Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Introducing Qlik Answers: A plug-and-play, Generative AI powered RAG solution. READ ALL ABOUT IT!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ElizabethLamb_Aus
Contributor
Contributor
‎2024-04-30 02:31 AM

Qlik Sense May2023: Upgrading PostgreSQL to address security vulnerabilities

We are running Qlik Sense Enterprise on Windows, and currently are on the May 2023 release, which uses PostgreSQL 12.5 for the repository. (Default install.)

We will upgrade to February 2024 within the next couple of months, which comes packaged with PostgreSQL 14.8.

It has been brought to my attention that both of these versions of PostgreSQL have a number of security vulnerabilities:

CVE-2024-0985, CVE-2023-5869, CVE-2023-39417, CVE-2023-5868, CVE-2023-5870.

These have been addressed by updates in PostgreSQL, with the latest release of each version fixing up to CVE-2024-0985. The PostgreSQL versions are:

12.18, 13.14, 14.11, 15.6

 

My question is: looking at this information, even upgrading to the latest version of Qlik Sense (Feb 2024), the security vulnerabilities in the bundled versions of PostgreSQL still remain.

What is best practice to address that? Do we need to separately upgrade to the latest release of PostgreSQL for the version that is bundled with the version of Qlik Sense that we're on? Eg for Sense May 2023 release, we upgrade to 12.18, and for Sense Feb 2024 we upgrade to 14.11?

Labels (2)
Labels
234 Views
1 Solution

Accepted Solutions
Sebastian_Linser
Support
Support
‎2024-04-30 03:20 AM

HEllo @ElizabethLamb_Aus 

here is the best way to use QPI (Qlik Postgres Installer) to migrate your embedded 12.5 to a standalone 14.8. It is approved from version Qlik Sense February 2022 and beyond.

https://community.qlik.com/t5/Official-Support-Articles/Upgrading-and-unbundling-the-Qlik-Sense-Repo...

You can then also install 14.11 on top once the migration was successful with the binary from here https://www.enterprisedb.com/downloads/postgres-postgresql-downloads

 

Note that version 15.x and 16.x are not approved for the use with Qlik Sense yet. So please stay in the 14 major release for the moment.

 

 

best regards

Sebastian

Help users find answers! Don't forget to mark a solution that worked for you! 🙂

View solution in original post

219 Views
0 Likes
1 Reply
Sebastian_Linser
Support
Support
‎2024-04-30 03:20 AM

HEllo @ElizabethLamb_Aus 

here is the best way to use QPI (Qlik Postgres Installer) to migrate your embedded 12.5 to a standalone 14.8. It is approved from version Qlik Sense February 2022 and beyond.

https://community.qlik.com/t5/Official-Support-Articles/Upgrading-and-unbundling-the-Qlik-Sense-Repo...

You can then also install 14.11 on top once the migration was successful with the binary from here https://www.enterprisedb.com/downloads/postgres-postgresql-downloads

 

Note that version 15.x and 16.x are not approved for the use with Qlik Sense yet. So please stay in the 14 major release for the moment.

 

 

best regards

Sebastian

Help users find answers! Don't forget to mark a solution that worked for you! 🙂
220 Views
0 Likes