, and 12 digits of precision instead of 6 are used
• Fixed DFS file server walks failing to start up in primer system
• Your IP: in System Information's Client section now properly take X-Forwarded-For into account
• <meta property> and <meta itemprop> tags now available in walks (e.g. for Data from Field)
• Last-Modified and Expires now obtained from <meta property> and <meta itemprop> if header, <meta name>, nor <meta http-equiv> available. Same for Keywords and Description, which additionally come from <meta property="og:..."> if not found elsewhere. Test Fetch now shows <meta property> and <meta itemprop> values.
• Fixed Search Timeout setting not affecting metasearch frontend's fetch timeout to backend targets
• Support Commands now receive additional context from the running system
• Modifying best bets on List/Edit URLs Details pages now uses the modern, undoable interface
• Fixed Test Fetch of http-post:// URLs not performing the actual POST http transfer
• Fixed replication when restoring a backup of profiles that already exist
• Best Bets are now included in Settings replication
• Removed ability to rename bestbet groups, necessary for best bet replication
• Added ability to create ACLs for Static Content and Client Certificates
• Added ability to create ACLs on admin-created directories inside Static Content
• Added highlighting to every other row in Profiles list
• Diskspace Viewer and Cleanup now properly support appliances with multiple dataspaces
• Fixed Test Fetch not applying the same link sanitization that walks would apply
• Test Fetch option Fixed font added, to print all values in fixed-font and preserving spaces. Wrap long lines now also does so in large values like Text
• Added Keep Selectors, Ignore Selectors to keep or ignore HTML elements' text via CSS selectors; defaults to ignoring <nav>, <header>, <footer> elements. Keep Tags renamed to Keep HTML Strings to clarify what it searches for (simple text strings).
• Keep HTML (Alt Text, <STRIKE>, <DEL>, <FORM>) settings removed; can now be accomplished with Ignore Selectors. Existing profiles with non-default values for these settings will have equivalent Ignore Selectors values added.
• File crawls now get File-Attributes header with Windows file attribute tokens
• Added best bets support to dataload API
• Send Profile Settings in Replication Tools now sends Best Bets along with profile settings

applianceman-25.0.2 updates the documentation.

texis-8.01.1667348496 provides these features:

• Fetches/crawls now use OpenSSL 3.0.7; fixes CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473 (these do not affect appliances' use of OpenSSL 3.x). Also fixes CVE-2022-3602 and CVE-2022-3786: neither affect appliances: while texis RPM packages from 2021-10-11 until this update use OpenSSL 3.x < 3.0.7 (affected by the CVEs), it is only used for crawls, and no remote certificates are validated during crawls.
• File types plugin (anytotx) now shows <meta http-equiv,property,itemprop> values (in addition to <meta name>) from HTML documents
• Formatted text from HTML containing <figure>, <svg>, <canvas>, <article>, <aside>, <figcaption>, <footer>, <header>, <main>, <marquee>, <nav>, <section>, <details>, <summary>, <command>, <ruby>, <audio>, <video>, <template>, <slot>, <spacer> tags may change whitespace, e.g. space to newline(s); re-walked unchanged pages may thus change hash and appear to be changed
• Some HTML formatter changes involving priority of <div>/<span>/<table>/<tr>/<td>/<th>/<tfoot>/<thead> (and some others like <optgroup>); could possibly affect whitespace in formatted text and thus change crawled pages' hashes
• <img alt="..."> text, and widget whitespace (e.g. double newline for <p>), were still being printed when they should be suppressed (e.g. inside <style>...</style>, ignoretextselectors/Ignore Elements matches, etc.); fixed. Single space is still printed, to maintain separation of potential bracketing non-suppressed words. Caveat: fetched pages' content (including whitespace) may change, and thus hashes when walking.
• Upgraded to exiftool version 12.47: gets JPEG comments for anytotx plugin

thunderstonePatch-2.20 provides some system updates, and is needed by texis-8.... RPMs.

Note: Some older updates (listed below) were released late; their functionality is also part of (or superceded by) the above updates. These include:

texis-8.01.1651095857, which provides the following (part of or superceded by the above texis update):

• Updated fetch lib to OpenSSL 1.1.1i to fix CVE-2020-1971
• Updated unrar to 6.0.3 for fixes
• ExifTool upgraded to 12.30
• Updated fetch lib (for crawls) to OpenSSL 1.1.1l to fix CVE-2021-3711 and CVE-2021-3712, neither of which affect Texis nor crawls
• Some robustness improvements to DNS lookups, especially under Windows
• With Best Bets enabled, a user query containing one or more consecutive dashes or plus signs with space or begin/end of query to both sides, might cause an ABEND; fixed. Workaround is to disable Best Bets, or pre-process the query to avoid such queries.
• Crawls/fetches now use OpenSSL 3.0.2; fixes CVE-2021-4044 (might cause SSL connects to fail; affects Texis versions from 2021-10-11 through this fix) and CVE-2022-0778 (possible infinite loop during cert checks; should not affect Webinator/Appliance generally as client certs not checked during crawls)
• Texis version 8.01 released:
  • IPv6 crawling support added (with texisScripts 24.0.1 or later)
  • Longer admin passwords supported, more secure hashing (on password create/change after this update). Reboot recommended (after stopping all walks) to ensure password table is updated to enable this feature.
• Under Linux, taskmonitor process can get stuck waiting for a child process that appears to be (from ps cmdline args) a copy of itself; fixed
• Fetching a page that redirects may cause an ABEND; fixed. Affects versions from 2020-09-28 and later, prior to this fix.

Note: During application of this update, the GUI might refresh to a Script not found or Vortex error page. If this happens, wait 30 seconds and re-load the page. The error should be transient and benign.

texisScripts-24.1.0, which provides the following (part of or superceded by the above texisScripts update):

• Fixed viewing performance log showing display name for token [dataFromField] not found
• Fixed URL deletions with Ignore Case=Y not matching in some scenarios
• Improved walk efficiency when indexing multiple servers in the same profile
• Fixed restoring backups of existing profiles with per-profile replication settings sometimes using wrong replication settings
• Fixed race condition where a replicated Finalize Walk that fails during initialization could have no pid set in its task list entry
• Fixed rare race condition on Walk Status when the status page starts rendering before a walk starts up, and the walk finishes before Walk Status finishes rendering
• Fixed replication of refreshed URLs that weren't modified not replicating their meta data correctly
• Clicking on a URL in List/Edit URLs results might have brought up an empty-URL item instead of the desired-URL item, if an empty-URL item existed (e.g. due to Dataload with empty URL); fixed
• Some long-running daemons (task monitor, Results Cache manager) now exit sooner when commanded to or change detected
• Now defaults to Off-Site Components=N in newly created profiles
• Fixed Show Authorization Info not clearly showing cached Authorization URL checks
• Fixed search XML output displaying an erroneous through of X summary box when displaying past the end of results
• Fixed restoring backups with profiles and thesauruses not getting assigned to the profiles properly
• Fixed replication sender possibly exiting just as items are added to the replication queue
• Improved behavior when search user is provided malform redirect URL that attempts to execute JavaScript
• No longer allows admins to turn off HTTPS server while using HTTPS to access the admin interface
• Login Verification URL can now be used with Forward Login Cookies Results Authorization type
• Deleting a profile now properly stops all tasks running in the profile first
• Admin interface will now check if custom search XSL Stylesheets are well formed, and will not save them if there are errors
• No longer misleadingly allows modifying Parametric Fields on metasearch profiles
• Requesting an admin page when not logged in will now redirect to that page after logging in when using HTTPS
• Detection of missing internal data version is now properly fixed
• Fixed incorrect merging of spelling suggestions in metasearch
• Improve reliability of automatic software updates
• Enhanced refresh algorithm to allow attempting duplicate URLs less often
• Admin Banner System-Wide Setting was not being shown on some admin pages
• Enhanced metasearch merging of spelling suggestions to provide more accurate suggestions
• Fixed Keep/Ignore Tags causing some unusual pages to leave html tags in their content
• Fixed archive log cleanup somtimes removing newer log files before older log files
• Updated JQueryUI to 1.13.1
• Fixed javascript dropin using customer site's jQuery with jQuery.noConflict() logging the error '$ is not a function'
• Version 24.0.1: Support for IPv6 crawling added (in conjunction with texis 8.01 or later RPM)
• Changing admin password was failing to change Webmin password and was giving exec command sudo returned exit code 1 error; fixed. Only affects scripts version 24.0.1 and earlier in combination with Texis version 8, so no appliances should be affected.

Note: All of these updates are currently only available for Gen3 (2013) and later appliances, pending a thunderstonePatch update for older appliances.

Updates can be found via the System -> System Setup -> Update Software menu item.

A new appliance update has been released: texisScripts-23.1.2. This update contains the following fixes:

• Fixed Backup not properly including an All Profiles ACE in some situations
• Changing Single Page, Page File, or Page URL settings no longer causes those URLs to be indexed immediately (without an explicit walk). These settings' URLs are now indexed only as part of a walk along with other settings like Base URL(s). A walk with Rewalk Type Singles Only can be used to immediately process singles settings' URLs.
• XSL Search now respects the Show Thunderstone Logo setting
• Fixed the same URL potentially appearing as a best bet multiple times when using Show when Best Bet keywords are contained in search query Best Bet Match Mode
• Fixed inconsietent page hashes when including enum parametric fields in Duplicate Check Fields
• Updated jQuery to 3.5.1
• Metasearch searches will no longer show the same Best Bet URL repeatedly from different backends producing the same Best Bet

This update is available via the System -> System Setup -> Check for Updates menu.