Is it faster to use a CSV file versus a Parquet file? Will one load to Qlik Cloud faster than the other?

The answer to this depends on the data.

The Analytics Engine makes calls to read data from the file as needed (streaming). While parquet files have built-in compression, which can affect how quickly certain data can be accessed, an equivalent CSV might be larger in raw data volume.

Environment

• Qlik Cloud
• Qlik Data Gateway

The following error occurred in Qlik Cloud Analytics:

Unexpected token: 'NONCLUSTERED', expected: 'Relationship' The engine error code: EDC_ERROR:11005 The error occurred here: CREATE >>>>>>NONCLUSTERED<<<<<< INDEX IX_WebProducts_ProductID ON #WebProducts(ProductID) !EXECUTE_NON_SELECT_QUERY

Resolution

Add the following SQL statement to resolve the issue:

SQL CREATE NONCLUSTERED INDEX IX_YourIndexName1234 ON "test_db".SalesLT.Customer (LastName DESC) !EXECUTE_NON_SELECT_QUERY; 

Environment

• Qlik Cloud Analytics

Some Qlik Cloud visualisations allow images to be shown from external URLs.

Is it possible to embed images that were uploaded to the media library?

Resolution

We currently don't have a global repository for images in Qlik Cloud, but each app has its own media library, where images can be uploaded.

To link them:

1. Make sure you are authenticated on the tenant
2. Get the list of all media contained in an app by going to https://TENANT.REGION.qlikcloud.com/api/v1/apps/APPID/media/list, replacing TENANT, REGION, and APPID with the correct values
3. Get the link for each image
   
   Example:
   
   "type": "image","id": "UserAnalyzer.png","link": "/api/v1/apps/1aa5c924-72cb-405a-bb60-8b5118e4b299/media/files/UserAnalyzer.png","name": "UserAnalyzer.png" 
   
   
4. Use the resulting /api/v1... URL for your visualization
   
   

Using a full URL to display the images (example: https://TENANT.REGION.qlikcloud.com/api/v1/apps/APPID/media/files/FILENAME.png) will work inside the app when authenticated on the tenant, but it will not work in other scenarios, such as mashups or the reporting service.

Make sure to use a relative URL (example: /api/v1/apps/APPID/media/files/FILENAME.png) instead.

For suggestions on how to improve the media library, please log an idea at Qlik Ideation.  

Environment

• Qlik Cloud Analytics

This article is intended to get started with the Microsoft Outlook 365 connector in Qlik Application Automation.

Authentication and Authorization

To authenticate with Microsoft Outlook 365 you create a new connection. The connector makes use of OAuth2 for authentication and authorization purposes. You will be prompted with a popup screen to consent a list of permissions for Qlik Application Automation to use. The Oauth scopes that are requested are:

• Mail.Send
• User.Read
• Offline_access

Sending Email with the Microsoft Outlook 365 connector

The scope of this connector has been limited to only sending emails. Currently, we do not enable sending email attachments and are looking to provide this functionality in the future. The suggested approach is to upload files to a different platform, e.g. Onedrive or Dropbox and create a sharing link that can be included in the email body.

The following parameters are available on the Send Email block:

• To: A comma separated list of recipients;
• CC: A comma separated list of recipients to which the email should be copied;
• BCC: A comma separated list of recipients to which the email should be blind copied;
• Subject: A title for your email;
• Type: Choose between plain text email or HTML;
• Body: The content of your email. You can use HTML for your email if chosen as the type.

Generating a report and sending an email with the report

As we do not currently support email attachments, we need to first generate a sharing link in Onedrive or an alternative file sharing service. The following automation shows how to generate a report from a Qlik Sense app, upload the report to Microsoft Onedrive, create a sharing link and send out an email with the sharing link in the body. This automation is also attached as JSON in the attachment to this post.

Environment:

Qlik Automate 

A scheduled reload using Qlik Data Gateway fails with the following error:

Internal error. (Connector error: Unknown reason:. Connector process started but gRPC server failed to initialize after 3 attempts (DirectAccess-1500)) The engine error code: EDC_ERROR:22013

Manual reloads may work as expected, but scheduled reloads continue to error out. 

Resolution

The error indicates a resource shortage.

Increase the Qlik Data Gateway VM server CPU and RAM to meet the system requirements. See System prerequisites for details. 

Environment

• Qlik Cloud Analytics
• Qlik Data Gateway

The following release notes cover the Qlik PostgreSQL installer (QPI) version 1.2.0 to 2.0.0.

Content

• What's New
• 2.0.0 May 2025 Release Notes
• Known Limitations (2.0.0)
• 1.4.0 December 2023 Release Notes
• Known Limitations (1.4.0)
• 1.3.0 May 2023Release Notes
• Known Limitations (1.3.0)
• 1.2.0 Release Notes

What's New

• The PostgreSQL version used by QPI has been updated to 14.17
• An upgrade of an already upgraded external instance is now possible
• Support for an upgrade of the embedded 14.8 database was added
• Silent installs and upgrades are supported beginning with Qlik PostgreSQL Installer 1.4.0 and later. QPI can now be used with silent commands to install or upgrade the PostgreSQL database. (SHEND-973)

2.0.0 May 2025 Release Notes

Known Limitations (2.0.0)

• Rollback is not supported.
• The database size is not checked against free disk space before a backup is taken.
• Windows Server 2012 R2 does not support PostgreSQL 14.8. QPI cannot be used on Windows Server 2012 R2.
• QPI will only upgrade a PostgreSQL instance that only contains Qlik Sense Databases (QSR, SenseServices, QSMQ, Licenses, QLogs, etc.)

1.4.0 December 2023 Release Notes

Known Limitations (1.4.0)

• QB-24990: Cannot upgrade PostgreSQL if Qlik Sense was installed in a custom directory such as D:\Sense. See Qlik PostgreSQL Installer (QPI): No supported existing Qlik Sense PostgreSQL database found.
• Rollback is not supported.
• Database size is not checked against free disk space before a backup is taken.
• QPI can only upgrade bundled PostgreSQL database listening on the default port 4432. Using QPI to upgrade a standalone database or a database previously unbundled with QPI is not supported.
• Cannot migrate a 14.8 embedded DB to standalone
• Windows Server 2012R2 does not support PostgreSQL 14.8. QPI cannot be used on Windows Server 2012R2.

1.3.0 May 2023 Release Notes

Create the Bookmark

1. Create a bookmark. The bookmark menu can be located in the top right corner of the Qlik Sense app overview. 
   
   
   
   
2. Create and save the bookmark
3. Navigate back to the bookmark menu.
4. Right-click the bookmark that you wish to share.
5. Select Publish
   
   
   

You can also click Copy link - this will show a warning that the bookmark needs to be published. When confirming the warning, the bookmark will be automatically published. 

Share the Bookmark

1.  Right-click the bookmark again.
2. Select Copy link   
   
   
   
   
3. Share the link with anyone who has access to the application. 

If the share option is not available or if users who should see the bookmarks cannot find it, verify that Sense has not been set up with Security Rules that disallow sharing or access to specific objects. See the attached document for details.

Loading MS Access data (.accdb file) using generic ODBC (via Data Gateway) in Data Manager fails with the following error:

Failed to add data
Data could not be added to Data manager. Please verify that all data sources connected to the app are working and try adding the data again.

The Direct Access ODBC Connector log reads:

Message=Error in HandleJsonRequest for method=getRawScript,
exception=Exception, error=ODBC Wrapper: Unable to execute SQLForeignKeys:
[Microsoft][ODBC Driver Manager] Driver does not support this function.
internalError=True

Resolution

Use the Data Load Editor to load MS Access data.

Loading file-based Access DBs through ODBC to a modern BI tool is not recommended, specifically with larger files. These are likely to underperform during the loading process.

Cause

This error indicates the MS Access ODBC driver doesn’t support the SQLForeignKeys ODBC function. However, retrieving the table foreign keys is essential for Data Manager (as opposed to Data Load Editor).

Internal Investigation ID(s)

SUPPORT-4446

Environment

• Qlik Cloud Analytics
• Qlik Data Gateway

A Talend Spark Stream Job configured with Yarn cluster mode and Kerberos enabled is encountering issues and failing to execute, presenting the following errors: 

YarnClusterScheduler- Lost executor 3 on me-worker1.xxx.co.id: Unable to create executor due to Unable to register with external shuffle server due to : java.lang.IllegalStateException: Expected SaslMessage, received something else (maybe your client does not have SASL enabled?)

jaas.conf content =
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/tmp/adm.keytab"
principal="cld_adm@XXX.CO.ID"
doNotPrompt=true;
};

KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/tmp/adm.keytab"
principal="cld_adm@XXX.CO.ID"
doNotPrompt=true;
};

Cause

The external shuffle service within YARN is configured to mandate SASL authentication; however, the Spark executor is either improperly configured to use SASL or is transmitting an incompatible message.

Common causes includes:

1. The absence or inaccuracy of SASL configuration in either spark-defaults.conf or YARN's configuration file (yarn-site.xml).
2. A version discrepancy between Spark and YARN, where the shuffle service necessitates a particular SASL protocol unsupported by the Spark client.
3. Improper security configurations, including the omission of Kerberos credentials or incorrect settings for spark.authenticate and associated properties.

This error results in the executor's failure to register with the shuffle service, prompting the YarnClusterScheduler to mark it as lost.

Resolution

Ensure that the external shuffle service is enabled, and that the SASL settings are in accordance with YARN's configurations:

spark.authenticate true
( #not necessary 
spark.network.crypto.enabled true
spark.network.crypto.saslFallback true
)

Environment

• Talend Data Integration 

The new Straight Table was moved into the new native section of charts from the visualization bundle. The new Straight Table offers many improvements from the old table, and we encourage everyone to start using the new table instead of the old one.

This article aims to answer any frequently asked questions around this switch, beginning with:

• The old table will not be removed anytime soon. It will continue to work until further notice. We encourage you to subscribe to the Qlik Support Blog and What's New in Qlik Cloud to stay ahead of updates.
• The old table will not be updated further. Use the new table to benefit from future improvements.
• We monitor your feedback and will improve the functionality of the new table.

FAQ

What improvements does the Straight table come with?

Here are some examples:

• Grid styling
• Totals styling
• Pagination or virtual scroll
• Scrollbars outside of the table
• Add, delete many fields at the same time
• Cell font family, size and color styling
• Font styling by expression
• Column width options pixels, percentages
• Chart exploration, end user can pick dimensions and measures
• Header on/off
• Zebra striping
• Null value styling
• Selection info in export
• Totals in export
• Titles in export
• Cyclic dimension controls in dropdown

Will the old table be removed?

No, the old table will continue to work in the foreseeable future. Any changes will be notified in advance. Regardless, we highly recommend upgrading your tables as soon as possible to enjoy the new Straight Table's new functions. 

How do I convert to the new table?

The easiest way to convert your tables is to drop the new table chart onto the old one.

1. First, copy the old table
2. Edit the sheet that includes the Table (retired)
3. Open the Charts pane
4. Drag the Straight table over your table
5. Choose Convert to: Straight table

The new table looks different and offers more functionality that must be enabled to be used.

When will the old table be deprecated?

Not anytime soon, it will be a soft fade out. The new Straight Table will be the preferred choice for all new applications, and we anticipate many will upgrade to benefit from new functionality. Over time, the usage of the old table will diminish until most applications are using the new table anyway.

Will this affect Qlik Sense Enterprise on Windows?

Qlik Sense Enterprise on Windows will have the table feature aligned with Qlik Cloud Analytics in a future release.

I’m not happy with X and Y of the new table, will that be changed?

We’re closely monitoring feedback on the new table and are dedicated to creating the best possible experience, including improvements to accessibility. We are committed to accessible standards so people with disabilities can use our products. Printing, the tables should, of course, print in as consistent a manner as possible. As for usability. we aim to enable experienced users to reach functionality quickly, while also not overwhelming new users.

Environment

• Qlik Analytics

This article aims to help you facilitate the most effective way to collaborate with Qlik Support. It defines your responsibilities as a partner, including reproducing issues, performing basic troubleshooting, and consulting the knowledge base or official documentation.

For the Qlik Talend guide, see Partner Guide: How to Prepare and Collaborate with Qlik Talend Technical Support.

Before contacting Qlik Data Analytics Technical Support, partners must complete the steps outlined in Qlik Responsible Partner Duties and should review the OEM/MSP Support Policy to understand the scope of support and the expectations on Partners.

• Partners are required to complete the steps outlined in this article before submitting a support case.
• It is the partner’s responsibility to answer the customer's questions to the best of their ability by referring to documentation, the Qlik Community, previous cases, and online resources before submitting a case or commenting on an existing one.
• For high-priority or urgent issues, it is acceptable to raise a ticket early. However, the responsibilities outlined in the article still apply at every stage of the case. 

Content

• General Expectations Before Submitting a Case
• Isolate What Is Affected
• Provide Product and Version Information
• Reproduce the Issue in Your Environment
• Always Provide Complete (Not Partial) Logs
• Describe What You Have Already Investigated
• Submit All Related Files You Investigated Or Used For Replication
• Submit the Case Using Your Partner Account
• Partner Case Submission
• Template
• Summary of the Problem
• Customer Information
• Files Attached
• Summary of your Investigation

General Expectations Before Submitting a Case

Isolate What Is Affected

Identify which Qlik product, environment, product configuration, or system layer is experiencing the issue. 

For example, if a task fails in Qlik Sense Enterprise on Windows, try running it directly in Qlik Sense Management Console to determine whether the problem is transient. Also, try running a different task to determine whether the problem is task-specific.

Similarly, if a reload fails in one environment (e.g., Production), inform the customer to try running it in another (e.g., Test) to confirm whether the issue is environment-specific.

Provide Product and Version Information

Always include the exact product name, version, and patch (or SR) the customer is using. 

Many issues are version-specific, and Support cannot accurately investigate the issue without this information.

If the product the customer is using has reached End of life (EOL), please plan the upgrade. If the issue can be reproducible on the latest version, please reach out to us so that we can investigate and determine whether it's a defect or working as designed. 

For End of Life or End of Support information, see Product Lifecycle.

Reproduce the Issue in Your Environment

Partners are expected to recreate the customer’s environment (matching versions, configurations, and other relevant details) and attempt to reproduce the issue.

If you do not already have a test environment, please ensure one is set up. Having your own environment is essential for reproducing issues and confirming whether the same behavior occurs outside of the customer’s setup.

In addition, please test whether the issue occurs in the latest supported product version. In some cases, it may also be helpful to test in a clean environment to rule out local configuration issues. If the issue does not occur in the newer version or a clean setup, it may have already been resolved, and you can propose an upgrade as a solution.

See the Release Note for the resolved issues.

Regardless of whether the issue could be reproduced, please include: 

• The exact Qlik Product version and environment information (OS, Browser, etc)
• The exact steps you followed
• Screenshots showing your process
• Any sample apps, data files, or configuration files used during testing
• A summary of your results (such as “Reproduced same error,” or “Could not reproduce – no error occurred”)

Always Provide Complete (Not Partial) Logs

While pasting a portion of the log into the case comment can help highlight the main error, it is still required to attach the entire original log file (using, for example, FileCloud).

Support needs the full logs to understand the broader context and to confirm that the partial information is accurate and complete. 

It is difficult to verify the root or provide reliable guidance without full logs.

Additionally:

• Specify which logs you reviewed
• Confirm that the customer provided full, uncut logs, not only short fragments
• Include logs from both the customer's environment and your own reproduction tests
• If possible, change the log level to DEBUG temporarily and share it with us
  
  Providing both sets of logs allows Support to see what testing has been done and whether the same error occurred during reproduction. 

Describe What You Have Already Investigated

Please do not simply forward or copy and paste the customer’s inquiry.

As a responsible partner, you are expected to perform an initial investigation. In your case submission, clearly describe:

• What you reviewed (such as logs and configurations)
• What actions you took to isolate or reproduce the issue
• What you analyzed, tested, or attempted
• What you concluded or suspected based on your investigation (such as why you think it is a bug, why you think the problem is occurring)

Sharing this thought process:

• Helps Support understand your assumptions
• Avoids duplicated effort
• Demonstrates that the case is ready for advanced-level investigation

Even if the issue remains unresolved, outlining what you already tried helps Support move forward faster and more effectively.

Submit All Related Files You Investigated Or Used For Replication

Attach all relevant files you received from the customer and personally reviewed during your investigation, as well as all relevant files you have used when reproducing the steps.

Providing both the customer’s files and your reproduction files allows Support to verify whether the same issue occurred under the same conditions, and to determine if the problem is reproducible, environment-specific, or isolated to the customer's configuration.

This includes (but is not limited to):

• Log files (e.g. Qlik logs, Connector logs, Windows Event logs, Server Stats, Har file, etc, if necessary)
• Screenshots: If an error is visible on the UI, please include the error message and accessed page URL.
• Sample input files or test data

Submit the Case Using Your Partner Account

All support cases must be submitted using your official partner account, not the customer's account.

If you do not yet have a partner's account, contact Qlik Customer Support to request access and to receive the appropriate onboarding.

Partner Case Submission

Review the support policy and set the case severity properly. See 
Qlik Support Policy and SLAs

Template

This template helps guide you on what to include and how to structure your case.

Summary of the Problem

What happened? When did it happen? Where did it happen?

Clearly describe the event, including:

• A brief summary of the impact (e.g., "Unable to login to Qlik Sense Enterprise on Windows hub")
• Date and time the issue occurred (e.g., "Since July 10, between 13:50–13:55 JST")
• Product (e.g., "Qlik Sense on Windows Nov 2024 Patch 7")
• Environment: OS version, Browser, etc

Customer Information

Only include what is needed based on the case type.

Examples:

• Customer's Company Name
• License number
• Tenant information (only Qlik Cloud):
  Find your Qlik Cloud Subscription ID and Tenant Hostname and ID

Files Attached

List the files you have included in the case and what each one is.

Summary of your Investigation

Explain what investigation was done before contacting support.

Examples:

• Logs/files you reviewed
• Patterns/errors observed
• Assumptions you made (e.g., suspected cause)
• Whether the issue is reproducible (If it's reproducible, describe the reproduction steps too)
• Troubleshooting steps attempted

Thank you! We appreciate your cooperation in following these guidelines.

This ensures that your cases can be handled efficiently and escalated quickly when necessary.

Question

After moved migrated GitHub from on-premises to cloud and so switched from credential login to SSO, is there a way to authenticate Talend Studio to GitHub using SSO login? If using personal access tokens (PATs), is it on the security risk?

So far Talend Studio cannot SSO directly to GitHub, it can use a workaround with PATs or SSH keys, and thereby also be more secure than without SSO. 

• How a personal access token can be authorized for SSO

  https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on

  This link above explains how a personal access token can be authorized for SSO. So using a username and PAT from Studio to login to GitHub. GitHub allows granular permission controls for PATs and SSO authorization further mitigates security risks. Developers will need considerable rights.

• How an ssh key can be authorized for SSO

  https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on

  You can do much the same with SSH keys

Environment

Talend Studio 

When attempting to connect to a GitHub repository from Talend Studio, encountered an error with the following message:

"git-upload-pack not permitted on 'https://github.com//.git'"

Common Symptoms:

Error:org.eclipse.jgit.api.errors.TransportException

Message:username or password are not correct

GitHub Desktop and Git Bash access may still work

Can successfully access other GitHub repositories

Cause

This issue is caused by a missing Single Sign-On (SSO) authorization on the GitHub Personal Access Token (PAT) being used.

When a GitHub organization enforces SAML SSO, all PATs must be explicitly authorized for use by the organization. If this step is skipped or the organization has changed its SSO enforcement, Git operations like git-upload-pack will be denied — even if the PAT has the correct scopes.

Resolution

To address the issue, please verify and reauthorize Single Sign-On (SSO) for your GitHub Personal Access Token (PAT) by following these step-by-step instructions:

1.  Sign in to GitHub
   1. Go to https://github.com/settings/tokens
2. Locate Your Personal Access Token 
   1. Find the token being used for Talend Studio under "Tokens (classic)"
3. Authorize SSO Access
   1. Click "Configure SSO" next to the PAT 
   2. A pop-up will appear listing available organizations
   3. Click Authorize next to your organization
4. Retry the Git Connection in Talend Studio
   1. Restart Talend Studio
   2. Re-enter your GitHub username and the PAT as the password when prompted

Optional: Test via Git Bash

Run: 

git clone https://user:PAT@github.com/<org>/<repo>.git

If SSO is not configured, you will receive a message:

Your organization has enabled or enforced SAML SSO...

Related Content

Qlik Talend Cloud: 'git-receive-pack not permitted' error while creating a project

Environment

• Talend Studio 8.0.1

Using Qlik-CLI to export an app without the '--exportScope all' parameter fails with the error:

Error: 400 - Bad Request - Qlik Sense

This is observed after an upgrade to Qlik Sense Enterprise on Windows November 2024 patch 10 or any later version. The error is intermittent and the export may succeed if executed several times.

Reviewing the output shows Status: 201 Created, followed by the error after retrieving the app from the temporary download path:

> qlik qrs app export create "dbb1841d-f3f6-4a49-b73f-0a24cc003b1b" --exportScope all --output-file "C:/temp/App3.qvf" --insecure --verbose
Insecure flag set, server certificate will not be verified
POST https://sense/jwt/qrs/app/dbb1841d-f3f6-4a49-b73f-0a24cc003b1b/export/e237e6c8-d367-45d3-9eff-9f191b3f1ef5?exportScope=all&xrfKey=4B21426C21AE6B85...
Status: 201 Created
{
"exportToken": "e237e6c8-d367-45d3-9eff-9f191b3f1ef5",
"appId": "dbb1841d-f3f6-4a49-b73f-0a24cc003b1b",
"downloadPath": "/tempcontent/f8deec7c-5ab4-4462-879b-38990febbd1b/Test.qvf?serverNodeId=ae6a7f27-1abd-439e-b4da-0a0b0f4a3e61",...
}
GET https://sense/jwt/tempcontent/f8deec7c-5ab4-4462-879b-38990febbd1b/Test.qvf?serverNodeId=ae6a7f27-1abd-439e-b4da-0a0b0f4a3e61&xrfKey=4B21426C21AE6B85...
Status: 400 Bad Request
400 - Bad Request - Qlik Sense
Error: 400 - Bad Request - Qlik Sense

Resolution

This is being investigated by Qlik as SUPPORT-3800.

Workaround

Delete the content of the cookie store ( ~/.qlik/.cookiestore) when the error occurs.

In Windows, this can be found in %USERPROFILE%\.qlik\.cookiestore

A batch job can be created to automate the deletion.

Cause

This is caused by an incorrect cookie handling by Qlik-CLI. While exporting the app, the responses include the Set-Cookie header, but qlik-cli fails to update the cookie store with the new cookie.

Environment

• Qlik Sense Enterprise on Windows

When passing parameters from postman to a talend services, tRestRequest component is receiving null response.

Resolution

Review the schema of the tRestRequest component to ensure the Comment field is appropriately assigned.  

In REST API Mapping section, by default, if you leave the Comment field empty, the parameter is considered as a Path parameter.

Cause

There are some parameters missing/misconfiguring in the Comment field of tRestRequest component and you need to define what type of parameter it is in the Comment field of the schema.

Below is a list of supported Comment values:

• empty or path corresponds to the default @PathParam,

• query corresponds to @QueryParam,

• form corresponds to @FormParam,

• header corresponds to @HeaderParam.

• matrix corresponds to @MatrixParam.

• multipart corresponds to the CXF specific @Multipart, representing the request body. It can be used only with POST and PUT HTTP methods.

Related Content 

https://help.qlik.com/talend/en-US/components/8.0/esb-rest/trestrequest

Environment

Talend Data Integration 

Question I

Which Apache Tomcat Versions are affected  by Apache Tomcat Vulnerability CVE-2025-24813 and the impact?

Apache Tomcat Vulnerability CVE-2025-24813 is Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet

Affected Apache Tomcat version

• From 11.0.0-M1 through 11.0.2
• From 10.1.0-M1 through 10.1.34
• From 9.0.0.M1 through 9.0.98

How Impact

The original implementation of partial PUT used a temporary file based on the user provided file name and path with the path separator replaced by ".".

If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:

• Writes enabled for the default servlet (disabled by default)
• Support for partial PUT (enabled by default)
• A target URL for security sensitive uploads that is a sub-directory of a target URL for public uploads>
• Attacker knowledge of the names of security sensitive files being uploaded>
• The security sensitive files also being uploaded via partial PUT

If all of the following were true, a malicious user was able to perform remote code execution:

• Writes enabled for the default servlet (disabled by default)
• Support for partial PUT (enabled by default)
• Application was using Tomcat's file based session persistence with the default storage location
• Application included a library that may be leveraged in a deserialization attack

Question II
On which Apache Tomcat versions this Vulnerability is fixed and currently Talend Supported Apache Tomcat versions?

Vulnerability is fixed with the following Apache Tomcat versions

• 9.0.99 or later
• 10.1.35 or later
• 11.0.3 or later (not used by the Talend Product )

Talend Supported Apache Tomcat Versions 

Regarding of Talend Help Documentation: compatible-web-application-servers

• Tomcat 10.1.40 requires Talend R2025-05 monthly patch or later.
• Tomcat 10.1.42 and 10.1.43 require Talend R2025-06 monthly patch or later.

Related Content

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24813

Apache Tomcat Vulnerabilities

• https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.99 
• https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.35
• https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.3 

Environment

Talend Administration Center 

When attempting to build a set of items (jobs, routes, services, etc) from a parent project with a reference project, Maven and the P2 may only see the items in the parent. Additionally, there may be errors of certain items (child jobs, routines, etc) missing during different stages of the build; such as (but not limited to the following):

org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal on project <project_name>: Could not resolve dependencies for project org.example.<project_name>.job:<job_name>:jar:0.1.0: The following artifacts could not be resolved: org.example.<reference_project>.joblet:<joblet_name>:pom:0.1.0 (absent)

Resolution

When the YAML or Pipeline scripts being used with the orchestrator, Talend CICD may need to be modified, so that the parent and reference projects are checked out and copied into one folder. This process may depend on the orchestrator used (such as Jenkins/Cloudbees, Azure DevOps, Gitlab Actions, etc); for specific information, please check with your DevOps team for specific commands and process.

In short, the process should look similar to the following:

1. Check out repository/branch where the reference project is located.
2. Check out repository/branch where the parent project is located.
3. Copy the reference project folder into a new folder, usually within the same working directory.
4. Copy the parent project folder into the same folder as the reference project.
5. Delete/Clean the original checked out folders from the working directory.

Cause

Most YAML or Pipeline scripts are setup to pull and checkout from one repository/branch; however, if a Reference Project is being used, it does require that repository/branch also be pulled down. If the reference project is not copied into the same folder as the parent project, Maven/Talend may only see the parent project checked out without reference project.

Environment

• Talend Data Integration 
• Talend Studio 

A user can enable failure notifications for automations in their profile settings. Reference: Notifications

However, if the user is not the owner of an automation hosted in a shared space, they will not receive the expected notification.

Only the automation owner will be alerted.

This behaviour is different than the one for application reloads, where tenant admins and people with permissions on a shared space can also be notified.

Resolution

This is a current limitation.

To provide Qlik with input on this limitation and suggest changes, head to Qlik's ideation portal, which our product teams actively monitor.

Environment

• Qlik Automate
• Qlik Cloud

A user can enable failure notifications for automations in their profile settings. Reference: Notifications

However, despite the automation failing several times, only the original notification of the first failure is delivered.

Resolution

This is as designed.

Since automations can be run every 30 seconds, we want to avoid spamming the user with notifications. We therefore have a 6-hour window after a failure during which the user will not receive another alert.

Another can be sent after six hours. 

Qlik plans to reduce the window from 6 hours to 1 hour. No estimated time for this change is known yet.

Environment

• Qlik Automate
• Qlik Cloud