Qlik Community

Support Updates Blog

Important and useful support information about end-of-product support, new service releases, and general support topics.

IMPORTANT security patches for GeoAnalytics Server available to download: READ DETAILS
Community Manager
Community Manager

Hello Qlik Users,

It's been another busy day here in Support! We recently released Qlik Sense patches for specific versions that address the Node.js security vulnerability.  For more information, please see SB: Qlik and Node.js February 2020 Security Updates​​​​​​​. Please see the previous blog posts regarding those updates:

We put together an FAQ regarding the updates. Please let us know if there are any additional questions.



Which initial version of Qlik Sense is the vulnerability addressed in? 

The initial fixed version is February 2020. All versions going forward will have the fix included. 

Which Qlik Sense patches address the vulnerability? 

The following patches address the vulnerability:  

  • February 2019 Patch 8 

  • April 2019 Patch 8 

  • June 2019 Patch 11 

  • September 2019 Patch 7 

  • November 2019 Patch 6 

Any additional patches in these tracks will also include the fix. 


Do I need to upgrade? 

Yes, you will need to upgrade. 

When do I need to upgrade? 

As soon as possible. Please refer to best practices when upgrading (see Patching Qlik Sense)

What happens if I don’t upgrade? 

Qlik will not take responsibility for any security breach within your environment. 

How do I do upgrade?  

Please see Patching Qlik Sense on the Help site for specific steps. It’s important to note the additional steps for recreating the certificates due to the Node.js vulnerability. Please use the following materials for more guidance on recreating the certificates: 

If I run the Powershell script and it fails, how do I recover/proceed?  

We are quite confident the Powershell script for recreating the certificates (see Recreating the Qlik Sense Root Certificate (Root CA) ) will run smoothly. However, should any issues arise, please try manually recreating the certificates (Manually Recreating The Qlik Sense Root CA). If there are any other issues or questions, please contact Qlik Support

How do I confirm the Powershell script for recreating the certificates ran successfully?   

Check the certificate using the C2 Validator confirm the certificate is good once the certificate has been recreated. 

Do I need to recreate the Qlik Sense certificates? 

If the initial version that Qlik Sense was installed with was prior to June 2019, then yes, the certificates need to be recreated. Please see the release notes for more information: 

Qlik Sense Patch


February 2019 Patch 8

Release Notes

April 2019 Patch 8

Release Notes

June 2019 Patch 11

Release Notes

September 2019 Patch 7

Release Notes

November 2019 Patch 6

Release Notes


Why do I need to recreate the Qlik Sense certificates? 

For the new version of Node.js to be compatible with Qlik Sense, the Qlik Sense certificates need to be recreated. 


What version(s) should I apply if I am looking to upgrade to a more recent version? 

We recommend upgrading to the latest version. However, we know that is not always possible. Regardless of the track you upgrade to, you will first need to apply the Initial Release (IR) then apply the latest patch for that track. Example: If you’re currently on June 2019 Patch 10 and would like to upgrade to the November 2019 track, you will need to apply November 2019 IR first then apply November 2019 Patch 6. 

I have recreated my certificates. Do I need to update the certificates anywhere else? 

You will also have to replace Qlik Sense root certificate with the newly created one in the following cases:  

  • Your Qlik Sense deployment is connected with Qlik NPrinting, Qlik multi-cloud setups, or any other external tools or configurations. 

  • You have configured QlikView Distribution Service for distribution of links to QlikView documents to the Qlik Sense hub. 


If I upgrade to February 2020, do I need to recreate the certificates? 

No, you do not have to recreate the certificates. The February 2020 installer will recreate the certificates for you. Verify the certificates were created successfully by using the C2 Validator tool. 


Kind regards,

Global Support

Tags (3)

@Jamie_Gregory We've been running Qlik Sense for some time (since before v2.2.3), so will need to recreate our certificates under this patch.

My question is whether this means we need to recreate all Data Connection passwords?



Hi, Has anyone applied the June 2019 Patch 11 already? Any feedback or issues? As per the release notes, it's not required to re-create the certificates in this case.


Digital Support
Digital Support

@krishnakumars7 , if after the upgrade you have issues with the connections, it is most likely due to the password hash not being decrypted propertly. The only workaround is to re-create the hash by resetting the password under QMC > Connections > <specific connection>.

See related content:



Thanks Andre, During the upgrade to the latest patch, the recommendation is to recreate the root certificate, I believe all the connection password lost due to certificate recreation.

Since we are having lot of data connections and many self service users created connection is it possible to recover the password.


Digital Support
Digital Support

@krishnakumars7 , You cannot recover the passwords, but if you have the backup of the old certificates you can roll back in order to have the system be able to decrypt the password hashes properly. However this is not recommended since you would also be reverting the nodeJS security vulnerability fix. 


After upgrading to the February 2020 version we received an "unknown error" messege when accessing the script editor.  Pressing "close" we can access de script but data connections do not load poperly. Has anyone else experienced this issue?