When running a job in Talend Studio or from JobServer/Remote Engine with a tS3List component, the value of the CURRENT_OWNER for tS3List will intermittently return null:

EX: tS3List_1_CURRENT_OWNER:null

Resolution

1. Review the following APIs that return the Owner.DisplayName attribute as part of the response and ensure that users completely remove all references:

   REST.GET.ACL	GetBucketAcl, GetObjectAcl
   REST.GET.BUCKE	ListObjects, ListObjectsV2
   REST.GET.BUCKETVERSION	ListObjectVersions
   REST.GET.LOGGING_STATUS	GetBucketLogging
   REST.GET.SERVICE	ListBuckets
   REST.GET.UPLOAD	ListParts
   REST.GET.UPLOADS	ListMultipartUploads

2. Update your applications to use canonical IDs instead of the Owner.DisplayName attribute.
3. Implement appropriate error handling for when the Owner.DisplayName attribute [2] is missing.
4. Test your applications when the Owner.DisplayName attribute is removed from the response.
5. Verify ownership using canonical IDs.
6. Review and update runbooks and applications that reference the Owner.DisplayName attribute.

Cause

For the ACL request returns null, there’s an end-of-support notice from the AWS API. End of support notice: Beginning November 21, 2025, Amazon S3 will stop returning DisplayName: 
GetObjectAcl-Amazon Simple Storage Service | docs.aws.amazon.com 

Internal Investigation ID(s) 

SUPPORT-6330

Environment

• Talend Studio 
• Talend Data Integration 

This article guides you through configuring the tRest component to connect to a RESTful service that requires an SSL client certificate issued by an NPE (Non-Person Entity).

tRest does not have its own GUI for certificate management; instead, it primarily routes HTTP calls to the underlying Java HttpClient or CXF client. Therefore, the certificate setup must be completed at the Java keystore level before the component can run. 

Here's how to set it up:

1. Convert your certificate to a Java keystore 

If you have your certificate in .pfx or .p12 format: 

keytool -importkeystore \
-srckeystore mycert.p12 \
-srcstoretype PKCS12 \
-destkeystore mykeystore.jks \
-deststoretype JKS

You will be asked to enter a password; make sure to remember it as you will need it in Step 2.

2. Tell Talend Job (Java) to use your cert

In Talend Studio, go to Run → Advanced settings for your job.

In the JVM Setting, select the 'Use specific JVM arguments' option, and add:

-Djavax.net.ssl.keyStore="C:/path/to/mykeystore.jks"
-Djavax.net.ssl.keyStorePassword=yourpassword
-Djavax.net.ssl.trustStore="C:/path/to/mytruststore.jks"
-Djavax.net.ssl.trustStorePassword=trustpassword

The truststore contains the Certificate Authority (CA) that issued the server’s certificate. If you don’t have one, you can generate it by using keytool -import from their public certificate.

3. Use tRest normally

Now, when tRest makes the HTTPS request, Java’s SSL layer will automatically present your client certificate and validate the server cert.

Environment

• Talend Data Integration 

Usually, to generate a key file for key-pair authentication to the snowflake, it needs to use key pair authentication and key pair rotation.

For more information, please refer to documentation about: key-pair-auth | docs.snowflake.com

How to create a key file for Qlik Talend Data Catalog that use for key-pair authentication to the snowflake?

How To

Since Qlik Talend Data Catalog only support PKCS#8 version 1 encryption with PBE-SHA1-3DES (-v1 option) for the moment, please use a sample command below to generate the keystore file via OpenSSL:

openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -v1 PBE-SHA1-3DES -out rsa_key.p8

Internal Investigation ID(s)

TALMM-6182

Environment

#Talend Data Catalog

A Job design is shown below, using a tSetKeystore component to set the keystore file in the preJob, followed by using a tMysqlConnection to establish a MYSQL connection. However, MYSQL fails to connect. 

Nevertheless, by changing the order of the components as demonstrated below, the MYSQL connection is successful.

Resolution

To address this issue, you can choose from the following solutions without altering the order of the tSetKeyStore and tMysqlConnection components.

Disable useSSL parameter

Isolate the MYSQL connection in a separate child Job

To isolate the MYSQL connection, create a separate subJob. Use a tRunJob to execute the subJob and ensure the 'Use an independent process to run subJob' option is checked. The Job design is outlined below. 

Cause

tSetKeyStore sets values for javax.net.ssl properties, thereby affecting the subsequent components. Most recent MySQL versions use SSL connections by default. Since the Java SSL environment has been modified, the MySQL JDBC driver inherits these changes from tSetKeyStore, which can potentially impact the connection.

Environment

• Talend Data Integration 

Question

In Qlik Talend Studio, generally we use connection components to re-use the connection in job design. You may encounter some confusion about when using talend specific DB connectors, such as tsnowflakeconnection, tMySqlConnection and when using the generic tJDBCConnection component in a job?

It depends on your job requirements and use cases.

DB Native Components

For the generic JDBC component, you need to select the database type and its corresponding JDBC driver. It will serve as an entry point for the following databases tdbconnection | Qlik Talend Help and it is recommended to use DB native drivers to avoid unnecessary translation of JDBC to DB Specific calls.

NativeDBConnectionComponent

tJDBCConnection

For some use case, for example, if you need to check “Use or register a shared db connection”, since the tSnowflakeConnection component doesn't have a shared connection option, so you can't pass a connection from father to child job with a shared connection. 

For more information about this feature, please refer to Qlik Help Site below:

sharing-database-connection | Qlik Help

tSnowflakeConnection component can use a shared connection as of Talend Studio R2025-04.

The jobs will be much more portable if you combine this with context variables for jdbc connections and configuration instead of relaying on specific database components. The tjdbcconnection component gets more options like the generic shared connection one, bulk load processing and it is a specific version of a dynamic database connector which uses JDBC URL to create the database connection. 

tJDBCConnection

Related Content

Qlik Community: Qlik Talend Product Q and A: Is it possible to recycle/reuse a tDBSnowflakeConnection Component in a Subjob or Joblet?

Environment

Talend Studio 
Talend Data Integration 

It is getting Java Error Response from JSON results back when using tWriteJSONField to POST data from postman in Talend 8, JDK 11.

superclass access check failed: class nu.xom.JDK15XML1_0Parser (in unnamed module @xxxxx) cannot access class com.sun.org.apache.xerces.internal.parsers.SAXParser (in module java.xml) because module java.xml does not export com.sun.org.apache.xerces.internal.parsers to unnamed module @xxxxx

Resolution

Talend Studio

Go to Studio ->Project setting -> Build-> Java version-> Module access Settings-> Custom

GLOBAL=java.xml/com.sun.org.apache.xerces.internal.parsers, java.xml/com.sun.org.apache.xerces.internal.util 

GlobalModelAccessSettings

Talend Remote Engine

When Job was built by jdk 8/11, which also need neccessary configurations to let Talend Remote Engine support jdk 8/11.
In the <RE_installation>/etc/system.properties file, set the org.talend.execution.JAVA_*_PATH properties with the paths to your Java installations.

The following configuration is a feature introduced since R2025-03 for old task execution compatibility.

org.talend.execution.JAVA_8_PATH=/path/to/java8/bin
org.talend.execution.JAVA_11_PATH=/path/to/java11/bin
org.talend.execution.JAVA_17_PATH=/path/to/java17/bin

In the meanwhile, please consider jobs migration to jdk 17 , since jdk 17 would be the only support jdk version in next few years.

Cause 

It is a compilation error and task execution compatibility issue.

Related Content 

specify-another-jvm-to-launch-studio | Qlik Talend Help

configure-java-versions-for-job-execution-or-microservice-execution | Qlik Talend Help

Environment

• Talend Studio 
• Talend Cloud 

Question

In Talend Studio R2025-08, the "Returned content" dropdown of the tHttpClient component does not display the "Download file only" option. However, as per the Qlik Talend documentation, this option should be available (alongside Body, Headers and body, Status, headers and body) and is used in conjunction with "Download attachments" to download only the response file without returning the payload to the main flow.

Answer

This option has been added to the tHTTPClient component since Qlik Talend Studio R2025-09, allowing users to download HTTP response bodies directly as files or to cache without building records in the main flow, which helps optimize resource usage for large downloads. 

You can find more details in the release notes of R2025-09 | Qlik Talend Documentation.

It encounters a loading error when using BigQuery as the destination:

Resolution

Database integrations:

• If your source supports views, create a view and cast the FLOAT64 column to a supported type (for example:  INTEGER or TIMESTAMP).
• If not, adjust the source schema so the column is not FLOAT64.

SaaS integrations:

• If applicable, configure the source to output a compatible type for partitioning.

Partitioning is not required by Stitch to load data into BigQuery. This can be disabled in your destination, but comes with data integrity risks. Reference apply-table-partitioning-clustering(Qlik Stitch Documenation).

As a good rule of thumb, check for null or empty primary key fields in your source tables, as these can cause other loading issues.

Cause

This error occurs because BigQuery does not allow partitioning on FLOAT64 columns.

Partitioned tables in BigQuery can only use:

• Ingestion time
• DATE, TIMESTAMP, or DATETIME columns
• Integer range columns

BigQuery documentation explicitly states:
“PARTITION BY expressions cannot include floating point types.”

Related Content

• Introduction to partitioned tables | docs.cloud.google.com
• Data Types | docs.cloud.google.com

Environment

Stitch 

When Stitch replicates data from SaaS sources, it must operate within the API rate limits defined by each vendor. These limits determine how many API requests can be made within a specific time period to prevent server overload. Exceeding them typically results in rate limit errors (most often HTTP 429 responses), which can temporarily interrupt data replication.

This article outlines common API rate limit errors observed in Stitch integrations and provides best practices to help you minimize and handle these limits for reliable data replication.

Known API Rate Limit Errors

The exact error message for exceeding API rate limits varies across platforms, but all indicate the same underlying cause — too many API requests made within a defined time window.

Refer to the table below for examples of rate limit errors observed in popular Stitch SaaS integrations | Stitch Documentation:

Stitch recommendations & solutions for rate limit errors

• Reduce replication frequency of an integration if extractions frequently exceed the API’s rate limit.

• Stagger replication frequency schedules for multiple integrations that connect to the same source account to reduce the number of concurrent calls.

• Use the key-based incremental replication method | Stitch Documentation where available:
  
  Full Table Replication: Extracts all data from the Start Date indicated in the integration settings during every extraction. This usually requires many API calls as most integrations use pagination to retrieve data.
  Incremental Replication: Only fetches new or changed records since the last successful sync, based on a bookmark value. 
  Incremental replication can reduce API call volume by extracting less data, thereby reducing the number of API calls that would need to be made.

• Monitor extraction logs in Stitch for frequent 429 errors.

• Contact the API provider to request increased rate limits where applicable.

• Contact Qlik Support if needed.

Environment

• Stitch 

You may encounter an error when attempting to send emails from Qlik Talend Runtime version v8.0.1.R2025-02-RT, specifically within OSGi Data Services. While email notifications work correctly when triggered from Talend Studio, they fail in the Runtime Environment, resulting in the following error:

java.lang.IllegalStateException: No provider of jakarta.mail.util.StreamProvider was found

Resolution

It has been resolved in the R2025-06-RT runtime patch.
To fix this, please upgrade Runtime to v8.0.1. R2025-06-RT or the latest available patch version, and re-deploy your route. 

Cause

It is a known issue in tSendMail component for Talend Runtime v8.0.1.R2025-02-RT environment and has already been reported to our R&D team.

Internal Investigation ID(s) 

Internal Jira case ID: SUPPORT-3698

Environment

• Talend Studio 
• Talend ESB 

You may be experiencing a critical problem where some Talend jobs open without any components in the Designer View. The jobs appear empty in Studio even after:

• In the workspace confirmed the .item, .screenshot, and .properties files exist for the job. 
• Deleting the workspace to reload the jobs from Git.

This article briefly introduces how to fix Corruption in a Git Repository for Qlik Talend Projects

How To

Rolling Back to an Earlier Commit

This behavior indicates that the corruption exists in the Git repository itself. The most effective way to restore a corrupted Git project is to roll back to a previous version of the Git branch where the jobs were intact.

Steps

1. Review the Git commit history of the affected project.
2. Identify a commit where the projects were complete and not corrupted.
3. Restore the repository to that commit to recover the project files.

Related Content

References for Git Rollback

How can I rollback a Git repository to a specific commit?| stackoverflow.com

Revert a Git Repository to a Previous Commit | sentry.io

Environment

• Talend Studio 
• Talend Data Integration 

This article briefly introduces how to do transformation for Key Columns in Talend Cloud Data Integration

How To

1. Select the Replication Task, open the task and apply Global Transformation rules by clicking on "Add Transformation Rule" for the Replace Column value. Apply transformation for the key column.

   TransformationRule

2. Add a rule in the expression builder.

   RuleExpressionBuilder

3. Rule gets added for the Primary key column because the PK is defined in the Source.

   Expression

4. Suppose if applying same rule for another table where PK is not defined.And you explicitly define PK in the UI, you can notice that Rule has not been applied to the Primary key Column because the Global Rules will look in the source if the PK is defined or not, if defined it will add the rule for the corresponding PK Column.

   Expression2

5. To add the rule for the column, you need to go to expression builder at the table level and add the condition.

   Condition

6. Now you can see the Rule been added to the PK column which explicitly defined.

   Expression3

Environment

• Qlik Replicate 
• Talend Cloud 

Your Shopify integration encounters the following extraction error:

HTTPError GraphQL request failed for stream 'order_refunds' with status 504 and X-Request-ID '...', Reason: Gateway Timeout - upstream request timeout.

Resolution

If this issue is recurring and disrupting your workflow, please contact Qlik Support. We also recommend reaching out to Shopify Support with the X-Request-ID included in the error message.

This dual approach is important because:

1. Qlik Support cannot discuss user-specific data with third-party services.
2. Shopify can provide detailed insight into the error, which may help R&D implement changes aligned with their best practices.

Cause

Shopify’s API is timing out due to the volume of data it needs to return in response to Stitch’s requests. This is most commonly observed with the orders and order_refunds streams, which tend to contain large amounts of data in many stores.

Environment

Stitch 

The goal of this article is to address the upcoming changes announced by Marketo regarding the deprecation of authentication via the access_token query parameter, which will no longer be supported after January 31, 2026. For further details, please refer to: Using an Access Token | Marketo Developer Guide.

Marketo specificities: "If your project uses a query parameter to pass the access token, it should be updated to use the Authorization header as soon as possible. New development should use the Authorization header exclusively".

The Stitch Marketo integration (V2) already handles authentication using access tokens, as outlined in Marketo’s documentation. Specifically, Stitch includes a Bearer token in the Authorization header of its API calls. This approach complies with Marketo’s authentication requirements, so no additional configuration is needed on your end.

For reference, please visit the integration's repository | github.com.

What Is the Hash of a Studio or TAC Patch?

When sharing a TAC (Talend Administration Center) or Studio patch with customers, some may request the hash value of the patch file.
This hash (Such as MD5, SHA-1, or SHA-256) is used to verify the integrity of the downloaded file, ensuring that the patch has not been corrupted or altered during transmission.

Purpose of the Hash

• Confirm the patch file is identical to the one provided by Qlik/Talend.
• Help customers validate the authenticity of the patch.
• Detect any tampering or incomplete downloads.

Where to Find the Hash

You can find the hash value of a patch (for instance, in the package provided by Qlik or from the build repository) as shown in the screenshot below:

It is the value of CheckSums

Environment

• Talend Data Integration 

Question

How can we retrieve artifact information from Talend update website? For instance, for artifact "accessors-smart-2.4.11.jar", we can use the following URL to query its information: https://search.maven.org/solrsearch/select?q=a:accessors-smart+AND+v:2.4.11&rows=1&wt=json

Does Talend also offer a similar feature for its artifacts?

Answer

Talend update website is built on Nexus and utilizes the Lucene search API, as demonstrated in the following example:

https://talend-update.talend.com/nexus/service/local/lucene/search?a=accessors-smart&v=2.4.11

For further details on the Lucene search API, please refer to: Nexus Indexer Lucene Plugin REST API | repository.sonatype.org

Environment

• Talend Data Integration 

Google Ads integration encounters the extraction error:

tap - CRITICAL (<_InactiveRpcError of RPC that terminated with:
tap - CRITICAL status = StatusCode.PERMISSION_DENIED
tap - CRITICAL details = "The caller does not have permission"
tap - CRITICAL debug_error_string = "UNKNOWN:Error received from peer ipv4:172.253.115.95:443 {grpc_message:"The caller does not have permission", grpc_status:7}"
tap - CRITICAL >
tap - CRITICAL errors {
tap - CRITICAL error_code {
tap - CRITICAL authorization_error: USER_PERMISSION_DENIED
tap - CRITICAL }
tap - CRITICAL message: "User doesn't have permission to access customer. Note: If you're accessing a client customer, the manager's customer id must be set in the 'login-customer-id' header. See https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid"
tap - CRITICAL }
tap - CRITICAL request_id: "xxxxxxxxxxxxxx"

Resolution

On the Google side:

1. Sign in to the Google Ads UI and ensure that:

   • You have access to the customer account ID you’re trying to query.

   • If it’s a client account, it must be linked to a manager (MCC) account that has API access.

2. If you see that the customer account is cancelled or inactive, reactivate it by following Google’s guide:
   Reactivate a cancelled Google Ads account | support.google.com

3. If the issue persists, reach out to Google Ads API support with:

   • The error snippet

   • The request_id from your extraction logs (used by Google to trace the failed call)

On the Stitch UI side:

1. Re-authorize the Google Ads integration:

   1. Open Stitch in an incognito browser window.

   2. Go to the Google Ads integration settings.

   3. Click Re-authorize and follow the OAuth flow.

2. After re-authorizing, navigate to the Extractions tab and click Run Extraction Now.

3. If you manage multiple Google Ads accounts, note that:

   • Some accounts may work while others fail if they’re not connected to a manager account.

   • Only Ads accounts linked to a manager (MCC) have Ads API access.

   • Regular advertiser accounts must be linked to a manager account for Stitch to extract data successfully.

Prevention Tips

• Periodically verify that the connected Google Ads account is linked to a manager account and the OAuth token has not expired.

• Check for account status (ENABLED, CANCELLED, etc.) using the CustomerStatus enum | developers.google.com  if you suspect deactivation.

• Document the manager–client hierarchy for clarity when managing multiple accounts.

Cause 

The error message indicates that the Google Ads API denied permission for the request. This is a raw authorization error returned by Google Ads, specifically:

USER_PERMISSION_DENIED

The user or OAuth credentials being used don’t have permission to access the target Ads customer account.
If you’re accessing a client (managed) account, the manager account ID must be provided in the login-customer-id header.

See Google’s reference documentation in Authorizationerror | developers.google.com.

Environment

• Stitch 

During our company's auditing, we have been alerted to several vulnerabilities in the embedded Java VM for Replicate v2024.11.0.177

https://nvd.nist.gov/vuln/detail/CVE-2024-21235

https://nvd.nist.gov/vuln/detail/CVE-2024-21208

https://nvd.nist.gov/vuln/detail/CVE-2024-21217

https://nvd.nist.gov/vuln/detail/CVE-2024-21211

https://nvd.nist.gov/vuln/detail/CVE-2024-21210

Is there a newer version of Replicate that addresses these? If not, what is the recommended path to fix these vulnerabilities?

Resolution

To resolve the Issue, upgrade OpenJDK to version 17.0.13 or later or upgrade Replicate to version 2025.5. 

Upgrade only Java while keeping your current Replicate version 24.11

1. Upgrade to a minor version (e.g., 17.0.X), not a major version, to maintain compatibility. 
2.  Important Instructions: Test the Java upgrade in a Replicate test environment first.
3. Create a backup before proceeding with the Java upgrade.

You should upgrade to a Java version that addresses the CVE (JAVA version 17.0.14+7), but not a major version. Alternatively, download any other relevant JRE binaries. 

Manual steps to update the JRE for Replicater

1. Download JRE binaries to Replicate host.
   you can download JRE binaries from: https://github.com/adoptium/temurin17-binaries/releases/tag/jdk-17.0.12%2B7 
   Example: ( OpenJDK17U-jre_x64_windows_hotspot_17.0.13_11.zip)
2. Stop Replicate services.
3. Backup <product dir>\jvm directory.
   For instance:  C:\Program Files\Attunity\Replicate\jvm
4. Remove <product dir>\jvm directory.
5. Extract the JRE binaries you have downloaded to <product dir>\jvm directory and make sure <product dir>\jvm\bin\java.exe exist (usually there is a parent directory with a naming convention 'jdk-<jre version>-jre' when extracting the JRE binaries, make sure to copy all it's subdirectories and files to <product dir>\jvm)
   For instance, if you download the directory  OpenJDK 17U-jre_x64_windows_hotspot_17.0.13_11, it has a sub-directory  jdk-17.0.13+11-jre.
6. Copy from the backed up jvm directory the following files: 
   <jvm backup>\conf\security\java.security  
   <jvm backup>\conf\security\java.security.default 
   <jvm backup>\conf\security\java.security.FIPS 
   To Replicate's jvm directory: 
   <product dir>\jvm\conf\security\java.security 
   <product dir>\jvm\conf\security\java.security.default 
   <product dir>\jvm\conf\security\java.security.FIPS
7. Start Replicate services.

The steps are similar for Replicate on Windows or Unix.

Cause

Defects: CVE-2024-21235;CVE-2024-21208;CVE-2024-21217;CVE-2024-21211;CVE-2024-21210

Environment

Qlik Replicate 

When a task is processing CDC data, the internal replicate engine uses "Linux iconv" API to convert the incoming delta records. If the conversion fails, following warning and error is displayed in the logs:

2025-07-09T06:44:56:68127[SERVER W: Conversion error 84,CodepageFrom=943, CodepageTo=65001, insize=16, output='', outSize=99(str.c:509)

2025-07-09T06:44:56:70391[SOURCE_CAPTURE]E: Error converting column 'column name' in table 'table name' to UTF8 using codepage 943 [1020112](db2luw_endpoint_capture.c:1321)

2025-07-09T06:44:56:70414[ASSERTION]W:The problematic column value: 

7f7a040a921a: 834F838A815B8358834183628376FCFC | .O...[.X.A.b.v..

7f7a040a922a: 8140814081408140814081408140| .@.@.@.@.@.@.@

(db2luw_endpoint_capture.c:1323)

Resolution

1. Convert the data to hexadecimal and identify the characters that cannot be converted and remove those.
2. Reload the table

Cause

The change data converted to hexadecimal contained character value "FCFC", which could not be converted to Unicode.

To validate whether the issue is caused by the data itself, we can also use third-party tool such as DBeaver to check if throws the same error when selecting the data from source DB.

Environment

Qlik Cloud