Skip to main content

Support Updates

The Support Updates blog delivers important and useful Qlik Support information about end-of-product support, new service releases, and general support topics.

Announcements
Welcome to Qlik Community! Check out our new navigation! FIND OUT MORE
Katie_Davis
Digital Support
Digital Support

Qlik is aware that a set of well publicized vulnerabilities have been identified in the popular Java Spring Framework. These vulnerabilities have been assigned references CVE-2022-22965 (also known as "Spring4Shell"), CVE-2022-22947, CVE-2022-22950 and CVE-2022-22963. 

 

Qlik has been diligently reviewing our product suite since we’ve become aware of these issues. We want to ensure Qlik users that your security is our upmost priority. As always, we recommend customers stay up-to-date on the most recent releases available for your product. 

 

Products Not Impacted 

The following products are NOT affected: 

  • Qlik Cloud 
  • Client-Managed Qlik Sense Enterprise and QlikView (all versions) 
  • GeoAnalytics (all versions) 
  • Qlik Compose (all versions) 
  • Qlik Compose for Data Lakes (all versions) 
  • Qlik Compose for Data Warehouses (all versions) 
  • Qlik Enterprise Manager (all versions) 
  • Qlik NPrinting
  • Qlik Replicate (all versions) ** 

** Qlik Replicate contains libraries that contain the affected code, but they are not used in a way that is exploitable. These will be removed in a upcoming patch. 

 
Products Impacted 

Our testing shows only client-managed versions of Qlik Catalog are directly impacted (by CVE-2022-22965 and CVE-2022-22950) and a patch will be available as Feb 2022 SR2 and for the May 2022 release. Mitigation steps for earlier releases are linked in this knowledge base article.

 

Update 4/04/2022 8:15p.m EST

Qlik Catalog Feb 2022 SR2 is now available on the Downloads Site. Please be sure to be logged into Qlik Community with your Qlik ID to access. Katie_Davis_0-1649118041857.png

 

 

Please subscribe to our Support Updates blog for continued updates as they become available. 

Thank you for choosing Qlik,  

Qlik Global Support 

6 Comments
eyalnir_qlik
Partner - Contributor III
Partner - Contributor III

Hi,

what about Nprinting impacted? thanks

2,151 Views
Katie_Davis
Digital Support
Digital Support

Hi @eyalnir_qlik , NPrinting is not impacted and has just been added above. 

Thanks!

Katie

1,906 Views
JitenderR
Employee
Employee

Thank You @Katie_Davis So once the next patch is available, is an upgrade a MUST? or we can plan it in next few months?

 

Regards

JR

1,542 Views
lichtbringer667
Contributor
Contributor

hi,

we use the qlikviewserver and the qlikview plugin are these products affected by the vulnerability?

thanks

lb

1,303 Views
Sonja_Bauernfeind
Digital Support
Digital Support

Hello @lichtbringer667 

QlikView products (a server install, the IE plugin, and the Desktop client) are not affected.

All the best,
Sonja 

1,269 Views
Katie_Davis
Digital Support
Digital Support

Hi @JitenderR ,

 

It's recommended you upgrade to the February 2022 Service Release 2 to be best protected against the vulnerabilities.

 

Thanks,

Katie

752 Views