Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Week 2: Presenting "Automate Sucess" and "Integration for Innovation" - WATCH NOW
Sonja_Bauernfeind
Digital Support
Digital Support
‎2024-12-04 09:36 AM

Qlik Sense Enterprise for Windows - New Security Patches Available Now

Edited December 5th: identified upgrades leading to complications with extensions
Edited December 6th: added workaround for extension complication
Edited December 10th: added CVEs (CVE-2024-55579 and CVE-2024-55580)
Edited December 12th, noon CET: added new patch versions and visualization and extension fix details; previous patches were removed from the download site

Hello Qlik Users,

New patches have been made available and have replaced the original six releases. They include the original security fixes (CVE-2024-55579 and CVE-2024-55580) as well as QB-30633 to resolve the extension and visualization defect.

If you continue to experience issues with extensions or visualizations, see QB-30633: Visualizations and Extensions not loading after applying patch.

Security issues in Qlik Sense Enterprise for Windows have been identified, and patches have been made available. Details can be found in Security Bulletin High Severity Security fixes for Qlik Sense Enterprise for Windows (CVE-2024-55579 and CVE-2024-5558....

Today, we have released six service releases across the latest versions of Qlik Sense to patch the reported issue. All versions of Qlik Sense Enterprise for Windows prior to and including these releases are impacted:

  • May 2024 Patch 9
  • February 2024 Patch 13
  • November 2023 Patch 15
  • August 2023 Patch 15
  • May 2023 Patch 17
  • February 2023 Patch 14

 

No workarounds can be provided. Customers should upgrade Qlik Sense Enterprise for Windows to a version containing fixes for these issues. November 2024 IR, released on the 26th of November, contains the fix as well

  • November 2024 Initial Release
  • May 2024 Patch 10 or 11 (both valid)
  • February 2024 Patch 14 or 15 (both valid)
  • November 2023 Patch 16 or 17 (both valid)
  • August 2023 Patch 16 or 17 (both valid)
  • May 2023 Patch 18 or 19 (both valid)
  • February 2023 Patch 15 or 16 (both valid)
This issue only impacts Qlik Sense Enterprise for Windows. Other Qlik products including Qlik Cloud and QlikView are NOT impacted.

All Qlik software can be downloaded from our official Qlik Download page (customer login required). Follow best practices when upgrading Qlik Sense.

The information in this post and Security Bulletin High Severity Security fixes for Qlik Sense Enterprise for Windows (CVE-2024-55579 and CVE-2024-5558... are disclosed in accordance with our published Security and Vulnerability Policy.

 

The Security Notice label is used to notify customers about security patches and upgrades that require a customer’s action. Please subscribe to the ‘Security Notice’ label to be notified of future updates. 

Thank you for choosing Qlik,
Qlik Global Support

36,001 Views
129 Comments
henrikalmen
Specialist II
Specialist II
‎2024-12-11 04:41 PM

@Benoit_C  @Sonja_Bauernfeind 

I shut down all qlik services on rim nodes, and then on central node, in prod environment. On the central node I then tried starting/stopping/starting the services without doing anything else, but the extensions did not appear again.

As next step I altered Repository.exe.config on central node, according to the instructions, and then when I started the services again, the three missing extension folders magically appeared where they are supposed to be, and they are functioning as they are supposed to in QS frontend. In the same way as I experienced in dev environment earlier today. (After that I of course made the same alteration on rim nodes before starting services on them.)

After this I have now also upgraded May24 P10 to P11.

0 Likes
1,751 Views
AdamJohnson
Partner - Contributor III
Partner - Contributor III
‎2024-12-11 11:18 PM

@Sonja_Bauernfeind I have clients with External facing QAP. I see on page 1 you stated that counts as 'network access'. Can you confirm that these are vulnerable please? Just looking for clarification.

0 Likes
1,717 Views
prinzchristian
Partner - Contributor III
Partner - Contributor III
‎2024-12-12 12:12 AM

QSoW Patch November 2024 SP1 --> Problem with SAP Connector!!!

Has anyone already changed the behavior with the SAP Connectors with the 2024 November patch 2 tested?

Github - Release November 2024 Patch 2 

Qlik Case Number: 
# 00334265: SAP Connector in Qlik Sense using Standard mode is not working anymore

 

0 Likes
1,700 Views
LDR
Creator II
Creator II
‎2024-12-12 01:08 AM

Hi @Sonja_Bauernfeind 

Is still necessary to apply the workaround you explained if we install Patch 11 instead of Patch 10?

My QS environment is currently running over the release May-2024 Patch 9.

Thanks

0 Likes
1,671 Views
M_B
Creator
Creator
‎2024-12-12 02:07 AM

The issue still persists with the mobile app even after installing May 2024 patch 11.

0 Likes
1,616 Views
Benoit_C
Support
Support
‎2024-12-12 02:15 AM

@M_B this is a separate problem not linked to this topic. We have already an internal investigation about it (QB-30710).

1,602 Views
dobak
Partner - Contributor II
Partner - Contributor II
‎2024-12-12 03:26 AM

@Sonja_Bauernfeind are the patch 11 security fixes for may 2024 qs the same as patch 10?

in other words. if we have patched with 10 and applied the extensions fix do we need to go to patch 11?

0 Likes
1,546 Views
eyalnir_qlik
Partner - Creator II
Partner - Creator II
‎2024-12-12 03:28 AM

Hi @Benoit_C @M_B

I've open a ticket regarding to mobile issue, Qlik R&D confirmed this is an bug ID QB-30710 
FYI

 

1,538 Views
janyf
Partner - Creator
Partner - Creator
‎2024-12-12 03:56 AM

Hello, 

We tried yesterday patch No23P17 , on customer environment ,on dev server everything work as should. But on prod we encounter whole host of issues and in the end we rollback to original Nov23P10 

after installing P17 , all Qlik apps are showing only An Error occurred, and there is no DLE , or sheets in case that DLE is there. 
When I removed patch , I encountered logging.dll repository crash issue so I need to ran repair. 
After that I rebooted a tried same patch again and this time all extensions stopped working, even when I apply fix from P16. 
when I again remove patch , some extensions were working and some not. I installed P10 again , extensions slowly start work again. 
So i leave it on P10 ... 

Today we tried to upgrade from Feb24 to may24P11 and we have same an error occurred bug. After we removed patch , reboot server and patch it again it is working. 


So this patches are really finicky and tricky. 

brgds

0 Likes
1,463 Views
M_B
Creator
Creator
‎2024-12-12 03:58 AM

Hello @Benoit_C@eyalnir_qlik,

Thanks for the replies.

The issue I am having I described on page 4 of this thread

"Hello Qlik team,

I recently applied the May 2024 Patch 10 to all our servers and now the mobile app will not open apps.

After logging in, you can see the streams and the apps. Opening any app leaves you with blank screen. I am not a 100% sure the patch caused the issue but it is the only thing that has changed recently. The mobile app was working before the update. Does not matter whether it is Android or IOS

Best regards."

Like I said before I also update to May 2024 Patch 11 to try and resolve this.

I would also like to add that it is not only the mobile app but our external link exhibits the same behavior as well. The hub opens normally and everything is available. Streams and apps are displayed. When you open an app, it just gives a blank white page. Opening through the FQDN works fine. I am not sure if it is an issue with load balancer but we did not have any issues before the recent update.

I will continue to investigate from our side while Qlik Team investigates "QB-30710".

Thank you.

1,455 Views
Subscribe by Topic