Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
We are running Qlik Sense Enterprise on Windows, and currently are on the May 2023 release, which uses PostgreSQL 12.5 for the repository. (Default install.)
We will upgrade to February 2024 within the next couple of months, which comes packaged with PostgreSQL 14.8.
It has been brought to my attention that both of these versions of PostgreSQL have a number of security vulnerabilities:
CVE-2024-0985, CVE-2023-5869, CVE-2023-39417, CVE-2023-5868, CVE-2023-5870.
These have been addressed by updates in PostgreSQL, with the latest release of each version fixing up to CVE-2024-0985. The PostgreSQL versions are:
12.18, 13.14, 14.11, 15.6
My question is: looking at this information, even upgrading to the latest version of Qlik Sense (Feb 2024), the security vulnerabilities in the bundled versions of PostgreSQL still remain.
What is best practice to address that? Do we need to separately upgrade to the latest release of PostgreSQL for the version that is bundled with the version of Qlik Sense that we're on? Eg for Sense May 2023 release, we upgrade to 12.18, and for Sense Feb 2024 we upgrade to 14.11?
HEllo @ElizabethLamb_Aus
here is the best way to use QPI (Qlik Postgres Installer) to migrate your embedded 12.5 to a standalone 14.8. It is approved from version Qlik Sense February 2022 and beyond.
You can then also install 14.11 on top once the migration was successful with the binary from here https://www.enterprisedb.com/downloads/postgres-postgresql-downloads
Note that version 15.x and 16.x are not approved for the use with Qlik Sense yet. So please stay in the 14 major release for the moment.
best regards
Sebastian
HEllo @ElizabethLamb_Aus
here is the best way to use QPI (Qlik Postgres Installer) to migrate your embedded 12.5 to a standalone 14.8. It is approved from version Qlik Sense February 2022 and beyond.
You can then also install 14.11 on top once the migration was successful with the binary from here https://www.enterprisedb.com/downloads/postgres-postgresql-downloads
Note that version 15.x and 16.x are not approved for the use with Qlik Sense yet. So please stay in the 14 major release for the moment.
best regards
Sebastian