Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Gartner® Magic Quadrant™: 15 YEARS A LEADER - GET THE REPORT
Sonja_Bauernfeind
Digital Support
Digital Support
‎2024-12-04 09:36 AM

Qlik Sense Enterprise for Windows - New Security Patches Available Now

Edited December 5th: identified upgrades leading to complications with extensions
Edited December 6th: added workaround for extension complication
Edited December 10th: added CVEs (CVE-2024-55579 and CVE-2024-55580)
Edited December 12th, noon CET: added new patch versions and visualization and extension fix details; previous patches were removed from the download site

Hello Qlik Users,

New patches have been made available and have replaced the original six releases. They include the original security fixes (CVE-2024-55579 and CVE-2024-55580) as well as QB-30633 to resolve the extension and visualization defect.

If you continue to experience issues with extensions or visualizations, see QB-30633: Visualizations and Extensions not loading after applying patch.

Security issues in Qlik Sense Enterprise for Windows have been identified, and patches have been made available. Details can be found in Security Bulletin High Severity Security fixes for Qlik Sense Enterprise for Windows (CVE-2024-55579 and CVE-2024-5558....

Today, we have released six service releases across the latest versions of Qlik Sense to patch the reported issue. All versions of Qlik Sense Enterprise for Windows prior to and including these releases are impacted:

  • May 2024 Patch 9
  • February 2024 Patch 13
  • November 2023 Patch 15
  • August 2023 Patch 15
  • May 2023 Patch 17
  • February 2023 Patch 14

 

No workarounds can be provided. Customers should upgrade Qlik Sense Enterprise for Windows to a version containing fixes for these issues. November 2024 IR, released on the 26th of November, contains the fix as well

  • November 2024 Initial Release
  • May 2024 Patch 10 or 11 (both valid)
  • February 2024 Patch 14 or 15 (both valid)
  • November 2023 Patch 16 or 17 (both valid)
  • August 2023 Patch 16 or 17 (both valid)
  • May 2023 Patch 18 or 19 (both valid)
  • February 2023 Patch 15 or 16 (both valid)
This issue only impacts Qlik Sense Enterprise for Windows. Other Qlik products including Qlik Cloud and QlikView are NOT impacted.

All Qlik software can be downloaded from our official Qlik Download page (customer login required). Follow best practices when upgrading Qlik Sense.

The information in this post and Security Bulletin High Severity Security fixes for Qlik Sense Enterprise for Windows (CVE-2024-55579 and CVE-2024-5558... are disclosed in accordance with our published Security and Vulnerability Policy.

 

The Security Notice label is used to notify customers about security patches and upgrades that require a customer’s action. Please subscribe to the ‘Security Notice’ label to be notified of future updates. 

Thank you for choosing Qlik,
Qlik Global Support

33,946 Views
129 Comments
tduarte
Partner - Creator II
Partner - Creator II
‎2024-12-09 01:15 PM

@Sonja_Bauernfeind can you please confirm whether the November 2024 IR release is affected by the extensions/viz issues?

0 Likes
1,440 Views
David_Friend
Support
Support
‎2024-12-09 01:23 PM

Nov 24 IR is NOT affected

1,427 Views
jfour
Contributor II
Contributor II
‎2024-12-09 01:55 PM

We had this issue arise when applying the patch to February 2024 Patch 4-14.173.8

Adding repository config entry and restarting services on all nodes, the immediate issue seems resolved.

Thank You.

 

0 Likes
1,389 Views
korsikov
Partner - Specialist III
Partner - Specialist III
‎2024-12-10 02:23 AM

It's look like extension problem affected only patched version. As I see on my enviroments - Febr 2024 and May 2024 has problem with extention, but in the same time there no problem with the same extension in November 2024 IR

0 Likes
1,320 Views
mscagliusi
Partner - Contributor
Partner - Contributor
‎2024-12-10 10:10 AM

Hi! After the installation of the patch, we have problems related to App Monitoring. Can you help?

0 Likes
1,194 Views
korsikov
Partner - Specialist III
Partner - Specialist III
‎2024-12-10 10:15 AM

@mscagliusi  What king of problem? can you provide detailed information about problems?

0 Likes
1,170 Views
AdamJohnson
Partner - Contributor III
Partner - Contributor III
‎2024-12-10 10:30 PM

The term "Unprivileged users with network access" is a bit ambiguous. Specifically, if there are people with QAP that has 'anonymous' access, or mashups/embeddings that are available externally, can these be exploited?

 

1,067 Views
GeorgeSavu
Contributor II
Contributor II
‎2024-12-11 07:07 AM

Hi @Sonja_Bauernfeind ,

New Patches have been published on GIT , do they fix the extensions issue ?

Thank you,

George

0 Likes
970 Views
Thomas_Hopp
Employee
Employee
‎2024-12-11 07:17 AM

Hi @GeorgeSavu you are winning the price for finding those patches as the first user 🙂 as we just started to push them out to GIT. Not all patches are their yet but we are going to update the blog post very soon as well. As well as refreshing the download app. But yes, those patches are fixing the extension issues. Thanks and best regards, Thomas

946 Views
ajourdan1684153368
Contributor II
Contributor II
‎2024-12-11 08:12 AM

P11 add, but Qlik multi kpi (and other) still KO.

842 Views
Subscribe by Topic