Edited December 5th: identified upgrades leading to complications with extensions Edited December 6th: added workaround for extension complication Edited December 10th: added CVEs (CVE-2024-55579 and CVE-2024-55580) Edited December 12th, noon CET: added new patch versions and visualization and extension fix details; previous patches were removed from the download site
Hello Qlik Users,
New patches have been made available and have replaced the original six releases. They include the original security fixes (CVE-2024-55579 and CVE-2024-55580) as well as QB-30633 to resolve the extension and visualization defect.
Today, we have released six service releases across the latest versions of Qlik Sense to patch the reported issue. All versions of Qlik Sense Enterprise for Windowsprior to and including these releases are impacted:
May 2024 Patch 9
February 2024 Patch 13
November 2023 Patch 15
August 2023 Patch 15
May 2023 Patch 17
February 2023 Patch 14
No workarounds can be provided. Customers should upgrade Qlik Sense Enterprise for Windows to a version containing fixes for these issues. November 2024 IR, released on the 26th of November, contains the fix as well.
November 2024 Initial Release
May 2024 Patch 10 or 11 (both valid)
February 2024 Patch 14 or 15 (both valid)
November 2023 Patch 16 or 17 (both valid)
August 2023 Patch 16 or 17 (both valid)
May 2023 Patch 18 or 19 (both valid)
February 2023 Patch 15 or 16 (both valid)
This issue only impacts Qlik Sense Enterprise for Windows. Other Qlik products including Qlik Cloud and QlikView are NOT impacted.
The Security Notice label is used to notify customers about security patches and upgrades that require a customer’s action. Please subscribe to the ‘Security Notice’ label to be notified of future updates.
@williamandersson I haven't experienced any differences after applying P11 from P10. I don't even know what was possibly fixed in the P11 release. So no, I haven't seen any new issues with P11.
I now get the same behavior with the patch to the latest May release - how am I supposed to close the gaps if I get a non-working system in return?
After uninstalling the patch, the connector will run as usual on the original May 2024 version.
UPDATE - 2024.05 Patch 11 | 2025.01
I can confirm the following solution and it works with patch 11 - update to 2024 Nov. Patch 2 is then planned for next week.
Edited by Qlik: removed solution, This configuration change reverts recent security improvements made to the product and could lead to users being able to execute unintended code on the server.
Qlik Case Number: # 00334265: SAP Connector in Qlik Sense using Standard mode is not working anymore
The issue seemed to have started after installing patch 10 for us. There were no complaints before that. When opening the mobile app or browser through our external link (we usually access Qlik through the internet), the hub loads just fine and displays all streams and apps. When we try to open an app, we encounter a blank page (whether through the mobile app (Client-Managed - Qlik Sense Mobile February 2024 1.25.2.1) or browser (any browser)). Refreshing the page a couple dozen time might get you to the app but that is extremely unreliable and impractical.
The setup is 2 consumer nodes behind a URL and physical load balancer. I do not face this issue when using the FQDN of the server/machine name.
User eyalnir_qlik seems to be having a similar issue and has opened a support ticket.
Please read through my earlier posts for other information.
Yesterday and today I woke up to alarm messages by our monitoring software, alerting me to the fact that the C: drive of our QS Prod server is about to be clogged up
I believe that ever since installing February 2024 Patch 14, the size of the file C:\ProgramData\Qlik\Sense\Log\governanceLogContent_7.18.0_file.qvd is spiraling out of control. It currently clocks in at 40.9gb. That has never happened before.
@Sonja_Bauernfeind is there going to be an additional patch released by Qlik that resolves the original CVE issues, includes the updates required for visualization issues, and the additional issues being reported by users since the latest patch was released? Based on the last few pages of responses I am hesitant to upgrade environments since there are still a variety of issues reported, but at the same time know the vulnerability needs to be closed.
