topic Re: Vulnerability PostGreSql in Management & Governance

Vulnerability PostGreSql

TTA — Thu, 07 Mar 2024 10:18:53 GMT

Hello,

We Have a list of vulnerabilities detected on PostGreSql :

CVE-2023-5868
CVE-2023-5869
CVE-2023-5870

platform :

version of QlikSens installed : version Septemnber 2019

Systèm: Windows x64 (64bit)

How to resolve this vulnerabilities.

Thanks

Re: Vulnerability PostGreSql

Ray_Strother — Mon, 11 Mar 2024 16:08:53 GMT

Hello ,

1. The version of Qlik Sense you are running has gone end of support.
2. The vulnerabilities , relate to certain versions of Postgres.
3. Newer versions of Qlik Sense utilize newer versions of Postgres.

Article link:

1. https://community.qlik.com/t5/Product-Lifecycle/Qlik-Sense-Enterprise-on-Windows-Product-Lifecycle/ta-p/1826335

2. https://community.qlik.com/t5/Official-Support-Articles/Upgrading-and-unbundling-the-Qlik-Sense-Repository-Database/ta-p/1934238

Re: Vulnerability PostGreSql

David_Friend — Mon, 11 Mar 2024 19:26:31 GMT

@TTA upgrade and unbundle PostgreSQL using the PQI, Ray already shared the links.

Re: Vulnerability PostGreSql

TTA — Wed, 13 Mar 2024 09:24:07 GMT

Hello Ray and David,

Thank you for your reponses.

We will try this solution and will back for you if we have any questions

Thank you

Re: Vulnerability PostGreSql

TTA — Wed, 13 Mar 2024 10:58:39 GMT

Hello,

Wich intitial version of upgrade we have to choose without losing data , applications/ certificate..

September 2021 initial release will be correct one ?

Thank you

Re: Vulnerability PostGreSql

Sebastian_Linser — Wed, 13 Mar 2024 23:05:51 GMT

Hello @TTA

given that you had a 2019 Version, the best is to go to November 2020 then November 2021 and finally to November 2022.

in November 2022 you can migrate the database using QPI https://community.qlik.com/t5/Official-Support-Articles/Upgrading-and-unbundling-the-Qlik-Sense-Repository-Database/ta-p/1934238

This will give you Postgresql 14.8 which you can upgrade to 14.11 using the installer from here:

https://www.enterprisedb.com/downloads/postgres-postgresql-downloads

After that you can upgrade to November 2023 or February 2024 to be on the latest releases.

best regards

Sebastian

Re: Vulnerability PostGreSql

TTA — Tue, 26 Mar 2024 14:05:25 GMT

Hello,

Thanks for the precisions

We have made a succesful upgrade to February 2024 with PostGre v 14.11

Now we need to perform a migration to PostGreSQL 16.2 do to security issues.

before proceed , we have some questions :

1 - does QlikSens February 2024 compatible/support PostGre 16.2 ?

2 - if yes , what is the best approach : installing PostGre 16.2 and after perform pg_upgrade and wich configuration is needed (port/connections ) ?

3 - backup PostGre v 14.11 ?

Some links will be helpful

Thanks a lot for your support

Re: Vulnerability PostGreSql

Sebastian_Linser — Tue, 26 Mar 2024 15:20:31 GMT

Hello @TTA

1. No, only 14.x is approved at the moment, we are still evaluating 15 and 16.

To move you can either to a fresh install of postrgesql 16.2 then add the user qliksenserepository. You Then create the databases QSR, SenseServices, QSMQ and Licenses using template0, and backup from 14 restore into 16.

https://help.qlik.com/en-US/sense-admin/February2024/Subsystems/DeployAdministerQSE/Content/Sense_DeployAdminister/QSEoW/Deploy_QSEoW/Backing-up-a-site.htm

https://help.qlik.com/en-US/sense-admin/February2024/Subsystems/DeployAdministerQSE/Content/Sense_DeployAdminister/QSEoW/Deploy_QSEoW/Restoring-a-site.htm

Or if you use the same password hash algorithm in both installations you use https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-Enterprise-on-Windows-How-To-Upgrade-Standalone/ta-p/1712361

best regards

Sebastian

Re: Vulnerability PostGreSql

TTA — Tue, 17 Feb 2026 09:42:35 GMT

Thank you for your feedback. I am following up on this topic because the February 2024 version is currently end of life. We would like to migrate to the version November 2025 , including Postgresql16. Please guide us through the migration

best regards