We are pleased to announce the release of Fess 14.19.2, a minor update that includes security and functionality improvements.
Key Updates in This Release:
Security Fix: Addressed CVE-2025-48382 by correcting insecure temporary file permissions used during certain operations. This improves the overall file system security of Fess.
Recursive File Crawling Control: Added depth control to recursive file list crawling to prevent unintended deep traversal and improve crawl performance. (#2878)
Cookie Handling Refactor: Refactored secure cookie logic using a centralized isSecureCookie() method for consistent and reliable handling. (#2880)
Release Info: GitHub Release Notes
Issues Addressed: Issue Tracker
Docker Image: Available on GitHub Packages
Documentation: Installation Guide | Admin Guide
If you have any questions or feedback, feel free to post here.
Thank you for your continued support and for being part of the Fess community!