Hi Team , 

   We are currently addressing security patch updates from few days for the Qlik Sense application to mitigate the Windows Remote Code Execution (RCE) vulnerability (authenticated) and have been advised to upgrade the application based on this link : https://community.qlik.com/t5/Official-Support-Articles/High-Security-fixes-for-Qlik-Sense-Enterpris.... At present, we are using Qlik Version 14.187.4 inside server, which was last updated in October 2024.

Could you kindly assist us on handling this issue and in obtaining the appropriate executable files for upgrading the patches. Additionally, I would appreciate your availability to schedule a call at the earliest convenience to ensure the upgrade is performed seamlessly.

Advised solution:

Customers are advised to refer to the vendor advisory 2496004 (https://community.qlik.com/t5/Official-Support-Articles/High-Security-fixes-for-Qlik-Sense-Enterpris...) for more information pertaining to these vulnerabilities. Workaround: A workaround is available to address the complications affecting extension and invalid visualization errors. This workaround can be applied before or after the upgrade.
Stop the Qlik Sense Repository service
Open the file C:\Program Files\Qlik\Sense\Repository\Repository.exe.config

add key="VisualizationExtensionsExtractFilter" value="md|css|js|json|pdf|png|qext|txt|html|htm|gif|jpg|jpeg|wbl|otf|ttf|woff|woff2|eot|svg|bmp|mp3|jp2"

Save the file

Restart the following services:

Qlik Sense Repository Service
Qlik Sense Printing Service
Qlik Sense Scheduler Service
Qlik Sense Engine Service
Qlik Sense Proxy Service

Patch:
Following are links for downloading patches to fix the vulnerabilities:
2496004 (https://community.qlik.com/t5/Official-Support-Articles/High-Security-fixes-for-Qlik-Sense-Enterpris...)

Regards 

Rajdeepak