Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Is QlikView (specifically 11.2) vulnerable to the SSL HeartBleed OpsnSSL bug? http://heartbleed.com/.
Hi,
Here is the information from the Expressor team.
Expressor has used two versions of OpenSSL is its history. Until 2011, we were using 0.8.9d and then upgraded to 1.0.0d. Neither of these versions is affected by heartbleed.
Bill
Hi Scott,
We do not use OpenSSL in our code. OpenSSL is geared more toward Apache.
Bill
I understand that it is not in QlikView according to the third party license terms, but is in Expressor and therefore potentially in the Governance Dashboard?
QlikView 3rd party license terms - http://www.qlik.com/~/media/files/info/license-terms-third-party/third-party-license-terms.ashx
Hi,
OpenSSL is used for SSL and web traffic. Expressor is an application and not a webserver. Also, Qlik uses Microsoft products that unless you are running Windows version of Apache are not affected according to Microsoft.
Hi,
I have been told the Expressor team is looking at their product to make sure I am correct.
Bill
Hi,
Here is the information from the Expressor team.
Expressor has used two versions of OpenSSL is its history. Until 2011, we were using 0.8.9d and then upgraded to 1.0.0d. Neither of these versions is affected by heartbleed.
Bill
Can anyone provide any links on QlikView site or a link to something that says QlikView is "safe" from heartbleed? I need to provide documentation that shows it is - some kind of reference. I have been unable to find anything other than this thread.
Thank you,
Hi Richard,
I am a DSE with QlikView and was the one that went to our security team to get the information. I will see if I can't get someone to put a official statement on the Qlik Site.
Bill
Thank you Bill that would be very helpful.
Hi Richard,
Check this out.
Bill