There is a known security vulnerability in QlikView Server which is fixed in version 11.20 SR12. More detailed information about the security vulnerability is available in the customer and partner portal Knowledgebase SB article number 000007272*. All customers should investigate the vulnerability in their deployment environment to determine their own level of exposure and path forward. Qlik recommends all QlikView Server users upgrade to 11.20 SR12.
This Service release contains more than 250 bug fixes and some improved functionality:
• QVS stability
A number of improvements have been made and several bugs have been fixed regarding QVS stability, both in single and clustered environments. The improvements will be most noticeable in high-pressure clustered scenarios.
• QDS improvements
A number of improvements have been done regarding QDS reliability in clustered environments. We recommend all customers with clustered QDS environments to upgrade.
• Support for Internet Explorer Touch
Touch mode on tablets or hybrid computers with Internet Explorer should now have the same functionality as Safari and Chrome.
• Direct Discovery Sub queries
Additional capability has been added in the cases where more than one table/view within the application is in Direct Discovery mode. A new Set statement can be used, see Release Notes for details.
• Possibility to turnoff “Execute” command in Publisher
As a security feature, it is now possible to turn off the ability to use “Execute” command in a script. See Release Notes for details.
• New API call for load balancing in QVS cluster
The new method allows the caller to find the address of the QVS that currently is most suitable for opening the specified document according to the load balancing settings of the given QV Web Server. This is to be used when building solutions that is not going through the AccessPoint.
Change of behaviour:
As a result of fixing bug 69228 “Syntax checker not working”, syntax error messages in object expressions are now returned to objects instead of returned as NULL. See Release Notes for details.
The release is available on the download site: Download