Showing results for 
Search instead for 
Did you mean: 

XIQ OnPrem / IQVA New Release

XIQ OnPrem / IQVA New Release

New Contributor III


can anyone from Extreme tell me, when you plan to release a new feature version of XIQ OnPrem?

This is getting ridiculous, no big feature update for one and half year, we still have to use 21.1.x, so January 2021 version according to your scheme.


New Contributor II


Allow me to simplify.  As the bulletin says, "In certain configurations, an attacker could execute arbitrary commands with the privileges of the script."  In IQVA, yes, c_rehash is present. However, IQVA does not use it in any process, the configurations required for exploit are non-existent, and access to the OS in any capacity to expose it is not exposed.   Several other CVE's are being tackled in the January release, specifically CVE-2021-4034.   And no, the January release is not a joke, and is currently tracking as follows:

  • Dev Start:  (after 22r7 in cloud). on or about 11/15
  • Dev Complete:  12/15 (4w development time)
  • QA Test: 3w beginning in early January
  • GA Available:  end of January


Bill Lundgren, Distinguished Engineer
Portfolio Architect - Architecture, Security and Compliance
Extreme Networks

View solution in original post


New Contributor III

Well this information would have been great to see in the KB-article and not here, as it creates (at least for me) a lot of confusion, especially in terms of a new IQVA release.
But I don't get why you can't simply patch the OpenSSL version with the new release? As per your support policy the major support for IQVA runs until December 2023.

But thanks for the clarification.

New Contributor III

Hi Daniel,

we get the information from our support that IQ VA is
End of Sale at 1st Dec 2022,
End of Major Support 1st Dec 2023 and
End of Support 1st Dec 2025.
I personally doesn´t expect any software releases anymore.

We are also using the On-Prem version and are checking our options now.
Upgrade or developer change until 2025.