Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Jamie_Gregory
Community Manager
Community Manager
‎2021-05-18 01:12 PM

New Security Patches Available Now

Hello Qlik Users,

Today we have seven Qlik Sense patches and one for Qlik Connector for use with SAP NetWeaver:

  • February 2021 Patch 5
  • November 2020 Patch 10
  • September 2020 Patch 12
  • June 2020 Patch 16
  • April 2020 Patch 16
  • February 2020 Patch 12
  • November 2019 Patch 17
  • SAP NetWeaver 7.0.7

 

These patches include a fix for the security vulnerability, details of which can be found in the Security Bulletin SB: Cross-site scripting (XSS) vulnerability in Qlik Sense Enterprise.

The downloads for the patches can all be found on the Qlik Download site. The release notes for SAP NetWeaver can also be found on the Qlik Download site.

Release Notes for the Qlik Sense patches can be found in the Qlik Community, on the new Release Notes page.

Please follow best practices when upgrading Qlik Sense.

The information in this post and Security Bulletin are disclosed in accordance with our published Security and Vulnerability Policy.

Kind regards,

Qlik Global Support

5/25/2021 - Update to clarify a couple of questions:

  • The versions listed in the Security Bulletin are the fixed versions. Versions prior to those listed are the affected versions.

  • If you do not use the SAP connector, you still need to apply the patch for Qlik Sense.

  • There is a new release that includes the security fix as well so you will most likely want to apply that patch (both do not need to be applied in that case). 

Labels
3,340 Views
8 Comments
yoko1106
Partner - Contributor III
Partner - Contributor III
‎2021-05-18 06:54 PM

Thank you Qlik, Jamie san,  for always providing the information in a very concise and clear manner since I can share with my team in our local language easily and quickly. Wonderful job!! Thank you!!

2,613 Views
Jamie_Gregory
Community Manager
Community Manager
‎2021-05-19 09:22 AM

You're welcome, @yoko1106 🙂

2,299 Views
stvegerton
Creator III
Creator III
‎2021-05-19 01:09 PM

Do I need February 2021 Patch 5 if I'm NOT using the SAP connector?  

2,180 Views
Jamie_Gregory
Community Manager
Community Manager
‎2021-05-20 04:27 PM

Hello @stvegerton, it's my understanding that it's a Qlik Sense issue and an SAP Connector issue. I am double checking for you. If I don't hear anything back today, I will let you know early next week. Also, I am about to blog about it, but there are new patches out for Qlik Patch Wednesday and it includes the security patch. So you may want to go to the latest patch.

1,918 Views
Jamie_Gregory
Community Manager
Community Manager
‎2021-05-24 01:37 PM

@stvegerton I confirmed that even if you are not using SAP, you should apply the patch. 

1,723 Views
BI41andAll
Contributor II
Contributor II
‎2021-05-25 08:03 AM

Hello, does May 2021 need a patch or is it not impacted by the XSS vulnerability in QSE?

1,622 Views
AlexOmetis
Partner Ambassador
Partner Ambassador
‎2021-05-25 08:49 AM

@BI41andAll  - the Security Bulletin linked above says  anything before May 2021 (amongst others) is affected so that means May 2021 itself is not affected. 

744 Views
Jamie_Gregory
Community Manager
Community Manager
‎2021-05-25 10:54 AM

@BI41andAll what @AlexOmetis said is correct 🙂 anything before the versions listed is affected. The list is the fixed versions. 

687 Views
Subscribe by Topic