Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
Jamie_Gregory
Community Manager
Community Manager
‎2020-03-05 05:00 PM

Node.js Vulnerability - FAQ

Hello Qlik Users,

It's been another busy day here in Support! We recently released Qlik Sense patches for specific versions that address the Node.js security vulnerability.  For more information, please see SB: Qlik and Node.js February 2020 Security Updates​​​​​​​. Please see the previous blog posts regarding those updates:

We put together an FAQ regarding the updates. Please let us know if there are any additional questions.

 

FAQ 

Which initial version of Qlik Sense is the vulnerability addressed in? 

The initial fixed version is February 2020. All versions going forward will have the fix included. 


Which Qlik Sense patches address the vulnerability? 

The following patches address the vulnerability:  

  • February 2019 Patch 8 

  • April 2019 Patch 8 

  • June 2019 Patch 11 

  • September 2019 Patch 7 

  • November 2019 Patch 6 

Any additional patches in these tracks will also include the fix. 

 

Do I need to upgrade? 

Yes, you will need to upgrade. 


When do I need to upgrade? 

As soon as possible. Please refer to best practices when upgrading (see Patching Qlik Sense)


What happens if I don’t upgrade? 

Qlik will not take responsibility for any security breach within your environment. 


How do I do upgrade?  

Please see Patching Qlik Sense on the Help site for specific steps. It’s important to note the additional steps for recreating the certificates due to the Node.js vulnerability. Please use the following materials for more guidance on recreating the certificates: 


If I run the Powershell script and it fails, how do I recover/proceed?  

We are quite confident the Powershell script for recreating the certificates (see Recreating the Qlik Sense Root Certificate (Root CA) ) will run smoothly. However, should any issues arise, please try manually recreating the certificates (Manually Recreating The Qlik Sense Root CA). If there are any other issues or questions, please contact Qlik Support


How do I confirm the Powershell script for recreating the certificates ran successfully?   

Check the certificate using the C2 Validator confirm the certificate is good once the certificate has been recreated. 


Do I need to recreate the Qlik Sense certificates? 

If the initial version that Qlik Sense was installed with was prior to June 2019, then yes, the certificates need to be recreated. Please see the release notes for more information: 

Qlik Sense Patch

 

February 2019 Patch 8

Release Notes

April 2019 Patch 8

Release Notes

June 2019 Patch 11

Release Notes

September 2019 Patch 7

Release Notes

November 2019 Patch 6

Release Notes

 

Why do I need to recreate the Qlik Sense certificates? 

For the new version of Node.js to be compatible with Qlik Sense, the Qlik Sense certificates need to be recreated. 

 

What version(s) should I apply if I am looking to upgrade to a more recent version? 

We recommend upgrading to the latest version. However, we know that is not always possible. Regardless of the track you upgrade to, you will first need to apply the Initial Release (IR) then apply the latest patch for that track. Example: If you’re currently on June 2019 Patch 10 and would like to upgrade to the November 2019 track, you will need to apply November 2019 IR first then apply November 2019 Patch 6. 


I have recreated my certificates. Do I need to update the certificates anywhere else? 

You will also have to replace Qlik Sense root certificate with the newly created one in the following cases:  

  • Your Qlik Sense deployment is connected with Qlik NPrinting, Qlik multi-cloud setups, or any other external tools or configurations. 

  • You have configured QlikView Distribution Service for distribution of links to QlikView documents to the Qlik Sense hub. 

 

If I upgrade to February 2020, do I need to recreate the certificates? 

No, you do not have to recreate the certificates. The February 2020 installer will recreate the certificates for you. Verify the certificates were created successfully by using the C2 Validator tool. 

 

Kind regards,

Global Support

Labels
Tags (3)
9,539 Views
25 Comments
Gysbert_Wassenaar
MVP
MVP
‎2020-03-06 12:53 AM

Does the patch need to be installed before recreating the certificates? Or the other way around? Or does the order not matter?

Is it still necessary to re-enter passwords for data connections after recreating the certificates?

 

7,332 Views
ssamuels
Partner - Creator
Partner - Creator
‎2020-03-06 04:14 AM

In my experience after the upgrade to February 2020 the reload tasks for the monitoring apps will fail and you need to re-enter the passwords in the REST connections for the monitoring apps. Not sure if the same counts for other data-connections, but I won't be surprised if it does....

0 Likes
7,223 Views
korsikov
Partner - Specialist III
Partner - Specialist III
‎2020-03-06 04:21 AM

in my experience

Upgrade Nov 2019 to Feb 2020 - All OK.  not need to re-enter passwords

Update Nov 2019 U4 to Nov 2019 U6 - a lot of manual work, with scripts, and had to re-enter passwords in all data connections

I call it "sunset in manual mode" 😞

0 Likes
7,210 Views
Gysbert_Wassenaar
MVP
MVP
‎2020-03-06 07:58 AM

Something else I wondered about is releases prior to February 2019. There are no patches for earlier releases. Qlik Support told me there won't be. Releases that are more than 12 months old are not supported and don't get security patches. You will have to upgrade to a release that does have a patch available.

Imho Qlik should communicate this very clearly. I had to go bother Qlik Support to get a definite answer.

 

7,141 Views
Jamie_Gregory
Community Manager
Community Manager
‎2020-03-06 09:09 AM

@Gysbert_Wassenaar The patch needs to be installed first. This is stated in the release notes as well as when you run the installer, it lets you know that there are additional steps afterwards.

The easiest way is to upgrade to February 2020, however, we know that is not always possible so articles have been created to walk customers through step by step to hopefully minimize issues.  

If you should have any questions about releases, please review our maintenance policies on Qlik.com or reach out to your Account Manager. They can always clarify this information for you. 

0 Likes
7,083 Views
Jamie_Gregory
Community Manager
Community Manager
‎2020-03-06 09:09 AM

@ssamuels  @korsikov  Did y'all use the scripts to recreate the certificates or did you manually remove all the certificates and recreate?

0 Likes
7,072 Views
mborsadw
Partner - Creator
Partner - Creator
‎2020-03-06 09:31 AM

We have Nov18 installed currently. If we move to Feb2020, do we still have to recreate certificates?

4,763 Views
Jamie_Gregory
Community Manager
Community Manager
‎2020-03-06 10:33 AM

@mborsadw  Nope! You will not have to recreate the certificates if you go straight to February 2020 🙂

4,730 Views
ssamuels
Partner - Creator
Partner - Creator
‎2020-03-06 11:07 AM

With the upgrade from November 2019 to February 2020 the root certificate was re-created automatically. After the upgrade I noticed the new NLP features in Insight Advisor was not working. In order to fix this I had to manually re-create the certificates as described in this support article. 

https://support.qlik.com/articles/000094782  

0 Likes
4,711 Views
korsikov
Partner - Specialist III
Partner - Specialist III
‎2020-03-10 03:33 AM

@Jamie_Gregory  I use PowerShell scripts

0 Likes
4,231 Views
Subscribe by Topic