After a recent scan by SecOps team, the same vulnerable files that were previously flagged have reemerged within the system. The vulnerability is rated as critical:

CVE-2020-9493 – Apache Log4j v1.2.17.0
Reference: NVD - CVE-2020-9493

The affected files have been identified in the following locations:

<Studio_Home>/addons/scripts/lucene_migration_tool/lib/lucene-4-8.0.0.jar
<Studio_Home>/addons/scripts/lucene_migration_tool/lib/lucene-8-8.0.0.jar

Cause

This issue arises solely when Talend Studio is installed via the Talend Installer, resulting in the creation of the 'lucene_migration_tool' folder, which contains lucene-4-8.0.0.jar and lucene-8-8.0.0.jar. These Jar files utilize Apache Log4j version 1.2.17.0.

Resolution

Please manually delete the 'lucene_migration_tool' folder from the directory located at '<Studio_Home>/addons/scripts/'. This migration tool is only useful when creating an index from a version lower than Talend Studio 7.2. For further details, please read this documentation page.

Kindly know that the 'lucene_migration_tool' folder will not be created in the new version of Talend Installer.

Internal Investigation ID(s)

SUPPORT-3978

TINSTL-238

Environment

• Talend Studio

This Techspert Talks session covers:

- What to plan for
- Migration Pathways
- Cloud Best Practices

Chapters:

• 01:20 - Cloud Tenant Locations
• 01:47 - Qlik Cloud Architecture
• 03:08 - Planning the migration
• 03:50 - Migration Journey
• 05:13 - Licensing Guardrails
• 06:39 - Migrating users, groups, and permissions
• 11:11 - Migrating apps
• 14:44 - Migrating the data connections
• 21:07 - Completed Migration
• 21:35 - 5 Key Take Aways
• 22:48 - Q&A: How to license sync with hybrid?
• 23:59 - Q&A: Best practices for 1 app migration?
• 24:47 - Q&A: What's included with license cost?
• 26:03 - Q&A: How to customize the UI?
• 26:45 - Q&A: How safe is the data in Cloud?
• 27:37 - Q&A: What are common stumbling blocks?
• 28:41 - Q&A: How are reload monitored?
• 29:28 - Q&A: What is the data size cap?
• 30:15 - Q&A: What cannot be migrated?

Resources:

• Qlik Cloud Best Practices
• Troubleshooting Qlik Data Gateway Direct Access
• Qlik Cloud Migration Center
• Qlik Professional Services
• Space-aware data source syntax examples
• Trust and Security at Qlik
• The Reload Analyzer for Qlik Cloud Customers
• Qlik Licensing Service Reference Guide
• Migrating NPrinting to Qlik Cloud Reporting

Sometimes, you may encounter situations where utilizing a single user for multiple accounts becomes necessary. For instance, suppose you possess two Stitch accounts—one designated for staging and another for production purposes. If you wish to employ the same user for both accounts, you can leverage the ‘+’ functionality if your email provider supports it.

If the email address 'stitch@stitchdata.com' is used for creating the first Stitch account designated for staging, you may use ‘+’ to add this team member in the second Stitch account intended for production, as follows: 'stitch+prod@stitchdata.com'.

You are advised to invite the users to the new account and subsequently deactivate the old one. To accomplish this, you may follow the procedure detailed below. Given that an email address can only be associated with a single Stitch account, try this workaround to use the same email address for multiple accounts.

If you prefer utilizing an un-aliased email address for a specific account, and said email is already associated to a Stitch account, follow the procedure detailed below to modify the account with the un-aliased email. This will subsequently enable the sending of an invitation to the un-aliased email address.

For illustrative purposes, we will employ the email address stitch@stitchdata.com in this example.

1. Sign into the Stitch account using the un-aliased email. In this example, we’d sign into the account associated with the stitch@stitchdata.com email address.
2. Click User menu (your icon) > Manage Account Settings.
3. Click the Your Profile tab.
4. Update the email address to something along the lines of name+deactivated@domain.com. In this example, we’ll update the email address to stitch+deactivated@stitchdata.com.
5. Click Update Profile.

Environment

• Qlik Stitch

When running extractions in Shopify that involve requesting a large quantity of data, encountered a ServerError.

This is notably seen during initial/historical data extractions.

Cause

Too much data is being requested from Shopify and it creates a Sever Error because Shopify is unable to process the large amount of data via their API.

Resolution

When this error arises, Stitch Subject Matter Experts have the capability to adjust a tuning parameter labeled "Results Per Page". If you encounter this error, it is advisable to consult with a Stitch Subject Matter Expert to establish an appropriate value for this parameter and thereby resolve the issue.

Environment

• Qlik Stitch

When attempting to execute a Data Integration (DI) Job, encountered the following error messages:

Execution failed :Cannot invoke "java.util.jar.Manifest.getMainAttributes()" because "manifest" is null

The detailed log can be found from workspace\.metadata\.log:

!MESSAGE 2025-05-06 19:18:06,261 ERROR org.talend.commons.exception.CommonExceptionHandler  - Cannot invoke "java.util.jar.Manifest.getMainAttributes()" because "manifest" is null

!STACK 0
java.lang.NullPointerException: Cannot invoke "java.util.jar.Manifest.getMainAttributes()" because "manifest" is null
    at org.talend.designer.runprocess.java.JavaProcessor.compareSapjco3Version(JavaProcessor.java:1803)
    at org.talend.designer.runprocess.java.JavaProcessor.appendLibPath(JavaProcessor.java:1653)
    at org.talend.designer.runprocess.java.JavaProcessor.getNeededModulesJarStr(JavaProcessor.java:1599)
    at org.talend.designer.runprocess.java.JavaProcessor.getLibsClasspath(JavaProcessor.java:1343)
    at org.talend.designer.runprocess.java.JavaProcessor.getCommandLine(JavaProcessor.java:1243)
    at org.talend.designer.core.runprocess.Processor.getCommandLine(Processor.java:304)
    at org.talend.designer.core.runprocess.Processor.getCommandLine(Processor.java:294)

Cause

The error signifies that the JAR file utilized in Job lacks the necessary manifest meta-information, specifically, the MANIFEST.MF file is absent from the JAR.

Resolution

Navigate to the <Studio_installation_Home>\configuration\.m2 folder, locate the JAR file (specifically 'sapjco3.jar' in this instance), and unzip it to confirm the presence of the MANIFEST.MF file. If the MANIFEST.MF file is absent, it indicates an issue with the JAR file. Proceed to delete the directory containing this JAR file and reinstall the right JAR file within Talend Studio, for more further details, please refer to Installing external modules to Talend Studio.

Environment

• Talend Data Integration 

After upgrading to Talend Studio R2025-03, an ESB Job incorporating the tRestRequest component fails to start. During the deployment and start process, the following error was observed:

java.lang.ClassNotFoundException: jak

Cause

The issue arose due to the Talend Runtime (ESB) environment continuing to operate with an old version, specifically R2024-05, which lacks full compatibility with the newer Talend Studio R2025-03. The missing class (jak) indicates a discrepancy in the runtime libraries between Talend Studio and Talend Runtime container.

Resolution

Upgrade Talend Runtime (ESB) to version R2025-03, aligning it with Talend Studio version currently in use.

Environment

• Talend Data Integration 8.0.1

When transitioning from password-based authentication to key pair authentication for Snowflake, you may encounter issues during the configuration of import models, especially when using encrypted private key files generated with OpenSSL v3. A common error observed during connection attempts is:

Fatal: MITI.MIRException: Connection to the database with URL 'jdbc❄️//.snowflakecomputing.com' failed: JWT token is invalid.

java.security.NoSuchAlgorithmException: 1.2.840.113549.1.5.13 SecretKeyFactory not available

java.security.InvalidKeyException: IOException : DER input, Integer tag error

The Java process fails to complete due to an invalid JWT token, commonly associated with unsupported key formats or missing runtime parameters.

Cause

The error typically occurs due to one or more of the following factors:

• The JDBC driver does not natively support OpenSSL v3-encrypted private keys without enabling BouncyCastle.
• Required parameters (User, Password, Private key file) are not correctly configured in the import model settings.
• Miscellaneous Java options required to support the key format were not passed to the process.

Resolution 

When using an unencrypted private key file:

User: Set to the Snowflake username.

Password: Enter the password

Private Key File: Provide the path to the unencrypted .pem file.

Miscellaneous Parameters: No additional Java options are required.

When using an encrypted private key file (e.g., OpenSSL v3-generated):

User: Set to the Snowflake username.

Password: Enter the passphrase used to encrypt the private key.

Private Key File: Provide the full path to the encrypted .pem file.

Miscellaneous Parameters: You must enable BouncyCastle support for decryption:

-Dnet.snowflake.jdbc.enableBouncyCastle=true

For further details, please refer to the official Snowflake documentation: Snowflake Key-Pair Authentication Guide.

Related Content

Qlik Talend Product: How to set up Key Pair Authentication for Snowflake in Talend Studio

Environment

• Talend Data Integration 8.0.1

This Techspert Talks session will address:

• Understanding the schemas
• Demonstration of the migration process
• Best practices and tips for a smooth transition

Chapters:

• 01:05 - How to learn about Qlik Talend Cloud
• 01:52 - Why migrate to Qlik Talend Cloud
• 02:42 - Feature difference highlights
• 03:08 - Using the Migration Inventory Tool
• 06:58 - First look at Qlik Talend Cloud Data Integration
• 07:33 - Creating the first Project and Space
• 08:21 - Creating the Klaviyo Source connection
• 09:54 - Creating the Target connection
• 10:52 - Choosing the task settings
• 12:59 - Viewing Pipeline tasks in action
• 13:55 - Target table differences
• 15:19 - Creating the my SQL source
• 19:24 - Q&A: Will QTC features be added to Stitch?
• 20:04 - Q&A: What is the QTC warehouse architecture?
• 21:45 - Q&A: How to build incremental loads?
• 22:28 - Q&A: Can QTC load data from Marketo?
• 23:37 - Q&A: Why are the schemas different?
• 24:26 - Q&A: Where is the list of data sources?
• 25:23 - Q&A: Where can I get a test account to try it?

Resources:

• About Qlik Talend Cloud subscriptions
• Technical feature comparison
• Performing an inventory analysis
• Qlik Ideation
• Schema Differences in data loading

After deploying and subsequently undeploying a route, even when the route is undeployed, it causes issues for the deployment of subsequent routes. Attempts to deploy a different route are met with errors stating that unable to find the path of the existing undeployed route.

Resolution

The undeployed route left traces, ideally requiring the individual uninstallation of the KAR file(s).

1. Stop Talend Runtime. 
2. Stop Remote Engine.
3. Start Talend Runtime and allow it approximately five minutes to ensure it is fully prepared to receive JMX requests from Remote Engine.
4. In Talend Runtime, perform a 'kar:list' command and verify that no entries are displayed. For each specified output, you must execute the 'kar:uninstall' command.
5. Start Remote Engine.

Environment

• Talend Cloud 8.0.1

When publishing a DI Job to TMC, if the artifact has been migrated and was previously an OSGI bundle, TMC may display the artifact in question as a "Data Service". However, when viewing the Job in question, there may be no “Job Type” selection in the “Job/Deployment” tab; and all commands were left in DI mode, if using CICD.

[INFO] RelativePath: process
[INFO] StartingDir: /var/lib/jenkins/workspace/<Repo Name>/<project name>/process
[INFO] DefaultContext: QA
[INFO] JobType: data_service
[INFO] Git author: , Id: , Date: null, Project: BBW_OSGI, Branch: null
[INFO] Artifact id: <artifact name>
[INFO] Artifact groupId:
[INFO] The latest published version is: null
[INFO] Publish version: 0.1.0
[INFO] Environment: rpooyadev-env1; workspace: testing-tasks; owner: rpooya
[INFO] Publishing process: /var/lib/jenkins/workspace/<Repo Name>/<project name>/poms/jobs/process/<iten name>/target/<artifact name>.zip
[INFO] UpdateFlow: false

Cause

This has been confirmed to be due to a change that automatically detects the "Build Type" (when an ESB component, such as RESTClient, is present) rather than requiring it to be selected for a DI Standalone Job.

Regarding the items in question, they may have been saved or exported during a time when an ESB component was included, which would explain the presence of the line "<additionalProperties xmi:id="_AVcasO-mEe-T64JJ_U4MkQ" key="BUILD_TYPE" value="OSGI"/>" in the ".properties" file.

Resolution

Internal Investigation ID(s)

Support-2172

Environment

• Talend Data Integration 8.0.1

The following are the methods to set encodings in TMC and Talend Remote Engine.

1. Job execution logs in Talend Remote Engine

To specify the encoding for the Job execution logs, kindly configure a run profile in TMC and set the encoding as a JVM argument:
For UTF8
-Dfile.encoding=UTF8 

For Shift-JIS
-Dfile.encoding=Shift-JIS

2. Remote Engine logs in Talend Remote Engine

To specify the encoding for the Remote Engine logs, kindly configure it within the <RemoteEngineInstallationDirectory>/etc/Talend-Remote-Engine-wrapper.conf file.
For UTF8
wrapper.java.additional.xx=-Dfile.encoding=UTF8 

For Shift-JIS
wrapper.java.additional.xx=-Dfile.encoding=Shift-JIS

3. Information in the "Logs" tab of "Run Overview" section in TMC

To ensure that the TMC logs do not contain garbled characters, kindly configure an identical encoding for both the Job execution logs and the Remote Engine logs. (Please ensure both 1. and 2. are completed.)

4. Information in the "Metrics" tab of "Run overview" section in TMC

The encoding for the metrics tab was specifically designed to work with UTF-8 encoding.
If you are experiencing a problem with garbled Japanese custom component names in Job component metrics, kindly upgrade to Talend Remote Engine version 2.13.7. This is mentioned here: Talend Remote Engine v2.13.7.

Environment

• Talend Cloud 

Trying to connect SQL server with Azure MFA Authentication, It works fine using metadata connection. However, when the metadata connection is added to a Job, the Job fails with below error:

Failed to load MSAL4J Java library for performing ActiveDirectoryInteractive authentication.
com.microsoft.sqlserver.jdbc.SQLServerException: Failed to load MSAL4J Java library for performing ActiveDirectoryInteractive authentication.

Upon checking the modules view in Talend Studio, the MSAL4J jar is already installed.

Resolution

In the Advanced settings of the tDBConnection for the SQL Server connection, enable the option labeled "Authenticate using Azure Active Directory", and subsequently attempt to run the Job once more. Upon enabling this option, the msal4j jar will be automatically packaged during the Job build process.

Environment

• Talend Data Integration 8.0.1

TAC task failed to start randomly, with the following error displayed as follows:

Job start failed because of parallel clean jobId = 20250318 155947 gfsl3or deplovment.comons.exception.clientserverException: org.talend.remote.commons,exception,clientserverException: job start failed because of paralrq.talend.remotecleanupdeployment jobId = 20250318 155947

Cause

The value assigned to the 'org.talend.remote.jobserver.commons.config.JobServerConfiguration.MAXOLDEXECUTIONS_LOGS' parameter in the TalendJobServer.properties file was set too low, specifically at 30.

Resolution

Adjust the value of 'org.talend.remote.jobserver.commons.config.JobServerConfiguration.MAXOLDEXECUTIONS_LOGS' parameter to a default setting of 1000 or a higher number in the TalendJobServer.properties file. For example:

org.talend.remote.jobserver.commons.config.JobServerConfiguration.MAXOLDEXECUTIONS_LOGS=1000

Environment

• Talend Administration Center 8.0.1

In certain use cases, it may be necessary to use an IP address/path with the following root IP address, 169.254.169.254, with a custom connection or other variables attached to a task in TMC. However, if you attempt to save the task for deployment/running while using this IP address, TMC may display an error message stating "Unable to Save Task Configuration".

Cause

The IP Address in question, 169.254.169.254, is a custom instance metadata IP address used across different Cloud Service Providers, such as AWS or Azure, which Qlik/Talend Cloud is hosted on. In many cases, these Cloud Service Providers utilize that IP address to retrieve information about Virtual Machines, such as configuration details and network settings. Consequently, the Cloud Service Providers will automatically block any application (such as TMC) from using that entry on the backend.

In terms of TMC, if the aforementioned IP address is used, TMC will attempt to save that entry on the backend. Nevertheless, since AWS/Azure has blacklisted that IP address, it will block the task from saving the entry on the backend. This will cause TMC to resend the request, displaying the message "Unable to Save Task Configuration".

Resolution

If the IP address in question is intended for use in a content, resource, or connection, there are a couple of suggested solutions.

• Use a DNS name that can either be resolved internally (such as DNS on the specific VLAN/internal network) or add the DNS name as an entry in the /etc/hosts file on the instance where the Remote Engine resides.
• Modify the Job to enable base64 encryption/decryption of the value, so it cannot be detected by the Cloud Service Provider.
• Split and concatenate the URL to ensure that the value is not directly provided by TMC to the Cloud Service Provider.

If, after testing and validating the aforementioned solutions, the issue persists with creating, saving, or modifying tasks, kindly contact Qlik Support.

Internal Investigation ID(s)

SUPPORT-1875

Environment

• Talend Data Integration 8.0.1

When attempting to create a datasource that enables routes/services to access an Azure-based SQL Server with AD Authentication, the datasource may fail to connect. Despite providing the necessary ms__auth.dll to Runtime (either through the service or etc folder) and windows, the tesb log may still display the following error message:

"Failed": "com.microsoft.sqlserver.jdbc.SQLServerException:Failed to load MSAL4J Java library for performing ActiveDirectoryPassword authentication.

Cause

In many cases, the reason for this error is due to Runtime not having the specific library installed within it. Although they are very similar, Azure-based SQL Instances do require specific dependencies that may not be found with the regular Microsoft SQL JDBC drivers. This may affect those users who have a Runtime instance at or newer than the R2024-06 Patch.

Resolution

To address this issue, please follow these steps:

1. Remove any SQL JDBC jars that may have been copied to the <Runtime>/lib folder.
2. Use the karaf client (<Runtime>/bin/client.sh) to run "feature:install azure-msal4j" to install the bundle and library into Runtime.
3. Redeploy any affected routes/services, and verify that both the datasource and the task run as expected.

If the datasource or task is still encountering connection issues, kindly contact Qlik Support.

Environment

• Talend Cloud 8.0.1

The tFtpGet component is unable to filter and download the necessary file according to the designated filemask. In the FTP UI tool, the file is listed and displayed with uppercase characters. However, when using the same uppercase-based filemask to filter the file, no file is downloaded.

Cause

The file was saved in lowercase, but it appears in uppercase when viewed through the FTP client UI. This inconsistency between the saved filename and its displayed version in the UI indicates a case-mismatch issue in the FTP system.

Resolution

To resolve this issue, adjust the character case in the Filemask settings. Alternatively, enable the "Use Perl5 Regex Expression as Filemask" option to create a new filter that disregards case sensitivity. (This can be achieved by using "/i" in the Perl5 Regex Expression, which enables case-insensitive pattern matching, allowing "A" to match "a".)

Related Content

tFTPGet Standard properties

Perl Regular-Expressions

Environment

• Talend Data Integration 8.0.1

Your jobs maybe failing in 30s with an error below from Talend Management Console.

org.talend.remote.commons.exception.ClientServerException: TimeOutInterruptor has interrupted the socket stream, timeout has been reached
org.talend.remote.commons.exception.ClientServerException: org.talend.remote.commons.exception.ClientServerException: TimeOutInterruptor has interrupted the socket stream, timeout has been reached

All jobs can be impacted by that and happen at any time.

Resolution

As this issue is caused by timeout issue during file transferring in Qlik Talend Remote Engine, it can be resolved by excluding the Remote Engine folder from Antivirus Scanning or Firewall. Please double check your Antivirus Software and Windows defender.

Or if above solution does not help, please try to increase the timeout value by following below steps:

1. Go into the folder <RE_FOLDER>\system\org\talend\jobserver\org.talend.remote.jobserver.client\8.0.x.yyyymmdd_xxxx_patch

   cd <RE_FOLDER>\system\org\talend\jobserver\org.talend.remote.jobserver.client\8.0.x.yyyymmdd_xxxx_patch

2. Extract the file job_server_client.properties from the jar file
   

   jar xvf org.talend.remote.jobserver.client-8.0.2.20240904_0703_patch.jar job_server_client.properties
   inflated: job_server_client.properties

3. Edit the file job_server_client.properties and change the value of JobServerClient.conf.timeout

   JobServerClient.conf.timeout=300000 -→ increase this to the time desired in milliseconds.

4. Replace the file job_server_client.properties in the jar file by the one modified
   

   jar uf org.talend.remote.jobserver.client-8.0.2.20240904_0703_patch.jar 
   job_server_client.properties

5. Restart the Remote Engine Server to apply the change.
    

    

Cause

From Karaf logs, the issue occurs due to timeout issue during file transferring in Talend Remote Engine, where the default timeout is set to 30 seconds in the existing system.properties

The socket related errors in context of ClientServerException + TimeOutInterruptor indicate there is a networking related congestion that prevents opening socket connections, which could also hint to an exhaustion of the network.

Internal Investigation ID(s) 

Internal Jira ID: TMC-1915

Environment

Talend Cloud 

This article outlines the steps for CICD P2 zero install for pipeline using Maven and provides command examples.

1. Install the necessary jar files.  
   

   mvn org.talend.ci:builder-maven-plugin:8.0.19:install  -Dtalend.studio.p2.update= https://update.talend.com/Studio/8/updates/R2024-12 -Dlicense.path='/home/use1/cicd/license8    -s C:\app\apache-maven-3.9.0\conf\maven_settings.xml

2. Prepare poms for Job building.  
   

   mvn org.talend.ci:builder-maven-plugin:8.0.18:generateAllPoms  -Dtalend.studio.p2.update='https://update.talend.com/Studio/8/updates/R2024-12'   -Dfilter.include.dependencies=true  -Dgeneration.type=local -e -X -s /home/wguo/cicd/maven_settings.xml -Dcodes.compile.failOnError=false   -Dlicense.path='/home/use1/cicd/license8' -Dinstall.org.eclipse.equinox.p2.transport.ecf.retry=10  -Dstudio.error.on.component.missing=false

3. Build/Compile, package and publish project artifacts.
   

   mvn -X clean deploy -U -f /home/user1/ws/project1/poms/pom.xml -Dlicense.path='/home/use1/cicd/license8'  -Dtalend.studio.p2.update= https://update.talend.com/Studio/8/updates/R2024-12 -Dpackaging=zip -Dgeneration.type=local -Dinstall.org.eclipse.equinox.p2.transport.ecf.retry=10 -s /home/wguo/cicd/maven_settings.xml -DaltDeploymentRepository=dmt-releases::default:: http://s.ap.abc.net:8081/repository/dmt-releases/ -DaltSnapshotDeploymentRepository=dmt-snapshots::default:: http://s.ap.abc.net:8081/repository/dmt-snapshots/ -DaltReleaseDeploymentRepository=dmt-releases::default:: http://s.abc.net:8081/repository/dmt-releases/

For Windows-based CICD host machines, use the --define "xxx=yyy" option instead of -Dxxx=yyy to circumvent parameter passing failures.

Additionally, you can filter and specify which project items to generate in order to make the POM generation faster. For further details, please refer to Filtering project items | Talend Software Development Life Cycle Best Practices Guide Help.

Environment

• Talend Data Integration 8.0.1

After upgrading to v8-R2025-01/02, a Talend Job containing both tRest and tRestClient components encounters an error as shown below:

- javax.ws.rs.client cannot be resolved to a type
- The type javax.ws.rs.client.ClientBuilder cannot be resolved. It is indirectly referenced from required type org.glassfish.jersey.client.JerseyClientBuilder
- javax.ws.rs.client.WebTarget cannot be resolved to a type
- javax.ws.rs.core.Response cannot be resolved to a type
-  javax.ws.rs.client.Invocation cannot be resolved to a type
-  javax.ws.rs.WebApplicationException cannot be resolved to a type

Cause

When tRest and tRestClient components are used together within a Job, a conflict arises in the implementation of the Rest API.

Resolution 

To resolve this issue, a temporary workaround as shown below is to use tLibraryLoad to load external jar files in the beginning of Job:
tPrejob --onComponentOK-> tLibrary (javax.ws.rs-api-2.1.jar) --onComponentOK-> tLibrary (javax.annotation-api-1.3.2.jar)

Note: If the aforementioned workaround proves effective, kindly remember to remove the tLibraryLoad components after installing the Studio v8-R2025-03 patch.

Alternatively, apply the Studio v8-R2025-03 patch.

Related Content

Qlik Talend Data Integration: tRest post failed because of size limitation (Transfer-Encoding: chunked) from API

Internal Investigation ID(s) 

QTDI-1208

QTDI-1300

Environment

• Talend Data Integration 8.0.1