Fess 15.6.1

We're pleased to announce the release of Fess 15.6.1.

This patch release adds HTTP proxy support for LLM clients, allowing deployments behind a corporate proxy to reach OpenAI, Ollama, Gemini, and other LLM endpoints without bespoke wiring. It also fixes a potential JavaScript escaping issue in the chat UI.

Improvements

AI Search Mode / RAG Chat

• LLM HTTP traffic now honors the workspace http.proxy.* settings, with optional Basic authentication, enabling AI Search Mode to work behind corporate proxies. Subclasses can override the proxy configuration per-client for finer-grained control. (#3128)

Bug Fixes

• Localized labels rendered inside the chat page JavaScript are now properly escaped via the new fe:escapeJs taglib function, preventing translations that contain quotes, backslashes, or control characters from breaking the chat initialization. (#3126)

---

We recommend upgrading to Fess 15.6.1 if you run AI Search Mode behind a corporate proxy or rely on heavily customized translations for the chat UI.

📜 Documentation
📦 Docker Image: GitHub Packages - codelibs/fess
💬 Community Forum: discuss.codelibs.org

Thank you for using Fess!

Fess 15.6.0

We're pleased to announce the release of Fess 15.6.0.

This release adds support for OpenSearch 3.6, introduces a new distributed coordination system for multi-instance deployments, modernizes password storage with BCrypt hashing, and ships a major AI Search Mode (RAG Chat) overhaul along with a new log-based notification channel.

Highlights

• OpenSearch 3.6 Support
  Fess is now compatible with OpenSearch 3.6, taking advantage of the latest engine improvements and security fixes. The bundled kopf plugin has also been updated to 15.6.0.

• Distributed Coordination for Multi-Instance Deployments
  New distributed coordination system enables safer operation when running multiple Fess instances against the same cluster, providing a foundation for cluster-aware scheduling and maintenance tasks.

• BCrypt Password Hashing
  Local user passwords are now stored using BCrypt (Spring Security {bcrypt} format) via the new PasswordHashHelper. Existing SHA-256/512/MD5 hashes continue to work for verification and are transparently re-hashed to BCrypt on the next successful login (app.password.upgrade.enabled=true by default). Note: downgrading to a pre-BCrypt Fess release will invalidate {bcrypt}-encoded passwords — plan an admin password reset if you need to roll back.

• AI Search Mode (RAG Chat) Overhaul
  The experimental AI feature is rebranded from "AI Chat" to AI Search Mode and gains a substantially expanded RAG pipeline: pluggable LLM provider architecture, configurable per-prompt parameters and prompts, OpenAI reasoning model support, Gemini 3 thinking budget, search-filter UI, Markdown rendering, smart summary mode with turn-based history packing, query-regeneration fallback, source navigation via go URLs, and structured error codes surfaced in the UI.

• Log-Based Notifications
  ERROR / WARN log events can now be forwarded to Slack, Google Chat, or email, making it easier to wire Fess into existing operational alerting workflows.

Improvements

• AI Search Mode / RAG Chat

  • Extracted provider-specific clients into a plugin architecture (#3048)
  • Per-prompt-type parameter config and extra-params support (#3049)
  • Configurable RAG / chat prompts and simplified search-result flow (#3089)
  • RAG LLM provider selection in admin General settings (#3054)
  • Per-provider configurable max tokens and OpenAI reasoning model support (#3047)
  • Gemini thinking-budget support and streaming-parser fix for Gemini 3 (#3046)
  • Switch max_tokens → max_completion_tokens for newer OpenAI models (#3044)
  • Smart summary mode and turn-based conversation history packing (#3084)
  • Query-regeneration fallback for RAG search (#3083)
  • Granular error messages and structured LlmException error codes (#3082, #3050)
  • Markdown rendering for RAG chat messages (#3075)
  • go URL generation for RAG chat source navigation (#3067)
  • Search filter support and dropdown filter UI in RAG chat (#3063, #3068)
  • Custom highlight tags and improved evaluation content processing (#3055)
  • Configurable assistant message content for conversation history (#3052)
  • LLM access-type tracking in search log (#3071)
  • Configurable LLM log level in admin General settings (#3064)
  • Concise multilingual taglines for chat welcome title (#3051)
  • AI chat busy / error page and UI polish (#3043)
  • Improved rate-limit message and dedup of error handling (#3062)
  • Handle empty content with length finish reason for reasoning models (#3061)
  • Final SSE chunk content is now flushed instead of dropped (#3096)

• Security Hardening

  • Prevent prompt injection in RAG document context (#3065)
  • Prevent path traversal and symlink attacks in IndexExportJob (#3080)
  • Mask sensitive tokens in EntraIdAuthenticator debug logs (#3077)
  • Mask Authorization header value in SPNEGO error messages (#3078)
  • Tighten DANGEROUS_QUERY_PATTERN to only block *:* queries (#3059)
  • Additional security and concurrency hardening for RAG chat / LLM (#3058, #3060)
  • Update commons-fileupload API and improve IOException handling (#3079)
  • ACCESS_DENIED activity log on admin role-check failure (#3088)
  • Configurable audit log max length with corrected truncation order (#3098)

• Administration & Configuration

  • Expose all system.properties settings in the admin General screen (#3091)
  • Add config-index rebuild action to the maintenance page (#3097)
  • Surface previously missing SSO settings in the General admin page (#3110)
  • Split admin Notification section into Notice and Notify (#3092)
  • Add duplicate action for crawl configurations (#3104)
  • Improved validation messages and custom-field support on the search list page (#3102)
  • Null-safe handling for optional form fields in General settings (#3095)

• Logging & Observability

  • Automatic purging of click logs and favorite logs (#3112)
  • Differentiate log levels by HTTP status in SearchEngineApiManager (#3094)
  • Suppress WARN log noise for client errors in JSON API responses (#3100)
  • Enhanced RAG / LLM debug logging with consistent prefixes and levels (#3070, #3073)
  • Downgrade chat / LLM availability-check logs from DEBUG to TRACE (#3086)
  • Downgrade LLM lifecycle logs from INFO to DEBUG (#3119)
  • Include exception message in CPU stats warning log (#3108)
  • Register custom Log4j2 plugins via annotation processor (#3117)
  • Remove deprecated packages attribute from log4j2 config (#3121)
  • Add EcsLayout to LlmFile appender for Docker JSON logging (#3120)

• Crawler & Indexing

  • Use SitemapsRule for sitemap content validation (#3105)
  • Correct analyzer filters and dynamic-template names in index mappings (#3076)
  • Fallback URL resolution for relative paths with special characters (#3056)
  • Replace URI with URL in XpathTransformer and ProtocolHelper (#3066)
  • RankFusionProcessor boundary bug fixes and robustness improvements (#3106)

• API & Search

  • Return job log ID from the scheduler start API (#3103)
  • Robust handling of invalid Base64 in similarDocHash decoding (#3107)
  • Add ACCESS_DENIED audit signal on admin failures (#3088)

• Platform & Build

  • Upgrade Servlet API from 6.0 to 6.1 (#3090)
  • Complete migration of remaining javax references to jakarta namespace (#3109)
  • Improve translation quality and consistency across all languages (#3087)
  • Bump fess-parent to 15.6.0 (#3115)
  • Add compiled-script caching to GroovyEngine and improve DocBoostMatcher error handling (#3074)
  • Remove jakarta.activation, add oauth2-oidc-sdk dependency (#3081)

Bug Fixes

• Final SSE chunk no longer dropped in chat responses (#3096)
• Audit log truncation order corrected (#3098)
• Crawler URL escaping for relative paths with special characters (#3056)
• RankFusionProcessor boundary handling fixes (#3106)
• Null-safe handling for optional General-settings form fields (#3095)
• similarDocHash no longer throws on malformed Base64 input (#3107)

---

We recommend upgrading to Fess 15.6.0 to take advantage of OpenSearch 3.6 support, modernized password security, multi-instance coordination, and the substantially improved AI Search Mode.

Documentation
Docker Image: GitHub Packages - codelibs/fess
Community Forum: discuss.codelibs.org

Thank you for using Fess!

Fess 15.5.1

We're pleased to announce the release of Fess 15.5.1.

This release focuses on significant improvements to the AI Search Mode, introducing an abstracted LLM client layer, expanded model support, and enhanced configurability for both OpenAI and Gemini providers.

🔧 Improvements

AI Search Mode

• Introduced an abstracted LLM client layer with configurable system/user prompts, locale-aware responses, and unified context handling across providers
• Added per-provider configurable max tokens setting and support for OpenAI reasoning models (o-series)
• Added Gemini thinking budget support and updated the streaming response parser for compatibility with Gemini 3
• Fixed token parameter handling to use max_completion_tokens for newer OpenAI models, ensuring correct behavior with the latest API specifications

---

We recommend upgrading to Fess 15.5.1 to take advantage of the improved AI Search Mode with broader model support and enhanced configurability.

📜 Documentation
📦 Docker Image: GitHub Packages - codelibs/fess
💬 Community Forum: discuss.codelibs.org

Thank you for using Fess!

Fess 15.5.0

We're pleased to announce the release of Fess 15.5.0.

This release introduces an experimental AI Search Mode with OpenAI and Gemini support, a new Index Export Job for generating HTML files from search documents, CPU load-based request throttling, and a comprehensive set of security hardening improvements.

🚀 Highlights

• AI Search Mode (Experimental)
  New AI-powered search mode that combines large language models with Fess search. Users can interact with indexed content through a conversational interface, getting intelligent answers grounded in your search index. Supports both OpenAI and Google Gemini as LLM providers. This feature is experimental and disabled by default.

• Index Export Job
  New job to export search documents as HTML files, with a strategy pattern architecture supporting extensible export formats.

• CPU Load-based Request Control
  Automatic request throttling based on server CPU load, returning HTTP 429 responses when the system is under heavy load to protect availability.

🔧 Improvements

• AI Search Mode

  • Replaced keyword-based search with Lucene query generation for more accurate results
  • Improved UI with Atlassian Design System patterns
  • Added search progress messages for better user feedback
  • Added periodic availability checking for LLM clients
  • Migrated LLM HTTP client from OkHttp to Apache HttpClient 5 for improved reliability

• Security Enhancements

  • Added password policy validation for user creation and password changes
  • Prevented path traversal vulnerabilities in admin log download, design file upload, and JSP editing
  • Prevented LDAP injection in principal and filter construction
  • Enabled Kryo registration requirement to prevent remote code execution
  • Upgraded SAML default signature algorithm from SHA-1 to SHA-256
  • Used atomic file operations to prevent TOCTOU race conditions
  • Cleared plaintext passwords from memory after use
  • Added deprecation warnings for weak cryptographic algorithms
  • Masked sensitive values in environment variables and system properties logging
  • Reduced sensitive information in SAML logout warning logs
  • Added script execution audit logging

• Crawling & Indexing

  • Added configurable MIME type extension overrides
  • Deduplicated anchor URLs in crawler transformer
  • Fixed MIME type regex pattern escaping for special characters
  • Applied configured default exclude patterns in web crawler wizard

• Administration & Configuration

  • Improved admin error messages with contextual details
  • Migrated web authentication to WebAuthenticationConfig API
  • Expanded file path validation to support multiple allowed directories
  • Unified "algorism" terminology to "algorithm" across the codebase

🐛 Bug Fixes

• Fixed file path validation in admin to support multiple allowed directories

---

We recommend upgrading to Fess 15.5.0 to take advantage of enhanced security, improved system reliability, and the new experimental AI Search Mode.

📜 Documentation
📦 Docker Image: GitHub Packages - codelibs/fess
💬 Community Forum: discuss.codelibs.org

Thank you for using Fess!

Fess 15.4.0

We're pleased to announce the release of Fess 15.4.0.

This release brings support for OpenSearch 3.4, major new features for cloud storage integration, enhanced security, and numerous improvements across the platform.

🚀 Highlights

• OpenSearch 3.4 Support
  Fess is now compatible with OpenSearch 3.4, enabling use of the latest OpenSearch features and performance improvements.

• Cloud Storage Crawling (S3 & GCS)
  Added S3 and GCS protocol support for file crawling, allowing you to index documents directly from Amazon S3 and Google Cloud Storage buckets.

• Storage Abstraction Layer
  New storage abstraction layer with S3 and GCS support, providing flexible storage options for thumbnails and other generated files.

• API Rate Limiting
  Added configurable rate limiting for API requests to protect your Fess instance from excessive load.

• New Language Support
  Added support for Hindi, Indonesian, and Turkish languages.

🔧 Improvements

• Security Enhancements

  • Prevented ReDoS vulnerabilities and improved cookie security
  • Enhanced SSO implementations with security improvements
  • Improved Action classes with security enhancements

• SSO & Authentication

  • Renamed Azure AD to Microsoft Entra ID
  • Added configurable base URL for SSO authenticators
  • Added lazy loading for parent group lookup in EntraIdAuthenticator
  • Improved LDAP authentication error handling and resource management

• Thumbnail Generation

  • Improved thumbnail generation with ImageMagick v7 support and SVG handling

• Network

  • Added IPv6 address support for URL construction
  • Added proxy configuration support to startup scripts

• Code Quality

  • Improved thread safety in ProcessHelper and rank fusion implementation
  • Enhanced data store handling with thread safety and resource management
  • Improved exception handling and Throwable support
  • Modernized JavaScript implementations with ES5 compatibility
  • Added multilingual support to online help

• Developer Experience

  • Improved log message format and added logging guidelines
  • Added integration tests for Search API endpoints

---

We recommend upgrading to Fess 15.4.0 to take advantage of the latest OpenSearch support, cloud storage integration, and enhanced security features.

📜 Documentation
📦 Docker Image: GitHub Packages - codelibs/fess
💬 Community Forum: discuss.codelibs.org

Thank you for using Fess!

Fess 15.3.2

We’re releasing Fess 15.3.2, a minor update that resolves an HTML parsing issue caused by a library bug.

🛠 Fixes

• HTML Parsing Fix
  Fixed an issue where certain HTML documents could not be parsed correctly during crawling.
  This was addressed by updating and patching the nekohtml library to restore expected behavior.

---

We recommend updating to Fess 15.3.2 if you encountered issues with HTML parsing during crawl operations.

📜 Documentation
📦 Docker Image: GitHub Packages - codelibs/fess
💬 Community Forum: discuss.codelibs.org

Thank you for using Fess!

Fess 15.3.1

We’re releasing Fess 15.3.1, a patch update that includes a critical fix for differential crawling and updates to the latest OpenSearch dependencies.

🛠 Fixes and Improvements

• Fixed Differential Crawling Issue
  Renamed internal configuration files from "Elasticsearch" to "OpenSearch" to resolve an issue where differential crawling was not working as expected.
  (#2927)

• Updated OpenSearch Dependencies
  Updated OpenSearch and related plugins to their latest versions to ensure compatibility and improved performance.
  (#2928)

---

We recommend all users upgrade to Fess 15.3.1, especially if you rely on differential crawling or are using the latest version of OpenSearch.

📜 Documentation
📦 Docker Image: GitHub Packages - codelibs/fess
💬 Community Forum: discuss.codelibs.org

Thank you for using Fess!

Fess 15.3.0

We’re pleased to announce the release of Fess 15.3.0.

This release adds support for OpenSearch 3.3 and updates several core dependencies to improve compatibility with modern environments.

🚀 Highlights

• OpenSearch 3.3 Support
  Fess is now compatible with OpenSearch 3.3, enabling use of the latest OpenSearch features and performance improvements.

• Dependency Updates

  • Updated jcifs to a newer version for better SMB/CIFS protocol support in modern Java environments
  • Updated nekohtml and related libraries to improve HTML parsing stability and compatibility

These updates enhance system stability, security, and compatibility across different platforms and runtime environments.

---

We recommend upgrading to Fess 15.3.0 to take advantage of the latest OpenSearch support and improved dependency compatibility.

📜 Documentation
📦 Docker Image: GitHub Packages - codelibs/fess
💬 Community Forum: discuss.codelibs.org

Thank you for using Fess!

Fess 15.2.0

We’re pleased to announce the release of Fess 15.2.0.

This version adds compatibility with OpenSearch 3.2 and includes an update to the Azure AD authentication integration.

🚀 Highlights

• OpenSearch 3.2 Support
  Fess is now compatible with OpenSearch 3.2, ensuring smooth integration with the latest OpenSearch features and enhancements.

• Azure AD Authentication Update
  Migrated from the deprecated ADAL4J to MSAL4J for Azure Active Directory authentication.
  This update improves security, maintainability, and ensures continued support with Microsoft's modern authentication standards.

---

We recommend upgrading to Fess 15.2.0 if you're using Azure AD integration or planning to adopt OpenSearch 3.2.

📜 Documentation
📦 Docker Image: GitHub Packages - codelibs/fess
💬 Community Forum: discuss.codelibs.org

Thank you for using Fess!

Fess 15.1.0

We’re pleased to announce the release of Fess 15.1.0. This version adds support for OpenSearch 3.1 and includes several improvements in SSO handling, thumbnail processing, and crawling control.

🚀 Highlights

• OpenSearch 3.1 Support
  Fess is now compatible with OpenSearch 3.1, ensuring seamless integration with the latest APIs.
  (#2893)

🔧 Notable Improvements

• SSO Enhancements

  • Preserved and restored search parameters via cookies during SSO flow. (#2895)
  • Encoded search parameters in SSO redirect URLs. (#2900)
  • Refactored redirect logic in SsoAction and improved debug logging. (#2896)
  • Added null checks for IdP Single Logout Service URL. (#2909)

• Thumbnail Generation

  • Improved error handling and logging during thumbnail generation. (#2899, #2908)

• Crawling Control

  • Added support for excluding URLs from crawling using regular expressions. (#2906)
  • Updated URL exclusion logic to use full-pattern matching. (#2907)

• UI and Localization

  • Clarified label translations and added new localization files. (#2897)
  • Refined UI labels for improved consistency and clarity. (#2892)

---

We recommend upgrading to Fess 15.1.0 to benefit from the improved integration with OpenSearch 3.1 and the latest enhancements in crawling and authentication.

Thank you for using Fess!