In this article, we walk you through the requirements and process of how to upgrade and unbundle an existing Qlik Sense Repository Database (see supported scenarios) as well as how to install a brand new Repository based on PostgreSQL. We will use the Qlik PostgreSQL Installer (QPI).

For a manual method, see How to manually upgrade the bundled Qlik Sense PostgreSQL version to 12.5 version.

Using the Qlik Postgres Installer not only upgrades PostgreSQL; it also unbundles PostgreSQL from your Qlik Sense Enterprise on Windows install. This allows for direct control of your PostgreSQL instance and facilitates maintenance without a dependency on Qlik Sense. Further Database upgrades can then be performed independently and in accordance with your corporate security policy when needed, as long as you remain within the supported PostgreSQL versions. See How To Upgrade Standalone PostgreSQL.

Index

• Supported Scenarios
• Upgrades
• New installs
• Requirements
• Known limitations
• Installing anew Qlik Sense Repository Database using PostgreSQL
• Qlik PostgreSQL Installer - Download Link
• Upgrading an existing Qlik Sense Repository Database
• The Upgrade
• Next Steps and Compatibility with PostgreSQL installers
• How do I upgrade PostgreSQL from here on?
• Troubleshooting and FAQ
• Related Content

Video Walkthrough

Video chapters:

• 01:02 - Intro to PostgreSQL Repository
• 02:51 – Prerequisites
• 03:24 - What is the QPI tool?
• 05:09 - Using the QPI tool
• 09:27 - Removing the old Database Service
• 11:27 - Upgrading a stand-alone to the latest release
• 13:39 - How to roll-back to the previous version
• 14:46 - Troubleshooting upgrading a patched version
• 18:25 - Troubleshooting upgrade security error
• 21:15 - Additional config file settings

Supported Scenarios

Upgrades

The following versions have been tested and verified to work with QPI: 

Qlik Sense February 2022 to Qlik Sense November 2024.

If you are on a Qlik Sense version prior to these, upgrade to at least February 2022 before you begin.  

Qlik Sense November 2022 and later do not support 9.6, and a warning will be displayed during the upgrade. From Qlik Sense August 2023 a upgrade with a 9.6 database is blocked.

New installs

The Qlik PostgreSQL Installer supports installing a new standalone PostgreSQL database with the configurations required for connecting to a Qlik Sense server. This allows setting up a new environment or migrating an existing database to a separate host.

Requirements

• Review the QPI Release Notes before you continue

• Using the Qlik PostgreSQL Installer on a patched Qlik Sense version can lead to unexpected results. If you have a patch installed, either:

  • Uninstall all patches before using QPI (see Installing and Uninstalling Qlik Sense Patches) or
  • Upgrade to an IR release of Qlik Sense which supports QPI

• The PostgreSQL Installer can only upgrade bundled PostgreSQL database listening on the default port 4432.
• The user who runs the installer must be an administrator.
• The backup destination must have sufficient free disk space to dump the existing database  
• The backup destination must not be a network path or virtual storage folder. It is recommended the backup is stored on the main drive. 
• There will be downtime during this operation, please plan accordingly
• If upgrading to PostgreSQL 14 and later, the Windows OS must be at least Server 2016

Known limitations

• (Limitation removed in QPI 2.1 | Release Notes) Cannot migrate a 14.17 embedded database to a standalone
• (Limitation removed in QPI 2.1 | Release Notes) Using QPI to upgrade a standalone database or a database previously unbundled with QPI is not supported.
• The installer itself does not provide an automatic rollback feature.

Installing a new Qlik Sense Repository Database using PostgreSQL

1. Run the Qlik PostgreSQL Installer as an administrator 
   
   
2. Click on Install 
   
   
3. Accept the Qlik Customer Agreement 
   
   
4. Set your Local database settings and click Next. You will use these details to connect other nodes to the same cluster. 
   
   
5. Set your Database superuser password and click Next
   
   
6. Set the database installation folder, default: C:\Program Files\PostgreSQL\14

   Do not use the standard Qlik Sense folders, such as C:\Program Files\Qlik\Sense\Repository\PostgreSQL\ and C:\Programdata\Qlik\Sense\Repository\PostgreSQL\.

7. Set the database data folder, default: C:\Program Files\PostgreSQL\14\data

   Do not  use the standard Qlik Sense folders, such as C:\Program Files\Qlik\Sense\Repository\PostgreSQL\ and C:\Programdata\Qlik\Sense\Repository\PostgreSQL\.

8. Review your settings and click Install, then click Finish
   
   
9. Start installing Qlik Sense Enterprise Client Managed. Choose Join Cluster option.
   
   The Qlik PostgreSQL Installer has already seeded the databases for you and has created the users and permissions. No further configuration is needed.
   
   
10. The tool will display information on the actions being performed. Once installation is finished, you can close the installer.  
    
    If you are migrating your existing databases to a new host, please remember to reconfigure your nodes to connect to the correct host. How to configure Qlik Sense to use a dedicated PostgreSQL database 
    

Qlik PostgreSQL Installer - Download Link

Download the installer here.

Qlik PostgreSQL installer Release Notes

Upgrading an existing Qlik Sense Repository Database

The following versions have been tested and verified to work with QPI (1.4.0): 

February 2022 to November 2023.

If you are on any version prior to these, upgrade to at least February 2022 before you begin.  

Qlik Sense November 2022 and later do not support 9.6, and a warning will be displayed during the upgrade.  From Qlik Sense August 2023 a 9.6 update is blocked.

The Upgrade

1. Stop all services on rim nodes 
   
   
2. On your Central Node, stop all services except the Qlik Sense Repository Database 
   
   
   
   
3. Run the Qlik PostgreSQL Installer. An existing Database will be detected. 
   
   
   
   
4. Highlight the database and click Upgrade 
   
5. Read and confirm the (a) Installer Instructions as well as the Qlik Customer Agreement, then click (b) Next.
   
   
   
   
6. Provide your existing Database superuser password and click Next.
   
   
7. Define your Database backup path and click Next.
   
   
   
   
8. Define your Install Location (default is prefilled) and click Next.
   
   
   
   
9. Define your database data path (default is prefilled) and click Next.
   
   
    
10. Review all properties and click Upgrade.
    
    The review screen lists the settings which will be migrated. No manual changes are required post-upgrade.
    
    
    
    
11. The upgrade is completed. Click Close.
     
12. Open the Windows Services Console and locate the Qlik Sense Enterprise on Windows services.
    
    You will find that the Qlik Sense Repository Database service has been set to manual. Do not change the startup method. 
    
    
    
    You will also find a new postgresql-x64-14 service. Do not rename this service. 
    
    
    

     

13. Start all services except the Qlik Sense Repository Database service. 
    
    
14. Start all services on your rim nodes.
    
    
15. Validate that all services and nodes are operating as expected. The original database folder in C:\ProgramData\Qlik\Sense\Repository\PostgreSQL\X.X_deprecated
    

     

16. Uninstall the old Qlik Sense Repository Database service.

    This step is required. Failing to remove the old service will lead the upgrade or patching issues.

    1. Open a Windows File Explorer and browse to C:\ProgramData\Package Cache
       
       
    2. From there, search for the appropriate msi file.
       
       
       
       If you were running 9.6 before the upgrade, search PostgreSQL.msi
       If you were running 12.5 before the upgrade, search PostgreSQL125.msi
       
       
    3. The msi will be revealed.
       
       
    4. Right-click the msi file and select uninstall from the menu.
       
       
       
       
    
    
17. Re-install the PostgreSQL binaries. This step is optional if Qlik Sense is immediately upgraded following the use of QPI. The Sense upgrade will install the correct binaries automatically. 
    

    Failing to reinstall the binaries will lead to errors when executing any number of service configuration scripts. 

    If you do not immediately upgrade:
    
    
    1. Open a Windows File Explorer and browse to C:\ProgramData\Package Cache
       
       
    2. From there, search for the .msi file appropriate for your currently installed Qlik Sense version
       
       
       
       For Qlik Sense August 2023 and later: PostgreSQL14.msi
       Qlik Sense February 2022 to May 2023: PostgreSQL125.msi
       
       
    3. Right-click the file
    4. Click Open file location
       
       
       
       
    5. Highlight the file path, right-click on the path, and click Copy
       
       
       
       
    6. Open a Windows Command prompt as administrator
       
       
    7. Navigate to the location of the folder you copied
       
       Example command line: 
       
       cd C:\ProgramData\Package Cache\{GUID}
       
       Where GUID is the value of the folder name.
       
       
    8. Run the following command depending on the version you have installed: 
       
       Qlik Sense August 2023 and later
       
       msiexec.exe /qb /i "PostgreSQL14.msi" SKIPINSTALLDBSERVICE="1" INSTALLDIR="C:\Program Files\Qlik\Sense"
       
       Qlik Sense February 2022 to May 2023
       
       msiexec.exe /qb /i "PostgreSQL125.msi" SKIPINSTALLDBSERVICE="1" INSTALLDIR="C:\Program Files\Qlik\Sense"
       
       This will re-install the binaries without installing a database. If you installed with a custom directory adjust the INSTALLDIR parameter accordingly. E.g. you installed in D:\Qlik\Sense then the parameter would be INSTALLDIR="D:\Qlik\Sense".
       
       
18. Finalize the process by updating the references to the PostgreSQL binaries paths in the SetupDatabase.ps1 and Configure-Service.ps1 files. For detailed steps, see Cannot change the qliksenserepository password for microservices of the service dispatcher: The system cannot find the file specified.

If the upgrade was unsuccessful and you are missing data in the Qlik Management Console or elsewhere, contact Qlik Support.  

Next Steps and Compatibility with PostgreSQL installers

Now that your PostgreSQL instance is no longer connected to the Qlik Sense Enterprise on Windows services, all future updates of PostgreSQL are performed independently of Qlik Sense. This allows you to act in accordance with your corporate security policy when needed, as long as you remain within the supported PostgreSQL versions.

Your PostgreSQL database is fully compatible with the official PostgreSQL installers from https://www.enterprisedb.com/downloads/postgres-postgresql-downloads. 

How do I upgrade PostgreSQL from here on?

See How To Upgrade Standalone PostgreSQL, which documents the upgrade procedure for either a minor version upgrade (example: 14.5 to 14.8) or a major version upgrade (example: 12 to 14). Further information on PostgreSQL upgrades or updates can be obtained from Postgre directly.

Troubleshooting and FAQ

1. If the installation crashes, the server reboots unexpectedly during this process, or there is a power outage, the new database may not be in a serviceable state. Installation/upgrade logs are available in the location of your temporary files, for example:
   
   C:\Users\Username\AppData\Local\Temp\2
   
   A backup of the original database contents is available in your chosen location, or by default in:
   
   C:\ProgramData\Qlik\Sense\Repository\PostgreSQL\backup\X.X
   
   The original database data folder has been renamed to:
   
   C:\ProgramData\Qlik\Sense\Repository\PostgreSQL\X.X_deprecated
   
   
2. Upgrading Qlik Sense after upgrading PostgreSQL with the QPI tool fails with:
   
   This version of Qlik Sense requires a 'SenseServices' database for multi cloud capabilities. Ensure that you have created a 'SenseService' database in your cluster before upgrading. For more information see Installing and configuring PostgreSQL.
   
   See Qlik Sense Upgrade fails with: This version of Qlik Sense requires a _ database for _.
   
   To resolve this, start the postgresql-x64-XX service.

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support. The video in this article was recorded in a earlier version of QPI, some screens might differ a little bit.

Related Content

Qlik PostgreSQL installer version 1.3.0 Release Notes  
Techspert Talks - Upgrading PostgreSQL Repository Troubleshooting
Backup and Restore Qlik Sense Enterprise documentation
Migrating Like a Boss
Optimizing Performance for Qlik Sense Enterprise
Qlik Sense Enterprise on Windows: How To Upgrade Standalone PostgreSQL
How-to reset forgotten PostgreSQL password in Qlik Sense
How to configure Qlik Sense to use a dedicated PostgreSQL database
Troubleshooting Qlik Sense Upgrades 

Installing Qlik Data Gateway v1.7.13.0 on Windows may fail. The installation remains stuck in a loop.

The system first requires a restart of Windows, but will not complete the installation afterwards. Instead, a Microsoft Visual C++ Redistributable Modify Setup prompt will be displayed:

Whatever option is chosen, a new pop-up appears stating, 'Please restart your system before running the Qlik Data Gateway - Direct access installation'. This will restart the loop. 

Resolution

Install v1.7.14.0 when available.

If it's necessary to perform a new installation in the meantime, use v1.7.11.0.

Cause

This is a known defect (SUPPORT-8964) affecting v1.7.13.0.

Internal Investigation ID(s)

SUPPORT-8964

Environment

• Qlik Direct Access Gateway

Qlik constantly refines its Analytics, over time replacing old charts with new, modernized alternatives. These deprecations are announced well in advance and include instructions on how best to replace these old charts, whether that is to use a new one, several new ones, or to make use of new settings.

As an example, seven visualization bundle charts are scheduled for deprecation in May 2027, most of which have already been removed from the asset panel and are no longer in use in recent applications. See Upcoming deprecation of Qlik Analytics charts in May 2027.

What do I use instead?

Charts that are up for deprecation are often no longer in use. However, if you happen to still have a very old application and need to replace it, see Visualization bundle > Deprecated charts for more information on what to use instead. The list will be updated whenever a new set of charts is deprecated.

How do I find out if my apps are using the deprecated charts?

Qlik recommends reviewing your apps for old charts. Depending on your platform (Qlik Cloud or Client-managed), there are different methods you can deploy.

Qlik Cloud

Qlik Cloud administrators should use the Qlik Cloud Monitoring Apps to track the usage. The App Analyzer has a sheet dedicated to where deprecated charts are being used on a tenant in Qlik Cloud. The App Analyzer is based on usage events rather than scanning every app. Use the App Analyzer to find which apps and sheets have charts that need to be updated to newer and more modern alternatives. The easiest way to install and update the Qlik Cloud Monitoring Apps is to use the automation template. If you already have the App Analyzer, just remove the automation and install a new one to get the latest version of the App Analyzer. 

Client-managed

For client-managed installations, use the Monitoring apps. The Content Monitor app has a sheet for tracking deprecated charts. At reload, the Content Monitor app scans every app in the installation in order to list all applications and sheets that are using charts that are being deprecated. It also lists the installed extensions and their deprecation status. The Monitoring apps are bundled with the Qlik Analytics installation. The first version with the new sheet will be included in the May 2026 release. If you want to track usage in prior versions, the deprecated chart usage scanner will also be available on the product download page.

Environment

• Qlik Cloud Analytics
• Qlik Sense Enterprise on Windows

Erlang/Open Telecom Platform (OTP) has disclosed a critical security vulnerability: CVE-2025-32433.

Is Qlik NPrinting affected by CVE-2025-32433?

Resolution

Qlik NPrinting installs Erlang OTP as part of the RabbitMQ installation, which is essential to the correct functioning of the Qlik NPrinting services.

RabbitMQ does not use SSH, meaning the workaround documented in Unauthenticated Remote Code Execution in Erlang/OTP SSH is already applied. Consequently, Qlik NPrinting remains unaffected by CVE-2025-32433.

All future Qlik NPrinting versions from the 20th of May 2025 and onwards will include patched versions of OTP and fully address this vulnerability.

Environment

• Qlik NPrinting

This article documents how to improve Databricks ODBC resilience with the EnableRetryWithoutRetryAfterHeader parameter. 

Content

• Why does settingEnableRetryWithoutRetryAfterHeader matter?
• The Default Retry Behavior
• Retry behavior withEnableRetryWithoutRetryAfterHeader
• When to apply EnableRetryWithoutRetryAfterHeader
• How to enableEnableRetryWithoutRetryAfterHeader
• Prerequisites
• Configuration
• Errors addressed byEnableRetryWithoutRetryAfterHeader
• HTTP 503 with No Retry-After Header (SqlState: 08S01)
• Delta Transaction Log Truncation (SqlState: 42K03)

The Databricks ODBC driver parameter EnableRetryWithoutRetryAfterHeader is a connection-level setting that controls how the driver responds to server-side failures when the server does not include a Retry-After HTTP header in its response.

By default, this parameter is disabled (0). When enabled (1), it instructs the driver to retry failed requests, even in the absence of explicit retry guidance from the server. This makes pipelines significantly more resilient to transient service disruptions and recoverable error conditions that would otherwise cause tasks to stall indefinitely.

The EnableRetryWithoutRetryAfterHeader parameter is available with driver version 2.9.1+.

Why does setting EnableRetryWithoutRetryAfterHeader matter?

The Default Retry Behavior

The Databricks ODBC driver includes built-in retry logic to handle transient failures. However, by default, this logic only activates when the server includes a Retry-After header in the error response (the standard HTTP signal that tells a client how long to wait before retrying).

In practice, not all Databricks server error responses include this header. When it is absent:

• The driver has no retry signal to act on
• The failure is treated as terminal rather than transient
• The request is abandoned entirely
• Tables dependent on that connection enter a queued state with no further progress

This gap between intent (retry on recoverable errors) and behavior (skip retry without the header) is the source of a class of pipeline failures that can be difficult to diagnose because the driver produces no additional retry activity. It simply stops.

Retry behavior with EnableRetryWithoutRetryAfterHeader

Setting EnableRetryWithoutRetryAfterHeader=1 closes the retry gap. The driver no longer requires the Retry-After header to be present before retrying. Instead, it applies its retry logic to all eligible failures, using a built-in backoff strategy, regardless of whether the server explicitly instructs it to do so.

The practical benefits are:

• Transient 503 errors are recovered automatically: temporary service unavailability no longer causes immediate task failure
• Recoverable Delta read errors are retried: failures that would succeed on a subsequent attempt are allowed to do so
• Queue buildup is prevented: tables are not left stranded in a queued state due to a single unretried failure
• Pipeline stability improves without changes to data architecture or retention policies

When to apply EnableRetryWithoutRetryAfterHeader

This parameter should be considered a standard configuration for any Databricks ODBC connection where pipeline reliability is a priority, particularly in environments that:

• Process high volumes of tables or run long-duration tasks
• Are subject to Delta Lake log retention policies
• Connect to Databricks endpoints that may return 503 responses during maintenance windows or high-load periods
• Have previously experienced unexplained queued states or stalled tasks

How to enable EnableRetryWithoutRetryAfterHeader

Prerequisites

• Databricks ODBC Driver version 2.9.1 or higher (parameter is not available in earlier versions)
• Recommended: upgrade to version 2.9.2 or later for the most stable behavior

Configuration

Add the following to the Databricks Delta endpoint connection using the following internal parameter:

additionalConnectionProperties=EnableRetryWithoutRetryAfterHeader=1

No other changes to the connection string or data architecture are required.

Errors addressed by EnableRetryWithoutRetryAfterHeader

The following errors are direct indicators that the driver encountered a failure without retry-header guidance. Both have been observed to be resolved by enabling the parameter.

HTTP 503 with No Retry-After Header (SqlState: 08S01)

RetCode: SQL_ERROR
SqlState: 08S01
NativeError: 124
Message: [Simba][Hardy] (124) A 503 response was returned but no Retry-After header was provided. Original error: HTTP Response code 503,
TEMPORARILY_UNAVAILABLE: HTTP Response code: 503 [1022502]

Alternative:

RetCode: SQL_ERROR SqlState: 08S01 NativeError: 124 Message: [Simba][Hardy] (124) A 503 response was returned but no Retry-After header was provided. Original error: Unknown

What is happening: The Databricks service returned an HTTP 503 Service Unavailable, a standard, transient condition signaling that the server is temporarily unable to handle the request. The correct behavior is to wait briefly and retry.

Why it fails without the parameter: The driver's retry mechanism is waiting for a Retry-After header that was not included in the response. Without it, the driver takes no retry action and the connection is treated as a hard failure. 

How the parameter helps: With EnableRetryWithoutRetryAfterHeader=1, the driver retries the request using its internal backoff strategy, allowing the pipeline to recover transparently from the temporary service disruption.

Delta Transaction Log Truncation (SqlState: 42K03)

RetCode: SQL_ERROR
SqlState: 42K03
NativeError: 35
Message: [Simba][Hardy] (35) Error from server: error code: '0'error message: 'org.apache.hive.service.cli.HiveSQLException:Error running query: [DELTA_TRUNCATED_TRANSACTION_LOG]
com.databricks.sql.transaction.tahoe.DeltaFileNotFoundException:[DELTA_TRUNCATED_TRANSACTION_LOG]
Unable to reconstruct state at version 16 as the transaction log has been truncated due to manual deletion or the log retention policy (delta.logRetentionDuration=30 days) and checkpoint retention policy
(delta.checkpointRetentionDuration=2 days)

What is happening: Delta Lake could not reconstruct the table state because the transaction log had been truncated, either through manual deletion or by the log retention policy (delta.logRetentionDuration=30 days) and checkpoint retention policy (delta.checkpointRetentionDuration=2 days). The required log file (00000000000000000000.json) was no longer present, preventing reconstruction of the state at version 16.

Why it fails without the parameter: When the driver encounters a server-side error response without a Retry-After header, it does not retry. Conditions that may be transiently recoverable, such as a momentary log unavailability, are never reattempted, and the task stalls.

How the parameter helps: Enabling retries allows the driver to reattempt the read operation, recovering from transient log access issues that do not persist beyond the initial attempt.

Environment

• Qlik Replicate

Executive Summary 

A stored cross-site scripting security issue in the Qlik Talend Administration Center has been identified. This issue was resolved in a patch, which is already available.

This issue was discovered by Ahsan.

Affected Software 

All versions of Qlik Talend Administration Center before Patch_20260123_QTAC-1883 (cumulative patch)_R2026-01_v1-8.0.1 are affected.

Severity Rating 

Using the CVSS V3.1 scoring system (https://nvd.nist.gov/vuln-metrics/cvss), this issue is rated medium.

Vulnerability Details

CVE-2026-pending 

Severity: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N: (5.4 Medium)

A stored cross-site scripting vulnerability has been found in Qlik Talend Administration Center. An attacker with permission to manage servers can store an XSS payload that can be triggered by a different user.

Resolution 

Upgrade at the earliest. The following table lists the patch versions addressing the vulnerability (CVE-2026-pending).

Always update to the latest version. Before you upgrade, check if a more recent release is available.

Executive Summary 

A broken access control issue has been identified in Qlik Talend Administration Center, which allows a user with View permission to modify the Qlik Talend Studio update URL. This issue was resolved in a patch, which is already available.

This issue was discovered by Kaushik Roy.

Affected Software 

All versions of Qlik Talend Administration Center before Patch_20251121_QTAC-1471_R2025-11_v1-8.0.1.

Severity Rating 

Using the CVSS V3.1 scoring system (https://nvd.nist.gov/vuln-metrics/cvss), this issue is rated high.

Vulnerability Details

CVE-2026-pending 

Severity: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N: (8.2 High)

A broken access control issue has been identified in the Qlik Talend Administration Center, which allows a user with View permission to modify the Qlik Talend Studio update URL. This could be exploited to download malicious software to a Qlik Talend Studio instance.

Resolution 

Upgrade at the earliest. The following table lists the patch versions addressing the vulnerability (CVE-2026-pending).

Always update to the latest version. Before you upgrade, check if a more recent release is available.

After updating the SQL Server JDBC driver in the Talend Administration Center (TAC), executing metaservlet calls to associate task results in a deployment failure. The system specifically fails because it is still searching for the old driver version, resulting in a NoSuchFileException.

Resolution

To resolve the dependency conflict and refresh the application cache, follow these steps:

1. Verify JAR Location and ensure the new JDBC JAR file exists only in the following directory:
   
   /talend/tac/apache-tomcat/webapps/tac/WEB-INF/lib/

   Do not keep multiple versions or duplicates in other library folders to avoid classpath conflicts.

2. Stop the Qlik Talend Administration Center service and Tomcat instance
   
   
3. Clear Tomcat Cache
   
   Since Tomcat caches compiled JSP files and session data, manually clear the work and temp directories by renaming the current folders:
   
   
   • tomcat/work > tomcat/work_bak
   • tomcat/temp > tomcat/temp_bak
4. Create new, empty work and temp folders
   
   
5. Start the Qlik Talend Administration Center service
   
   Tomcat will rebuild the cache using the current libraries present in the WEB-INF/lib folder.

Cause

The error indicates that although the old driver was removed from the file system, Qlik Talend Administration Center (or the underlying Tomcat container) still holds a reference to the deleted JAR file. This suggests a caching issue within the Tomcat application server.

Environment

• Qlik Talend Administration Center

Is Qlik Sense Enterprise on Windows affected by the security vulnerability CVE-2023-26136 (nvd.nist.gov)?

CVE-2023-26136 is a vulnerability detected in Node.js, a third-party component used by Qlik Sense Enterprise on Windows. Security scans may flag the vulnerability in a Qlik Sense Enterprise on Windows environment. 

While Qlik was not directly impacted, the affected third-party component has been updated across supported versions.

Affected versions: 

• Qlik Sense Enterprise on Windows May 2024 patch 23
• Qlik Sense Enterprise on Windows November 2024 patch 17
• Qlik Sense Enterprise on Windows May 2025 patch 5 

Resolution

Upgrade to any of the following (or later) versions:

• Qlik Sense Enterprise on Windows May 2024 patch 24
• Qlik Sense Enterprise on Windows November 2024 patch 18
• Qlik Sense Enterprise on Windows May 2025 patch 6 
• Qlik Sense Enterprise on Windows May 2026 IR 

In some instances, the Qlik Sense patch installer updates service binaries but does not remove leftover node_modules folders from previous installations. The old request/node_modules/tough-cookie directories may still exist on disk even though the running service no longer uses them.

If you notice stale folders post-upgrade:

1. Run the following PowerShell script as Administrator to clean up stale folders:
   
   

   # Qlik Sense - tough-cookie stale folder cleanup
   # Run as Administrator after upgrading to v14.231.26 or later
   # Take a backup or snapshot before running
   Write-Host "Starting tough-cookie cleanup..." -ForegroundColor Cyan
   # Step 1 - Stop Service Dispatcher (this will stop all dependent Qlik Sense
   services)
   Stop-Service -Name "QlikSenseServiceDispatcher" -Force -ErrorAction
   SilentlyContinue
   Write-Host "Stopped: QlikSenseServiceDispatcher" -ForegroundColor Yellow
   Start-Sleep -Seconds 5
   # Step 2 - Remove tough-cookie directories
   $paths = @(
   "C:\Program Files\Qlik\Sense\ConverterService\node_modules\tough-cookie",
   "C:\Program
   Files\Qlik\Sense\DownloadPrepService\node_modules\request\node_modules\tough
   cookie",
   "C:\Program
   Files\Qlik\Sense\MobilityRegistrarService\node_modules\request\node_modules\tough
   cookie",
   "C:\Program
   Files\Qlik\Sense\NotifierService\node_modules\request\node_modules\tough-cookie"
   )
   foreach ($path in $paths) {
   if (Test-Path $path) {
   Remove-Item -Path $path -Recurse -Force
   Write-Host "Removed: $path" -ForegroundColor Green
   } else {
   Write-Host "Not found (already clean): $path" -ForegroundColor Gray
   }
   }
   Write-Host "`nCleanup complete. Restart Service Dispatcher manually to bring all
   services back online." -ForegroundColor Cyan​

   This script may need to be re-run after any future Qlik Sense Enterprise on Windows patch or reinstallation, as the installer may restore these directories.

   The script is provided as is and to be used at your own risk.

2. Restart the Qlik Sense Service Dispatcher service

Internal Investigation ID(s)

• SUPPORT-2237

Qlik NPrinting tasks stop progressing at random, even if the Qlik NPrinting services otherwise run without issue. Task executions are blocked, with no specific error messages logged. 

The Rabbit logs read the following error:

missed heartbeats from client, timeout: 15s

The problem is similar to the one described in Qlik NPrinting task run but do not progress: stuck on same percentage, with some notable differences:

1. It can occur on any Windows Server operating system, while the previous issue is restricted to 2019.
2. The error message {{badmatch,{error,eacces}} is not present in the Rabbit logs.
3. A missed heartbeats from client error is logged instead.

The problem can start after an upgrade to Qlik NPrinting 2025 or any later releases.

Resolution

1. Verify that Qlik NPrinting has been installed on a dedicated server as required; see Unsupported configurations: Installation for details. 
2. Verify that all Qlik NPrinting Server Engine and Designer Anti Virus Folder Exclusions have been applied correctly
3. If the problem persists, increase the timeout window to reduce heartbeat frequency.

   This step requires changes to service configuration files. Back up all files before you proceed.

   1. Locate the configuration files in C:\Program Files\NPrintingServer\NPrinting\[ServiceName] folders
   2. Stop the Qlik NPrinting Services
   3. Set the following in the scheduler.config, engine.config, webengine.config, and audit.config (if active):
      
      

      <add key="rabbitmq-timeout" value="60" />
      <add key="rabbitmq-requested-heartbeat-sec" value="30" />

      
      
   4. In the scheduler.config, set:
      
      

      <add key="engine-heartbeat" value="15" /> 
      <add key="engine-heartbeat-offline-threshold" value="30" />

   5. Restart the services

Cause

Qlik NPrinting services send heartbeats to verify that communication between them is open.

Recent versions of Qlik NPrinting are more sensitive to missed heartbeats, meaning a missed communication check can lead to the services being unable to process tasks as expected. 

This may be caused by a busy Qlik NPrinting server (such as when the software is run on a shared server, resulting in unsustainably high CPU usage) or by the heartbeats being delayed by security scans.

Related Content

• Troubleshooting 
• Unsupported configurations

Internal Investigation ID(s)

• SUPPORT-8903

Environment

• Qlik NPrinting

Installing Qlik Replicate 2025.5 and 2025.11 GA versions on Linux 9.7, an error may occur during installation or when attempting to start the services.

This issue is typically observed when the installation is performed using a different account than the one intended to run the services.

For example, installing Qlik Replicate with the account apsup while specifying qlik as the service account:

sudo user=qlik group=qlik verbose=true rpm -ivh --prefix /opt areplicate-2025.11.0-164.x86_64.rpm

A typical error message is:

arep.sh: created /opt/attunity/replicate/bin/areplicate
arep.sh: created /etc/systemd/system/areplicate.service
systemctl daemon-reload failed
failed to install areplicate as a service, areplicate will not be run
warning: %posttrans(areplicate-2025.11.0-164.x86_64) scriptlet failed, exit status 9  

Resolution

Upgrade your Qlik Replicate installation. This issue has been resolved in Qlik Replicate 2025.11 SP3 (2025.11.0.437 and later).

Internal Investigation ID(s)

00443949

Environment

• Qlik Replicate 2025.5
• Qliklik Replicate 2025.11 GA/SP1/SP2
• Linux 9.7

The Data Load Editor in Qlik Sense Enterprise on Windows 2025 experiences noticeable performance issues.

Resolution

Fix Version

Qlik Sense May 2025 SR 6 and higher releases.

Workaround

A workaround is available. It is viable as long as the Qlik SAP Connector is not in use.

1. In a Windows file browser, navigate to C:\Program Files\Common Files\Qlik\Custom Data\
2. Move the QvSapConnectorPackage directory to a different location

No service restart is required.

Internal Investigation ID(s) 

SUPPORT-6006

Environment

• Qlik Sense Enterprise on Windows

Beginning from Qlik Replicate version 2024.05, a new checkbox was added to Log Stream Staging tasks: Retrieve all source columns on UPDATE

The option is available in Task Settings (A) > Change Processing > Change Processing Tuning (B)

It is enabled (C) by default.  

When Retrieve all source columns on UPDATE is enabled, it will cause any table added to the task to issue an ALTER on the table to enable supplemental logging on all columns if the source database is Oracle.

Resolution

For high-transaction tables, enable Supplemental Logging on all columns during off-peak hours manually before adding them to the Qlik Replicate task.

Cause

In previous Qlik Replicate versions, supplemental logging was not required on all columns and was enabled only on Primary Key Columns. But with that new checkbox, it is required to be added to all columns.

When any new table is added to the Log Stream Staging task, Qlik Replicate issues an ALTER TABLE command to enable Supplemental Logging on all columns. This command can fail on high-transaction or busy tables in the source Oracle DB.

Environment

• Qlik Replicate

Qlik introduced a change in how automation permissions are handled for the Analytics Admin role.

When was the change introduced?

The change is already live as of the 11th of May, 2026.

What does that mean for me?

Analytics Admins can now claim ownership of another user's automation. After claiming ownership, they can make necessary changes to it and enable the automation. However, they can no longer transfer ownership to another user.

How do I claim ownership of an automation?

As an Analytics admin, to claim ownership of an automation:

1. Navigate to the Automations section in the Administration Console
2. Locate the automation you want to claim ownership of, and click the Actions menu (...)
3. Choose Claim ownership
   
   

This behavior change only applies to Analytics Admins. Tenant admins can still transfer ownership to any user with the appropriate access rights in the tenant.

Environment

• Qlik Cloud Analytics
• Qlik Automate

From the Qlik Download page

1. Access the Qlik Download page: Product Downloads
2. Log in with your Qlik ID
3. Select Qlik Data Analytics (Category)
4. Select Qlik Sense Desktop (Product)
5. Choose the appropriate version (Release)
6. Choose the appropriate release number (Release Number)
7. Click the download link

HTTP Response Header exposes Microsoft-HTTPAPI/2.0 as the server source. An attacker could use this information to expose known vulnerabilities for the server source.

Resolution

This header is included in the HTTP header by .NET framework, which means it can not be directly controlled by Qlik software. 

Environment

Qlik Sense Enterprise on Windows, all version
QlikView, all versions
Qlik NPrinting, all versions

Internal Investigation IDs:

• QLIK-90522

Method 1: From the Data Sources

1. Open the Qlik Analytics Service
2. Select  Catalog 
3. Pick your Space 
4. Click Space Details then
5. Select Data Files from the context menu
   
   
   
   
   
6. Locate the data you wish to delete
7. Click the ellipses to open the next menu
8. Click Delete
   
   
   
   
   
9. Alternatively, add /data at the end of the URL.

Method 2: From the Data Load Editor

1. Open the App with a connection to the data files you wish to edit
2. Go to Data Load Editor
3. On the Right Side of the Data Load Editor under add data section select your data space.
4. Click on the table icon under datafiles.
   
   
    
5. select the Delete option on the right side of each file that you want to delete.
   
   

Environment

• Qlik Sense Business 
• Qlik Cloud 

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

After upgrading to Remote Engine 2.13.13, when enabling the option to execute a job from Studio on a remote engine, the process fails due to SSL and PKCS-related errors.

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Resolution

SSL Configuration for Talend Studio to Connect with Remote Engine

1. Retain the Keystore and Truststore Passwords Generated During Installation

   During the installation of Talend Remote Engine, SSL credentials are automatically generated. To retrieve the keystore password, execute the following command:

   cat /opt/TalendRemoteEngine/bin/sysenv

   and locate the line

   TMC_ENGINE_JOB_SERVER_SSL_KEY_STORE_PASSWORD=<PASSWORD>

2. Required Keystore and Truststore Files

   The following files are necessary for secure communication between Talend Studio and the Remote Engine:

   /opt/TalendRemoteEngine/etc/keystores/jobserver-client-keystore.p12
   /opt/TalendRemoteEngine/etc/keystores/jobserver-client-truststore.p12 (Truststore file added with RE 2.13.13)

   Transfer these files to your Talend Studio workstation and store them in a dedicated folder.

3. Configure Talend Studio to Use SSL

   Edit the Studio startup configuration file, depending on your operating system:

   • For Linux (x86_64): studio/Talend-Studio-linux-gtk-x86_64.ini
   • For ARM architecture: studio/Talend-Studio-gtk-aarch64.ini  
   • For Windows: Talend-Studio-win-x86_64.ini
4. Add the following JVM options to the configuration file, and adjust the file paths and password values accordingly:

       -Dorg.talend.remote.client.ssl.force=true
       -Dorg.talend.remote.client.ssl.keyStore=path_to_keystore/jobserver-client-keystore.p12
       -Dorg.talend.remote.client.ssl.keyStoreType=PKCS12
       -Dorg.talend.remote.client.ssl.keyStorePassword=<password_from_step_1>
       -Dorg.talend.remote.client.ssl.keyPassword=<password_from_step_1><
       -Dorg.talend.remote.client.ssl.trustStore=path_to_truststore/jobserver-client-truststore.p12
       -Dorg.talend.remote.client.ssl.trustStoreType=PKCS12
       -Dorg.talend.remote.client.ssl.trustStorePassword=<password_from_step_1>
       -Dorg.talend.remote.client.ssl.disablePeerTrust=false
       -Dorg.talend.remote.client.ssl.enabled.protocols=TLSv1.2,TLSv1.3
      

Cause 

Talend Remote Engine enforces SSL communication by default, ensuring that all interactions with the engine are encrypted. If Studio does not have the appropriate certificates installed, it will be unable to establish a secure connection with the Remote Engine.

Environment

• Talend Studio 
• Talend Cloud 

When using Key Pair authentication and creating a new Snowflake connection, you might encounter the following error:

Illegal Argument

Resolution

The provided private key file (.p8) is not in the correct format, or the key file password is invalid. 

To get the actual error, install SnowSQL utility in the Linux machine where the Qlik Data Movement gateway is installed and try to connect to the same account:

snowsql -a <account> -u <username> --private-key-path <path to file/rsa_key.p8>

This will provide the exact error on why the connectivity is failing and assist in identifying which root cause applies.

Cause

Environment

• Qlik Talend Cloud

At Qlik Connect 2026 I hosted a session called "Fast 15" with my top 10 visualization tips. Here's the app I used with all tips including test data.

Tip titles, more details in app:

• Product Catalogue
  How to make a product catalogue. Here's a variant with the new Pivot table using inline SVG images. The product images have been converted to Base64 and inlined within the inline SVG. The text is just positioned on top of the image.
• Table waterfall with subtotal and partial sum
  How to make table waterfall with add bars, and bars for subtotal and retro sum. Spreadsheet for layout, rangesum() and above() for offset and bar, master measures and SVG for waterfall.
• Switches revisited
  How to make a switch. Create a variable vSwitch set value to 0 Use the button, to toggle the variable, use action "set variable"
• Button examples
  How to style a button. Examples of button styles.
• Map with 3d bars
  How make 3d bar map point layer. Use a simple SVG with two rects: the bar and the shadow in Data URI with inline SVG. Added a top and base triangle for a little extra 3d effect.
• Rank box chart
  How to make a rank box chart. Use unicode boxes and repeat().
• Filter pane examples
  How to place a filter pane. Example of top panel, side panel and drawer style.
• Half Gauge
  How to make a multi half gauge. Use the map and two line layers.
• Pie chart value and percentage in the same label
  How to customize pie chart labels. Use dual() and number format measure expression.
• Line chart symbols
  How to add symbols in the line chart. Use dual and unicode symbols.
• Control chart with combo chart
  How to make a control chart with dynamic bounds. Use combo and measures for center, upper and lower bounds
• Formatting x-axis and keep field
  How to format the x-axis. Use dual and aggr.

I want to emphasize that many of the tips were discovered by others than me, I tried to credit the original author at all places when possible.

If you liked it, here's more in the same style:

• 24 days of visualization Season III, II, I
• Top 10 Tips Part X, IX, VIII, VII, VI, V, IV, III, II , I 
• Let's make new charts with Qlik Sense
• FT Visual Vocabulary Qlik Sense version
• Similar but for Qlik GeoAnalytics : Part III,  II, I

Thanks,
Patric