Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

HeartBleed Open SSL Vulnerability

Is QlikView (specifically 11.2) vulnerable to the SSL HeartBleed OpsnSSL bug? http://heartbleed.com/.

1 Solution

Accepted Solutions
Bill_Britt
Former Employee
Former Employee

Hi,

Here is the information from the Expressor team.

Expressor has used two versions of OpenSSL is its history. Until 2011, we were using 0.8.9d and then upgraded to 1.0.0d. Neither of these versions is affected by heartbleed.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.

View solution in original post

10 Replies
Bill_Britt
Former Employee
Former Employee

Hi Scott,

We do not use OpenSSL in our code. OpenSSL is geared more toward Apache.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
Not applicable
Author

I understand that it is not in QlikView according to the third party license terms, but is in Expressor and therefore potentially in the Governance Dashboard?

QlikView 3rd party license terms - http://www.qlik.com/~/media/files/info/license-terms-third-party/third-party-license-terms.ashx

Bill_Britt
Former Employee
Former Employee


Hi,

OpenSSL is used for SSL and web traffic. Expressor is an application and not a webserver. Also, Qlik uses Microsoft products that unless you are running Windows version of Apache are not affected according to Microsoft.

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
Bill_Britt
Former Employee
Former Employee

Hi,

I have been told the Expressor team is looking at their product to make sure I am correct.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
Bill_Britt
Former Employee
Former Employee

Hi,

Here is the information from the Expressor team.

Expressor has used two versions of OpenSSL is its history. Until 2011, we were using 0.8.9d and then upgraded to 1.0.0d. Neither of these versions is affected by heartbleed.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
Not applicable
Author

Can anyone provide any links on QlikView site or a link to something that says QlikView is "safe" from heartbleed? I need to provide documentation that shows it is - some kind of reference. I have been unable to find anything other than this thread.

Thank you,

Bill_Britt
Former Employee
Former Employee

Hi Richard,

I am a DSE with QlikView and was the one that went to our security team to get the information. I will see if I can't get someone to put a official statement on the Qlik Site.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
Not applicable
Author

Thank you Bill that would be very helpful.

Bill_Britt
Former Employee
Former Employee

Hi Richard,

Check this out.

http://community.qlik.com/blogs/supportupdates/2014/05/07/qlikview-is-not-vulnerable-to-heartbleed-o...

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.