Qlik Show-hide (qlik-show-hide-container) and Tabbed container (qlik-tabbed-container) from the Qlik Bundled extensions are missing from custom objects in the hub since any Qlik Sense Enterprise on Windows February 2020 and later releases. They are still visible in the Qlik Sense Management Console (QMC).

Environment

• Qlik Sense Enterprise on Windows February 2020 and later

Resolution

This is expected. Those 2 extensions have been deprecated since June 2019 and can no longer be created as new object types.

Existing objects will continue to work.

We recommend using the standard container object instead. See Container 

Executive Summary 

In December 2025, the Apache Project announced a vulnerability in Apache Tika (CVE-2025-66516) and provided patches to resolve the issue. Qlik has been reviewing our usage of the Apache Tika product suite and has identified a limited impact as follows.

Affected Software 

Apache Tika is used in several Qlik products. However, the vulnerability is only relevant to the case of a Talend Studio route that uses Apache Tika to parse PDFs.

No other use case or product is impacted by the vulnerability. Qlik Cloud and Talend Cloud are not impacted by this vulnerability.

Nevertheless, we are patching all our products that contain Apache Tika out of an abundance of caution. Be on the lookout for a series of product patches for supported and affected versions.

Resolution 

Recommendation 

The releases listed in the table below contain the updated version of Apache Tika, which addresses CVE-2025-66516.

Always update to the latest version. Before you upgrade, check if a more recent release is available.

Customers with a Qlik Cloud Analytics license cannot create or edit data spaces.

When creating a space, only the options for managed or shared spaces are available:

Resolution

Data Spaces are part of the Qlik Talend Data Integration offering.

Despite the name, “data spaces” are not meant to store Qlik Cloud Analytics data. Qlik Cloud Analytics customers should store their datasets in managed and shared spaces.

To address early misunderstandings and assist customers who had originally stored their datasets there, Qlik has decided to allow analytics customers to keep using data spaces with the following workaround.

IMPORTANT

• The decision to allow this workaround might be reverted at any time, preceded by a timely communication.
• Analytics-only customers who never made use of data spaces should refrain from starting now.
• Analytics-only customers who are already working with data spaces should consider planning to move away from them, migrating their datasets and connections and should not start implementing new workflows involving data spaces.
• Additional Qlik Talend Data Integration-only features, like the possibility to work with pipelines or the Qlik Data Movement Gateway, are not available to Analytics-only customers.

To create and edit spaces:

1. Open the Qlik Cloud main menu
2. Go to Data Integration 
   
   
   
   
3. Open Projects 
   
   You can edit existing datasets or create new data spaces from the Projects Activity Center.
   
   
   
   

Environment

• Qlik Cloud Analytics

For Talend Administration Center configured with Nexus, when attempting to migrate Sonatype Nexus Repository Manager OSS (versions prior to 3.77.0) from the embedded OrientDB database to an external PostgreSQL database, the Database Migrator utility may encounter the following error:

Resolution

To successfully migrate from OrientDB to PostgreSQL, follow the below migration paths recommended by Sonatype:

Migrating from OrientDB to H2 database (temporary step)

Use the Database Migrator utility to move your data from OrientDB into the embedded H2 database.

Documentation: Migrating from OrientDB to H2 database

Upgrade to Nexus Repository Community Edition (≥ 3.77.0)

PostgreSQL support is available only in Community Edition starting with version 3.77.0.

Documentation: Community Edition Onboarding

Migrating from H2 database to PostgreSQL database

Once upgraded, use the Database Migrator utility again to move from H2 into PostgreSQL.

Documentation: Migrating from H2 database to PostgreSQL database

Important Notes:

• Migration is one‑way: once you move to PostgreSQL, you cannot revert back to OrientDB.
• Ensure you have backups before starting any migration.
• The migration process is managed by Sonatype’s Database Migrator utility and Qlik does not maintain or support this tool.

For issues with the migrator or Nexus Repository itself, contact Sonatype Support directly.

Cause

Nexus Repository OSS  (3.70.4-02) does not support migration directly from OrientDB to PostgreSQL.

PostgreSQL support was introduced in the Community Edition starting with version 3.77.0.

Attempting to run the Database Migrator against OSS versions 3.70.4-02 results in the WrongNxrmEditionException.

Related Content

migrating-to-a-new-database | help.sonatype.com

Environment

Talend Administration Center 

The scenario: A Qlik Sense Enterprise on Windows environment is set up to use Azure SAML (AD FS) for authentication.

On the Azure side, the Token Signing Certificate embedded as the X509Certificate in the SAML IdP metadata within the Qlik virtual proxy configuration expired several weeks ago. A new certificate has not yet been issued.

It is still possible to log in to Qlik Sense Enterprise on Windows. 

This behavior may raise the questions of:

• Is this a security concern?
• How long will the expired certificate last?
   

Resolution

In SAML, the IdP (Azure AD/AD FS) signs the assertion with its private key, and Qlik Sense validates it using the public key embedded in the IdP metadata (the X509Certificate).

The expiry date in the certificate is not actively checked by Qlik Sense during assertion validation.

Qlik only verifies that the signature matches the public key it has stored. So even if the certificate is expired, as long as the key pair hasn’t changed and the signature is valid, authentication succeeds. This is a common behavior and not specific to Qlik Sense.

Is this a security concern?

It is not considered a security issue. The expiry matters for trust and compliance, not for the cryptographic check Qlik performs. 

When will the expiry become relevant?

• Azure rotates the signing certificate (such as after expiry or manual rollover). If you haven’t updated Qlik virtual proxy metadata with the new certificate, logins will fail because Qlik can’t validate the signature.
• If your organization enforces certificate validity checks at the proxy or via custom code (rare in standard Qlik deployments).

Do we need to update the certificate?

Even though Qlik doesn’t break immediately, we recommend updating the IdP metadata in Qlik Sense as soon as Azure issues a new signing certificate. This ensures future-proofing and compliance.

Environment

• Qlik Sense Enterprise on Windows

While creating a metadata connection to Salesforce in Talend Studio, the connection test fails with the following error message:

"SOAP API login() is disabled by default in this org.
                  exceptionCode='INVALID_OPERATION'"

INVALID_OPERATION

Resolution

To resolve this issue, a Salesforce administrator must explicitly enable SOAP API login access in the org before it can be used. 

Even when enabled, login() remains unavailable in API version 65.0 and later.

Cause

This error occurs when Talend Studio attempts to authenticate with Salesforce using the SOAP API, but SOAP-based login access is disabled at the Salesforce organization level. As a result, Talend is unable to establish the metadata connection and retrieve Salesforce objects.

The issue is typically related to Salesforce security or API access settings, such as disabled SOAP API access.

Related Content

SOAP API login() Call is Disabled by Default in New Orgs | help.salesforce.com

Environment

Talend Studio 

After upgrading from Windows 10 to Windows 11, or applying certain patches to Windows Server 2016, Qlik Replicate may not load in the browser.

The following error is displayed:

ERR_SSL_KEY_USAGE_INCOMPATIBLE

Data Integration Products November 2021.11 or lower require a manual generation of SSL certificates for use. See Step 5 (options one and two) in the solution provided below.

Environment

Qlik Replicate 2022.11 (may happen with other versions)
Qlik Compose 2022.5 (may happen with other versions)
Qlik Enterprise Manager 2022.11 (may happen with other versions)
Use of the self-signed SSL certificate
Windows 11
Windows server 2016

Resolution

This issue has to do with the self-signed SSL certificate. Deleting the existing one and allowing Qlik Replicate/Compose/Enterprise Manager to regenerate them resolves the issue.

1. Stop the services for all affected software. Example: AttunityReplicateUIConsole, Qlik Compose or Qlik Enterprise Manager.
2. (This step only applies to Qlik Replicate) Rename the data folder under the SSL folder (\Program Files\Attunity\Replicate\data\ssl\data)
3. Delete self-signed certificates in the management console
   1. Open a command prompt and enter MMC to open the console (on Windows Server, open "Manage computer certificates")
   2. Click the File drop-down menu and select Add/Remove snap-in
      

      
      

   3. Select Certificates and click Add
      

      
      

   4. Select Computer account. Click Next, then click Finish.
      
      

      

   5. Click OK to close the Add or Remove Snap-ins window
   6. Open Certificates and navigate to Local Computer, then Personal, then Certificates
      
      

      

   7. In the list of certificates shown, select the certificates where the "Issued To" value and the "Issued By" value equal your computer name and delete them.
   8. Close the Management Console.
      
      
4. Next we will remove the reference to the self-signed certificate in Qlik Replicate:
   
   
   1. Open a command prompt As Administrator
      
      For Qlik Replicate:
      
      Navigate to the ..\Attunity\Replicate\bin directory and then run the following command:
      
      RepUiCtl.exe certificate clean
      

      
      
      
      For Qlik Compose:

      Navigate to the ..\Qlik\Compose\bin directory and then run the following command:
      
      ComposeCtl.exe certificate clean
      
      

      For Qlik Enterprise Manager:

      Navigate to the ..\Attunity\Enterprise Manager\bin directory and then run the following command:
      
      aemctl.exe certificate clean
      
      
   2. Run the command: netsh http delete sslcert ipport=0.0.0.0:443
      
      Note, that you may get a message that the command failed in the event there are no certificates bound to the port. This message can be ignored.
      
      
5. Add either a self-signed Certificate or a trusted and signed Organization Certificate.
   
   Option One: Trusted and Signed Certificate. Generate an organization certificate that must be a correctly configured SSL PFX file containing both the private key and the certificate.
   
   Option Two: Self-Signed Certificate. Generate a self-signed certificate on the server to replace the existing self-signed certificate. The provided PowerShell examples generate an SSL certificate for 10 years.
   
   Run the following in PowerShell:
   
   $cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname <FQDN> -NotAfter (Get-Date).AddYears(10)
   
   
6. Once the certificates have been obtained or generated, follow the instructions for the individual product section on how to import a certificate:
   
   
   • Qlik Enterprise Manager: Replacing the self-signed certificate on Windows 
   • Qlik Replicate: Setting Up Qlik Replicate Server HTTPS support 
   • Qlik Compose: Replacing the self-signed certificate on Windows 
     
     
7. Start the services.
8. You may need to clear browser cache/cookies & etc. before you can access the web page outside of incognito mode.

Qlik Replicate will now allow you to open the user interface once again.

If users still cannot log in and are returned to the log in prompt at each attempt, see How to change the Qlik Replicate URL on a Windows host.

It is recommended to use your organization certificates  

Related Content:

How to change the Qlik Replicate URL on a Windows host 

Google Chrome Community

Microsoft Answers

Long term offline capability for the releases April 2020 and onwards requires a change to the license (addition of a further attribute), which can only be added after a special approval from the Customer Success Organization.

See below for how to submit the request for approval and proceed. 

1. Contact the Qlik Support team using Chat or the Qlik Support Portal.
2. You will need to sign an offline addendum and share the signed addendum with Qlik Support. Choose between one of the two addenda attached to this article; one for banking and one for non-banking customers. 
3. Provide the License key that needs to be offline enabled, as well as the current Product version details, and the reason why the connection to Qlik's license back end (LBE) cannot be established.
4. Request the support team to update the temporary offline feature (Delayed sync) and activate the product via an SLD key first, providing temporary offline access until the permanent offline feature is enabled. Review: How to activate Qlik Sense, QlikView, and Qlik NPrinting without Internet Access
5. Once the license is processed and fulfilled for permanent offline activation, here is how the license activation process for long-term offline is done:
   • Long term offline use for Qlik Sense and QlikView Signed Licenses
   • Long term offline use for Qlik NPrinting Signed Licenses
   • Long term offline use for Qlik Catalog

As part of the agreement for granting a customer offline license usage, the customer is required to regularly upload User Assignment log files. See Offline User Assignment logs.

This process is not required for OEM customers; OEM customers can contact support directly through chat or by creating a case using the Support portal to have the offline parameters enabled.

Related Content 

Activate Qlik Products without Internet access - April 2020 and onwards
Long term offline use for Qlik Sense Signed Licenses
How to send User Assignment log files to Qlik? (Long term offline license activation) 

Changing the IP address of the Qlik Sense host does not require as much consideration as changing the host name. Some external components might need to be taken into account though. 

Using an IP address as the hostname while installing Sense is not recommended and can lead to problems with service communication. Refer to While accessing Hub receive error "The service did not respond or could not process the request" .

Environment: 

Resolution:

Things to consider:

• In the PostgreSQL database, an listening_addresses might have been set up during the installation. See PostgreSQL: postgres.conf and pg_hba.conf explained for details. 
• Outside configuration steps might need to be taken, such as updating DNS records or firewall rules.
• SAP connector considerations: Ensure that the SAP server is contactable by the new Sense server IP address and the SAP server allows connections from the new Sense IP address.
• Other outside connectors may also operate based on IP allowlist.

Related content:

• How to identify end user Client Browser, OS, Device and IP address in Qlik Sense

• Qlik Sense: Change hostname (and certificates) after an installation

A Qlik Replicate task may fail or encounter a warning caused by Data Inconsistencies when using Oracle as a source.

Example Warning:

]W:  Invalid timestamp value '0000-00-00 00:00:00.000000000' in table 'TABLE NAME' column 'COLUMN NAME'. The value will be set to default '1753-01-01 00:00:00.000000000'  (ar_odbc_stmt.c:457)
]W:  Invalid timestamp value '0000-00-00 00:00:00.000000000' in table 'CTABLE NAME' column 'COLUMN NAME'. The value will be set to default '1753-01-01 00:00:00.000000000'  (ar_odbc_stmt.c:457)

Example Error:

]E: Failed (retcode -1) to execute statement: 'COPY INTO "********"."********" FROM @"SFAAP"."********"."ATTREP_IS_SFAAP_0bb05b1d_456c_44e3_8e29_c5b00018399a"/11/ files=('LOAD00000001.csv.gz')' [1022502] (ar_odbc_stmt.c:4888) 00023950: 2021-08-31T18:04:23 [TARGET_LOAD ]E: RetCode: SQL_ERROR SqlState: 22007 NativeError: 100035 Message: Timestamp '0000-00-00 00:00:00' is not recognized File '11/LOAD00000001.csv.gz', line 1, character 181 Row 1, column "********"["MAIL_DATE_DROP_DATE":15] If you would like to continue loading when an error is encountered, use other values such as 'SKIP_FILE' or 'CONTINUE' for the ON_ERROR option. For more information on loading options, please run 'info loading_data' in a SQL client. [1022502] (ar_odbc_stmt.c:4895)

Resolution

The bindDateAsBinary attribute must be removed or set on both endpoints. 

Cause

The parameter bindDateAsBinary means the date column is captured in binary format instead of date format.

If bindDateAsBinary is not configured on both tasks, the logstream staging and replication task may not parse the record in the same way.

Environment

• Qlik Replicate

Environment

• Qlik Sense Desktop, June 2020
• Qlik Sense Business 
• Qlik Sense Enterprise SaaS 

The Data Load Editor in Qlik Sense Enterprise on Windows 2025 experiences noticeable performance issues.

Resolution

Fix Version

Qlik Sense May 2025 SR 6 and higher releases.

Workaround

A workaround is available. It is viable as long as the Qlik SAP Connector is not in use.

1. In a Windows file browser, navigate to C:\Program Files\Common Files\Qlik\Custom Data\
2. Move the QvSapConnectorPackage directory to a different location

No service restart is required.

Internal Investigation ID(s) 

SUPPORT-6006

Environment

• Qlik Sense Enterprise on Windows

Unloading data from a specific SAP Extractor may fail with the error:

[sourceunload ] [VERBOSE] [] Retrieved new data from Extractor 'ZDSGDZ037', Job 'GCDEX67T70NNYN27EH6U4AJ6BRTI4L' row '38932'
[sourceunload ] [VERBOSE] [] Failed to convert value at row 38933 for column 'DATE_FROM' of type 'DATS' value = '~{AQAAALKr+HRru6Zm/c2sIw6hKyA=}~'
[sourceunload ] [VERBOSE] [] value 'JAPAN' replaced by the invalid date placeholder '1970-01-01'
[sourceunload ] [VERBOSE] [] Retrieved new data from Extractor 'ZDSGDZ037', Job 'GCDEX67T70NNYN27EH6U4AJ6BRTI4L' row '38933'
[sourceunload ] [TRACE ] [] Removing existing extraction job for 'ZDSGDZ037' while aborting load data
[sourceunload ] [ERROR ] [] An error occurred unloading dataset: .ZDSGDZ037

Resolution

The issue has been resolved by addressing the problematic field in the SAP extractor ZDSGDZ037.

The DATE_FROM field has a short description of “Valid-from date – in current release only 00010101 possible”, and it was determined that this specific SAP date format is not supported by Qlik Replicate.

Change it to a valid value or exclude the DATE_FROM field if it's not necessary.

Cause

A data issue in the SAP extractor caused the failure.

Up to row 38932, all values were processed normally. The failure started at row 38933, where the following field could not be parsed as a valid SAP date:

• Column: DATE_FROM
• Type: DATS
• Value: ~{AQAAALKr+HRru6Zm/c2sIw6hKyA=}~

Qlik Replicate attempted to replace the invalid value with the fallback placeholder 1970-01-01, but failed to when the system produced a ClassCastException. This was caused by the program expecting the value to be a String, but instead receiving a LocalDate object.

The logs show the replaced value "JAPAN" being interpreted as an invalid date, which further confirms that the field contains non-date strings inside a DATS-type SAP field.

This indicates a data format inconsistency in the SAP source extractor, where a date field is populated with non-date content.

Environment

• Qlik Replicate

Changing the system time to a future date while a LogStream task is running leads to task errors.

Example errors:

Staging task

[TASK_MANAGER ]I: Task 'staging task' running CDC only in fresh start mode
[TARGET_APPLY ]I: Timeline is 20251211134943253089
[TARGET_LOAD ]I: Timeline is 20251231100205831444

Replication task

[TASK_MANAGER ]I: Task 'replication task' running full load and CDC in fresh start mode
[STREAM_COMPONEN ]I: Timeline is 20251212174220223963 (ar_cdc_channel.c:552)
[SERVER ]I: The process stopped (server.c:2589)

[TASK_MANAGER ]W: Task 'replication task' encountered a recoverable error
[SERVER ]I: Stop server request received internally

Resolution

The creation of LogStream data with a future date is caused by manual intervention. This scenario is outside the scope of Qlik Replicate’s intended test scenarios and is not covered under support.

The best action would be to reload the parent staging tasks and reload the child replication task.

Cause

After the system time was changed to a future date and the task was executed, a future-dated directory was created. When the system time was restored and the task was reloaded, the future-dated directory remained and appeared to have caused the replication task error.

Environment

• Qlik Replicate

A Qlik Replicate tasks fail with the error:

Alternate backup file XXX does not exist

Resolution

This is frequently caused by the Qlik Replicate server and one of its endpoints being on a different timezone than the backup logs are being written in.

Example:

The SQL Server and Qlik Replicate server are on PST hours, while the rebuic backup logs are logged using UTC. This leads to backup errors. 

Align the backup file time zone to resolve the error.

Environment

• Qlik Replicate

Qlik allows you to automatically make multiple selections when opening an app sheet. This is configured in the Sheet Properties using an Action: 

1. Open the Sheet you want to configure with an action
2. Click Edit Sheet to enter edit mode
3. Click Properties
4. Expand Actions and click Add action
    

   If Properties does not show the Actions tab, but instead lists Chart suggestions and other data display options, deselect the currently selected chart.

5. Click the drop-down arrow and choose Select values in a field
   
   
   
6. In the Field input, either search for or select the field from the drop-down
   
   
   
   
7. In the Value input, enter the values you want to select, separating them with semicolons (example: A;B or value1,value2)  
   
   
   
   
8. Exit the Edit Sheet mode; this saves your changes

The defined selections will now apply whenever the sheet is opened. 

Environment

• Qlik Sense Enterprise on Windows
• Qlik Cloud

When using "Header authentication" method, after upgrading to latest Qlik Sense Enterprise versions or latest patch, you may encouter error like "400 bad request Invalid header in the request".

From the image above, notice that the request header is “X-Qlik-User-hdr = Domain\administrator" (in this example). Meaning that, in Qlik Sense virtual proxy settings, the "header authentication header name” was set to “X-Qlik-User-hdr".

Resolution

This is working as designed  (WAD).

R&D confirmed that, there was a security fix made back in August-September 2023, which disallow header authentication using header names that include "X-Qlik-User" in "header authentication header name".

Thus, if the "Header Authentication" setting was working before the upgrade and then the error "400 bad request Invalid header in the request" occurs after upgrading to latest version of Qlik Sense Enterprise or after installing a patch, please ensure that in the related virtual proxy, "header authentication header name” is not set to something like "X-Qlik-User-*" (Check for example QS Feb 2024 header name restrictions).

Information provided on this defect is given as is at the time of documenting. For up to date information, please review the most recent Release Notes, or contact support with the ID QB-25945 or QB-21731 for reference.

Cause

Product Defect ID: QB-25945, QB-21731 and HLP-15641

Environment

• Qlik Sense Entreprise on Windows