Vulnerability PostGreSql

TTA · ‎2024-03-07

Hello,

We Have a list of vulnerabilities detected on PostGreSql :

CVE-2023-5868
CVE-2023-5869
CVE-2023-5870

platform :

version of QlikSens installed : version Septemnber 2019

Systèm: Windows x64 (64bit)

How to resolve this vulnerabilities.

Thanks

Ray_Strother · ‎2024-03-11

Hello ,

1. The version of Qlik Sense you are running has gone end of support.
2. The vulnerabilities , relate to certain versions of Postgres.
3. Newer versions of Qlik Sense utilize newer versions of Postgres.

Article link:

1. https://community.qlik.com/t5/Product-Lifecycle/Qlik-Sense-Enterprise-on-Windows-Product-Lifecycle/t...

2. https://community.qlik.com/t5/Official-Support-Articles/Upgrading-and-unbundling-the-Qlik-Sense-Repo...

David_Friend · ‎2024-03-11

@TTA upgrade and unbundle PostgreSQL using the PQI, Ray already shared the links.

TTA · ‎2024-03-13

Hello Ray and David,

Thank you for your reponses.

We will try this solution and will back for you if we have any questions

Thank you

TTA · ‎2024-03-13

Hello,

Wich intitial version of upgrade we have to choose without losing data , applications/ certificate..

September 2021 initial release will be correct one ?

Thank you

Sebastian_Linser · ‎2024-03-13

Hello @TTA

given that you had a 2019 Version, the best is to go to November 2020 then November 2021 and finally to November 2022.

in November 2022 you can migrate the database using QPI https://community.qlik.com/t5/Official-Support-Articles/Upgrading-and-unbundling-the-Qlik-Sense-Repo...

This will give you Postgresql 14.8 which you can upgrade to 14.11 using the installer from here:

https://www.enterprisedb.com/downloads/postgres-postgresql-downloads

After that you can upgrade to November 2023 or February 2024 to be on the latest releases.

best regards

Sebastian

Help users find answers! Don't forget to mark a solution that worked for you! 🙂

TTA · ‎2024-03-26

Hello,

Thanks for the precisions

We have made a succesful upgrade to February 2024 with PostGre v 14.11

Now we need to perform a migration to PostGreSQL 16.2 do to security issues.

before proceed , we have some questions :

1 - does QlikSens February 2024 compatible/support PostGre 16.2 ?

2 - if yes , what is the best approach : installing PostGre 16.2 and after perform pg_upgrade and wich configuration is needed (port/connections ) ?

3 - backup PostGre v 14.11 ?

Some links will be helpful

Thanks a lot for your support

Sebastian_Linser · ‎2024-03-26

Hello @TTA

1. No, only 14.x is approved at the moment, we are still evaluating 15 and 16.

To move you can either to a fresh install of postrgesql 16.2 then add the user qliksenserepository. You Then create the databases QSR, SenseServices, QSMQ and Licenses using template0, and backup from 14 restore into 16.

https://help.qlik.com/en-US/sense-admin/February2024/Subsystems/DeployAdministerQSE/Content/Sense_De...

Or if you use the same password hash algorithm in both installations you use https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-Enterprise-on-Windows-How-To-Upgr...

best regards

Sebastian

Help users find answers! Don't forget to mark a solution that worked for you! 🙂

Security