Qlik Community

Qlik Sense App Development

Discussion board where members can learn more about Qlik Sense App Development and Usage.

vegard_bakke
Contributor

Security vulnerabilities in Qlik Sense' AngularJS

Qlik Sense is using AngualrJS 1.5.8, which has four known security vulnerabilities:

* https://snyk.io/test/npm/angular/1.5.8?severity=high&severity=medium&severity=low

It mentions:

* Content security policy bypass

* Cross-site scripting (x2)

* JSONP callback attack

with Medium severity.

Does anyone know if Qlik Sense is also vulnerable to this attacks, or if Qlik has fixed them in their released version of AngularJS?

Cheers

1 Solution

Accepted Solutions
iue
New Contributor II

Re: Security vulnerabilities in Qlik Sense' AngularJS

Thanks for raising this question.

It is in our plans to update angularjs to a newer version.

4 Replies
iue
New Contributor II

Re: Security vulnerabilities in Qlik Sense' AngularJS

Thanks for raising this question.

It is in our plans to update angularjs to a newer version.

vegard_bakke
Contributor

Re: Security vulnerabilities in Qlik Sense' AngularJS

Hoping for June 2018 release, according to Qlik Support.

(There are a few backwards compatibility issues with the newer angular, apperently. )

kevicoxqlik
New Contributor

Re: Security vulnerabilities in Qlik Sense' AngularJS

Any update on this?  Doesn't look like AngularJS was upgraded in June 2018 release of Qlik Sense.

iue
New Contributor II

Re: Security vulnerabilities in Qlik Sense' AngularJS

Kevin,

The September18-release will include an upgrade to AngularJS 1.6.9. Our plan is to continue to upgrade AngularJS, so we always are on the latest 1.X version. Next planned upgrade is 1.7.X.

Please let me know if you have other questions.

Thanks!

Community Browser