Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi,
When will Qlik Alerting support newer versions of Node.JS?
This is due to the following vulnerabilities, which are marked as high risk by the Dutch Cyber Security Center:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30547
Or can someone from Qlik confirm if this is also an risk for node.js used by Qlik Alerting.
What version of Node.JS do you have installed? Qlik Alerting Oct. 21 supports versions Versions 10.x to 16.18 of Node.JS
https://help.qlik.com/en-US/alerting/October2021/Content/QlikAlerting/installation-prerequisites.htm
We always install the latest version, so in this case 16.18, according to what i can see this has VM2 version 3.9.9 which has the sandbox breakout vulnerability as posted before. VM2 needs to be at least version 3.9.11 for this to be resolved.