Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Solving the Informatica Dilemma: On-Demand Briefing - Watch On Demand!
Sonja_Bauernfeind
Digital Support
Digital Support
‎2024-12-04 09:36 AM

Qlik Sense Enterprise for Windows - New Security Patches Available Now

Edited December 5th: identified upgrades leading to complications with extensions
Edited December 6th: added workaround for extension complication
Edited December 10th: added CVEs (CVE-2024-55579 and CVE-2024-55580)
Edited December 12th, noon CET: added new patch versions and visualization and extension fix details; previous patches were removed from the download site

Hello Qlik Users,

New patches have been made available and have replaced the original six releases. They include the original security fixes (CVE-2024-55579 and CVE-2024-55580) as well as QB-30633 to resolve the extension and visualization defect.

If you continue to experience issues with extensions or visualizations, see QB-30633: Visualizations and Extensions not loading after applying patch.

Security issues in Qlik Sense Enterprise for Windows have been identified, and patches have been made available. Details can be found in Security Bulletin High Severity Security fixes for Qlik Sense Enterprise for Windows (CVE-2024-55579 and CVE-2024-5558....

Today, we have released six service releases across the latest versions of Qlik Sense to patch the reported issue. All versions of Qlik Sense Enterprise for Windows prior to and including these releases are impacted:

  • May 2024 Patch 9
  • February 2024 Patch 13
  • November 2023 Patch 15
  • August 2023 Patch 15
  • May 2023 Patch 17
  • February 2023 Patch 14

 

No workarounds can be provided. Customers should upgrade Qlik Sense Enterprise for Windows to a version containing fixes for these issues. November 2024 IR, released on the 26th of November, contains the fix as well

  • November 2024 Initial Release
  • May 2024 Patch 10 or 11 (both valid)
  • February 2024 Patch 14 or 15 (both valid)
  • November 2023 Patch 16 or 17 (both valid)
  • August 2023 Patch 16 or 17 (both valid)
  • May 2023 Patch 18 or 19 (both valid)
  • February 2023 Patch 15 or 16 (both valid)
This issue only impacts Qlik Sense Enterprise for Windows. Other Qlik products including Qlik Cloud and QlikView are NOT impacted.

All Qlik software can be downloaded from our official Qlik Download page (customer login required). Follow best practices when upgrading Qlik Sense.

The information in this post and Security Bulletin High Severity Security fixes for Qlik Sense Enterprise for Windows (CVE-2024-55579 and CVE-2024-5558... are disclosed in accordance with our published Security and Vulnerability Policy.

 

The Security Notice label is used to notify customers about security patches and upgrades that require a customer’s action. Please subscribe to the ‘Security Notice’ label to be notified of future updates. 

Thank you for choosing Qlik,
Qlik Global Support

35,912 Views
129 Comments
gonzaloruizgonz
Partner - Creator
Partner - Creator
‎2024-12-11 09:09 AM

I will not register any case, i have put back the ondemand extension and i work now.

0 Likes
1,151 Views
martingries
Luminary
Luminary
‎2024-12-11 09:21 AM

QSoW Patch November 2024 SP1 --> Problem with SAP Connector!!!

We updated today from May 2024, Patch 3 to November 2024, Patch 1 and we had Task errors like this one:

Error: Connector C:\Program Files\Common Files\QlikTech\Custom Data\QvSAPReportConnector\QvSAPReportConnector.dll not found

We had to reinstall Qlik Sense back to May 2024 😞

After this expierence we found this post:

SAP Connector in Qlik Sense using Standard mode - Qlik Community - 1714238

It would be nice to have a fix for that

BR

Martin

1,124 Views
Benoit_C
Support
Support
‎2024-12-11 09:27 AM

@henrikalmen I understood that since Patch 10, there are extension which seems missing or broken.

Then, if you install patch 11, and then import again those extension. Will that work again?

For bundle extension, you can follow below article to remove and reinstall it:

https://community.qlik.com/t5/Official-Support-Articles/Installing-and-removing-Qlik-Sense-Extension...

https://community.qlik.com/t5/Official-Support-Articles/Cannot-find-the-Extension-bundle-after-an-in...

0 Likes
1,099 Views
henrikalmen
Specialist II
Specialist II
‎2024-12-11 09:39 AM

@Benoit_C I applied the "workaround" now and it actually brought the missing folders back (StaticContent/Extensions/ -> sn-text, sn-shape and sn-layout-container). I don't know how that happened, but it did.The folders are timestamped at the same time as I restarted the services after having applied the workaround text in the config file. I'm still on May2024 P10, haven't updated to P11. I don't understand how this operation brought the folders back, but it seems it did.

0 Likes
1,067 Views
Sonja_Bauernfeind
Digital Support
Digital Support
‎2024-12-11 09:47 AM

Hello @henrikalmen 

Here is what support suggested: If possible, please upgrade to patch 11 now that all your extensions are back. Then verify if the extensions are still in place. If they are not, please reimport them as per Installing and removing Qlik Sense Extension bundle.

We would appreciate feedback on how the upgrade goes for you and which steps you had to take.

All the best,
Sonja

1,045 Views
henrikalmen
Specialist II
Specialist II
‎2024-12-11 10:20 AM

@Sonja_Bauernfeind I applied patch 11 now and the extensions have remained so I believe my issues are solved now. Thanks! (This was in dev environment, will apply workaround and p11 in prod environment after office hours.)

0 Likes
990 Views
Benoit_C
Support
Support
‎2024-12-11 10:24 AM

@henrikalmen, just to confirm, the workaround you're mentioning, is the fact to reinstall the extensions? Or something else?

0 Likes
975 Views
henrikalmen
Specialist II
Specialist II
‎2024-12-11 10:37 AM

@Benoit_C   No I did not have to reinstall the qlik dashboard bundle*. That's kind of confusing, actually. I could clearly see that the extension folders sn-shape, sn-text and sn-layout-container were missing. They simply weren't there, and that's still the case in my production environment. They must have been removed when I applied Patch 10 (May 24) a few days ago, only I did not notice until today. They did't exist on disk in the StaticContent/Extensions directory, and they could not be seen under extensions in QMC and were not available as frontend objects at all

When I applied the "workaround" that consists of adding the key VisualizationExtensionsExtractFilter to Repository.exe.config and restarted the qlik services, these folders magically reappeared and the folders' timestamps are the same timestamp as when I restarted the services.

The extensions also became visible in qmc/extensions and became available for use as objects in edit-mode in QS frontend.

 

*Previously I wrote visualization bundle, but it was the dashboard bundle. Available now in my dev environment where I have applied this fix, still missing in production environment where I will apply the fix later tonight.

0 Likes
934 Views
Benoit_C
Support
Support
‎2024-12-11 10:42 AM

@henrikalmen maybe it's just the fact to restart repository service that have reinstalled the extension? Not necessarily because of the Repository.exe.config modification.

0 Likes
914 Views
henrikalmen
Specialist II
Specialist II
‎2024-12-11 11:05 AM

@Benoit_C Yes, that thought occurred to me as well right after I posted my last comment. I'll try that first in prod environment tonight - just restart services and see what happens.

0 Likes
888 Views
Subscribe by Topic