Qlik Sense Enterprise for Windows - New Security P... - Page 3 - Qlik Community

Sonja_Bauernfeind · ‎2024-12-04

Edited December 5th: identified upgrades leading to complications with extensions
Edited December 6th: added workaround for extension complication
Edited December 10th: added CVEs (CVE-2024-55579 and CVE-2024-55580)
Edited December 12th, noon CET: added new patch versions and visualization and extension fix details; previous patches were removed from the download site

Hello Qlik Users,

New patches have been made available and have replaced the original six releases. They include the original security fixes (CVE-2024-55579 and CVE-2024-55580) as well as QB-30633 to resolve the extension and visualization defect.

If you continue to experience issues with extensions or visualizations, see QB-30633: Visualizations and Extensions not loading after applying patch.

Security issues in Qlik Sense Enterprise for Windows have been identified, and patches have been made available. Details can be found in Security Bulletin High Severity Security fixes for Qlik Sense Enterprise for Windows (CVE-2024-55579 and CVE-2024-5558....

Today, we have released six service releases across the latest versions of Qlik Sense to patch the reported issue. All versions of Qlik Sense Enterprise for Windows prior to and including these releases are impacted:

May 2024 Patch 9
February 2024 Patch 13
November 2023 Patch 15
August 2023 Patch 15
May 2023 Patch 17
February 2023 Patch 14

No workarounds can be provided. Customers should upgrade Qlik Sense Enterprise for Windows to a version containing fixes for these issues. November 2024 IR, released on the 26th of November, contains the fix as well.

November 2024 Initial Release
May 2024 Patch 10 or 11 (both valid)
February 2024 Patch 14 or 15 (both valid)
November 2023 Patch 16 or 17 (both valid)
August 2023 Patch 16 or 17 (both valid)
May 2023 Patch 18 or 19 (both valid)
February 2023 Patch 15 or 16 (both valid)

This issue only impacts Qlik Sense Enterprise for Windows. Other Qlik products including Qlik Cloud and QlikView are NOT impacted.

All Qlik software can be downloaded from our official Qlik Download page (customer login required). Follow best practices when upgrading Qlik Sense.

The information in this post and Security Bulletin High Severity Security fixes for Qlik Sense Enterprise for Windows (CVE-2024-55579 and CVE-2024-5558... are disclosed in accordance with our published Security and Vulnerability Policy.

The Security Notice label is used to notify customers about security patches and upgrades that require a customer’s action. Please subscribe to the ‘Security Notice’ label to be notified of future updates.

Thank you for choosing Qlik,
Qlik Global Support

onnoemergo · ‎2024-12-06

Fix your download site.

I seem to be only able to download patches for November 2024 yet February 2024 is also effected and you no longer seem to offer any download at all.

Qlik download not available.20241206.png

Edit: Ignore post. Had to do with a filter I overlooked.

ajourdan1684153368 · ‎2024-12-06

Fix is good. thanks

oknotsen · ‎2024-12-06

Download site shows the same lack of options under both private as partner account.

jchoucq · ‎2024-12-06

Hi @Katie_Davis, thank you very much for the fix.

will a new patch containing this fix be released soon ?

Thanks
Johann

Sonja_Bauernfeind · ‎2024-12-06

Hello @oknotsen please clarify what you mean by "lack of options" for private and partner accounts.

@jchoucq We will continue to update the blog post with information as it becomes available

All the best,
Sonja

Sonja_Bauernfeind · ‎2024-12-06

@onnoemergo the patches should still be available

Can you verify if you have selected the filter "Latest release and latest patch only"? This will restrict the filter to only show you November 2024 and its patch.

You'll want to select "All releases and patches" or "All releases with latest patch".

Example:

all releases with latest patch.png

All the best,
Sonja

onnoemergo · ‎2024-12-06

Ugh. I need to get my eyes fixed.

Alternatively: Can we get the download site changed to no longer have that "only show latest version" option selected as default? I rarely (if ever) install the latest version at a customer as most customers require me to install T-1 versions of software.

fmarvnnt · ‎2024-12-06

Would be nice if R&D RePack/build the patches.. ..do You?

Thank You in Advance,

FMa

janyf · ‎2024-12-06

Hello ,

After patching , both mentioned extensions (container and text) were available, but we were unable to upload new ones (inphinity) .
After doing steps outlined in your fix, we were able to upload them and they are working.

prinzchristian · ‎2024-12-06

Since yesterday's update (November 2024 Patch 1) we have the problem that the described workaroud (SAP Connector in Qlik Sense using Standard mode ) no longer works and we get the message that DDL cannot be found.

However, the files are all located unchanged in the corresponding position in the file directory.

Does anyone have a solution for this?

Qlik SAP Connectors #SAP Qlik Sense Enterprise on Windows

Qlik Sense Enterprise for Windows - New Security Patches Available Now