Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik and ServiceNow Partner to Bring Trusted Enterprise Context into AI-Powered Workflows. Learn More!
Jamie_Gregory
Community Manager
Community Manager
‎2021-05-18 01:12 PM

New Security Patches Available Now

Hello Qlik Users,

Today we have seven Qlik Sense patches and one for Qlik Connector for use with SAP NetWeaver:

  • February 2021 Patch 5
  • November 2020 Patch 10
  • September 2020 Patch 12
  • June 2020 Patch 16
  • April 2020 Patch 16
  • February 2020 Patch 12
  • November 2019 Patch 17
  • SAP NetWeaver 7.0.7

 

These patches include a fix for the security vulnerability, details of which can be found in the Security Bulletin SB: Cross-site scripting (XSS) vulnerability in Qlik Sense Enterprise.

The downloads for the patches can all be found on the Qlik Download site. The release notes for SAP NetWeaver can also be found on the Qlik Download site.

Release Notes for the Qlik Sense patches can be found in the Qlik Community, on the new Release Notes page.

Please follow best practices when upgrading Qlik Sense.

The information in this post and Security Bulletin are disclosed in accordance with our published Security and Vulnerability Policy.

Kind regards,

Qlik Global Support

5/25/2021 - Update to clarify a couple of questions:

  • The versions listed in the Security Bulletin are the fixed versions. Versions prior to those listed are the affected versions.

  • If you do not use the SAP connector, you still need to apply the patch for Qlik Sense.

  • There is a new release that includes the security fix as well so you will most likely want to apply that patch (both do not need to be applied in that case). 

Labels
4,857 Views
8 Comments
Anonymous
Not applicable
‎2021-05-18 06:54 PM

Thank you Qlik, Jamie san,  for always providing the information in a very concise and clear manner since I can share with my team in our local language easily and quickly. Wonderful job!! Thank you!!

3,762 Views
Jamie_Gregory
Community Manager
Community Manager
‎2021-05-19 09:22 AM

You're welcome, @Anonymous 🙂

3,448 Views
stvegerton
Creator III
Creator III
‎2021-05-19 01:09 PM

Do I need February 2021 Patch 5 if I'm NOT using the SAP connector?  

3,329 Views
Jamie_Gregory
Community Manager
Community Manager
‎2021-05-20 04:27 PM

Hello @stvegerton, it's my understanding that it's a Qlik Sense issue and an SAP Connector issue. I am double checking for you. If I don't hear anything back today, I will let you know early next week. Also, I am about to blog about it, but there are new patches out for Qlik Patch Wednesday and it includes the security patch. So you may want to go to the latest patch.

3,067 Views
Jamie_Gregory
Community Manager
Community Manager
‎2021-05-24 01:37 PM

@stvegerton I confirmed that even if you are not using SAP, you should apply the patch. 

2,872 Views
BI41andAll
Contributor II
Contributor II
‎2021-05-25 08:03 AM

Hello, does May 2021 need a patch or is it not impacted by the XSS vulnerability in QSE?

2,771 Views
AlexOmetis
Partner Ambassador
Partner Ambassador
‎2021-05-25 08:49 AM

@BI41andAll  - the Security Bulletin linked above says  anything before May 2021 (amongst others) is affected so that means May 2021 itself is not affected. 

1,893 Views
Jamie_Gregory
Community Manager
Community Manager
‎2021-05-25 10:54 AM

@BI41andAll what @AlexOmetis said is correct 🙂 anything before the versions listed is affected. The list is the fixed versions. 

1,836 Views
Subscribe by Topic