Discussion board where members can learn more about Qlik Sense App Development and Usage.
Qlik Sense is using AngualrJS 1.5.8, which has four known security vulnerabilities:
* Content security policy bypass
* Cross-site scripting (x2)
* JSONP callback attack
with Medium severity.
Does anyone know if Qlik Sense is also vulnerable to this attacks, or if Qlik has fixed them in their released version of AngularJS?
The September18-release will include an upgrade to AngularJS 1.6.9. Our plan is to continue to upgrade AngularJS, so we always are on the latest 1.X version. Next planned upgrade is 1.7.X.
Please let me know if you have other questions.
Qlik Sense Server November 2018 is still using Angular 1.5.8. A bit of disappointment her.
Qlik Sense Desktop would most likely have the exact same versions of Angular, and vulnerabilities.
But the question is if it matters. Are there anyone else than yourself using your Sense Desktop?
The vulnerabilities are mainly cross-site-scripting attacks.