https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/1572169#M41695 <P>Qlik Sense Server November 2018 is still using Angular 1.5.8.&nbsp; A bit of disappointment her.</P><P>&nbsp;</P><P>Qlik Sense Desktop would most likely have the exact same versions of Angular, and vulnerabilities.</P><P>But the question is if it matters.&nbsp; Are there anyone else than yourself using your Sense Desktop?<BR />The vulnerabilities are mainly cross-site-scripting attacks.</P> Tue, 23 Apr 2019 14:33:22 GMT vegard_bakke 2019-04-23T14:33:22Z https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/27456#M1869 <HTML><HEAD></HEAD><BODY><P>Qlik Sense is using AngualrJS 1.5.8, which has four known security vulnerabilities:</P><P>* <A href="https://snyk.io/test/npm/angular/1.5.8?severity=high&amp;severity=medium&amp;severity=low" title="https://snyk.io/test/npm/angular/1.5.8?severity=high&amp;severity=medium&amp;severity=low">https://snyk.io/test/npm/angular/1.5.8?severity=high&amp;severity=medium&amp;severity=low</A>‌</P><P></P><P>It mentions:</P><P>* Content security policy bypass</P><P>* Cross-site scripting (x2)</P><P>* JSONP callback attack</P><P>with Medium severity.</P><P></P><P>Does anyone know if Qlik Sense is also vulnerable to this attacks, or if Qlik has fixed them in their released version of AngularJS?</P><P></P><P></P><P>Cheers</P></BODY></HTML> Thu, 12 Apr 2018 15:20:03 GMT https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/27456#M1869 vegard_bakke 2018-04-12T15:20:03Z https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/27457#M1870 <HTML><HEAD></HEAD><BODY><P>Thanks for raising this question.</P><P></P><P>It is in our plans to update angularjs to a newer version. </P></BODY></HTML> Mon, 16 Apr 2018 14:52:11 GMT https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/27457#M1870 iue 2018-04-16T14:52:11Z https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/27458#M1871 <HTML><HEAD></HEAD><BODY><P>Hoping for June 2018 release, according to Qlik Support. </P><P></P><P>(There are a few backwards compatibility issues with the newer angular, apperently. <IMG src="https://community.qlik.com/legacyfs/online/emoticons/happy.png" /> )</P></BODY></HTML> Mon, 16 Apr 2018 16:22:29 GMT https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/27458#M1871 vegard_bakke 2018-04-16T16:22:29Z https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/27459#M1872 <HTML><HEAD></HEAD><BODY><P>Any update on this?&nbsp; Doesn't look like AngularJS was upgraded in June 2018 release of Qlik Sense.</P></BODY></HTML> Tue, 21 Aug 2018 17:22:49 GMT https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/27459#M1872 Anonymous 2018-08-21T17:22:49Z https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/27460#M1873 <HTML><HEAD></HEAD><BODY><P>Kevin,</P><P></P><P>The September18-release will include an upgrade to AngularJS 1.6.9. Our plan is to continue to upgrade AngularJS, so we always are on the latest 1.X version. Next planned upgrade is 1.7.X.</P><P></P><P>Please let me know if you have other questions.</P><P></P><P>Thanks!</P></BODY></HTML> Thu, 23 Aug 2018 06:54:11 GMT https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/27460#M1873 iue 2018-08-23T06:54:11Z https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/1528382#M37954 <P><SPAN>Does this vulnerability affect the desktop version?</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 09 Jan 2019 13:23:06 GMT https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/1528382#M37954 nob-ruin 2019-01-09T13:23:06Z https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/1528383#M37955 <P><SPAN>Does this vulnerability affect the desktop version?</SPAN></P> Wed, 09 Jan 2019 13:23:35 GMT https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/1528383#M37955 nob-ruin 2019-01-09T13:23:35Z https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/1572169#M41695 <P>Qlik Sense Server November 2018 is still using Angular 1.5.8.&nbsp; A bit of disappointment her.</P><P>&nbsp;</P><P>Qlik Sense Desktop would most likely have the exact same versions of Angular, and vulnerabilities.</P><P>But the question is if it matters.&nbsp; Are there anyone else than yourself using your Sense Desktop?<BR />The vulnerabilities are mainly cross-site-scripting attacks.</P> Tue, 23 Apr 2019 14:33:22 GMT https://community.qlik.com/t5/App-Development/Security-vulnerabilities-in-Qlik-Sense-AngularJS/m-p/1572169#M41695 vegard_bakke 2019-04-23T14:33:22Z