Latest update as of Feb. 15, 2022. All current threats have been addressed.
Further updates will be made as new information becomes available.
Qlik has been diligently reviewing and testing our product suite since we’ve become aware of the Apache Log4j vulnerability mid-December. We want to ensure Qlik users that your security is our upmost priority. We have addressed multiple vulnerabilities through a series of product patches for supported affected versions and we recommend you update to the most recent releases available, shown in the chart below.
Log4j versions before v2.16 presented the highest threat and all exposed Qlik products have provided patches with at least v2.16 and will all be updated to v2.17.1 or later under the regular release schedule as we are not vulnerable to the CVEs related to 2.17.0
We’d like to direct you to our FAQ document to review should you have any further questions, and we encourage you to comment with any additional questions.
The following products are not affected:
Qlik Sense Enterprise, all supported versions
Qlik Sense Enterprise SaaS
QlikView, all supported versions
Nprinting, all supported versions
Qlik Alerting, all supported versions
Qlik Web Connectors, all supported versions
Qlik RepliWeb and ARC, all supported versions
AIS, including ARC, all supported version
Qlik Catalog supported versions before May 2021 are not affected
Qlik Data Transfer
Salesforce and SAP Connectors are not affected
ODBC Connector Package
Qlik Sense Business
The following products are under review:
The following products are affected. Qlik has provided patches linked here; customers are advised to install the patches at their earliest convenience.
Downloads can be accessed by visiting our new Downloads page on Qlik Community when signed in with your Qlik ID , then selecting the product then the latest release.
Please keep in mind that Qlik's on-premise (or client-managed) data integration products are intended to only be accessed on an internal network; therefore any potential impacts of CVE-2021-44228 should be mitigated by your internal network and access controls.