Hotfixes

The following hotfix is available for Appian 19.1.

Hotfix Package P

This is a cumulative hotfix package that includes Hotfix Packages A, B, C, D, E, F, G, H, I, J, K, L, M, N, and O as well as new hotfixes in a single download and a set of instructions. This package is required for any Appian 19.1 installations not currently on Hotfix Package P. After installing, you will be running on Appian 19.1 Hotfix Package P.

See the Installation section at the bottom of this page for instructions on how to install this hotfix package.

Download Link

19.1 Hotfix Package P

Release Date: 19 June 2020 (Package P)

Resolved Issues

Security Updates - Medium
AN-160477 - High
Screen reading software now correctly reads content within non-collapsible sections and boxes in Internet Explorer 11. This is not an issue in other browsers.
AN-156333 - Medium
Blocks the /suggest/ endpoints from being end-user accessible when Portal is disabled
AN-156806 - Medium
Fixed an issue where saving an expression with unbalanced parentheses or brackets could cause an expression to use older versions of functions.
AN-158447 - Medium
This doesn't change any user-facing functionality, but sets up logic to enable us to easily change permission levels in uri-list.csv and auto-generate the remaining files.
AN-160248 - Medium
Fixed an issue with the web content component where users on Google Chrome 83 could not download the embedded content.
AN-142032 - Medium
Search Server now does not repeatedly retry indexing a contiguous string greater than 32k in length. Any error due to such strings is now printed only once in the application server log.
AN-155604 - Low
Deletes certain htmlarea example files that were not needed and could expose information
AN-155620 - Low
Blocks certain endpoints within htmlarea from being end-user accessible when Portal is disabled

Release Date: 22 May 2020 (Released as Package O)

Resolved Issues

Security Updates - High
AN-155298 - Medium
When invoking a web API, the authorization header is now hidden.
AN-154661 - Low
Fixed Cross Site Scripting Vulnerability in Data Store name
AN-157343 - Low
Fixed XSS in Generate Documentation in Process Modeler

Release Date: 24 April 2020 (Package N)

Resolved Issues

Security Updates - Low
AN-155163 - High
Fixed an issued where the users page in the design console was inaccessible in some scenarios
AN-154589 - Medium
Fixed an issue with Search Server log rotation.
AN-156132 - Medium
Fixed an issue that incorrectly warned developers that others were editing the same process model.
AN-154339 - Low
Fixed an issue with Liquibase handling of Oracle DB timestamp values

Release Date: 30 March 2020 (Released as Hotfix Package M)

Resolved Issues

Security Updates - Medium
AN-153911 - High
The performance of dictionaries with a large number of fields has been improved.
AN-150731 - Medium
Fixed an issue with the getUsernameByUuid API that could result in null users
AN-152705 - Medium
a!queryProcessAnalytics no longer returns an error when an empty list is provided as the query.
AN-154329 - Medium
Improved performance of Interface Designer for interfaces with deeply nested components.

Release Date: 28 February 2020 (Released as Hotfix Package L)

Removals

The Disk Usage Metrics log has been removed. Previously, this log would record the amount of disk space consumed by logs, process model definitions, search indexes, and documents on a 12 hour cadence. For sites that had large numbers of these items, the size calculation could lead to intermittent performance issues.

Resolved Issues

Security Updates - Medium
AN-149140 - High
For security reasons, the Query Database Smart Service has been updated. Customers cannot run the LOAD DATA LOCAL INFILE command against a MySQL database by default from a Query Database Node in the Process Model. To provide higher security, for Appian Cloud customers, this command was already disabled at the database level for the Appian Cloud database and at the JDBC level for configured MySQL databases. There is no impact or action for Cloud customers. On-premise customers who wish to use this command must set the conf.data.mysql.loaddata.enabled property to "true" and conf.data.load.infile.path property as a comma-separated list of paths to whitelisted directories that contain the files to be loaded. If the required properties are not set, any Process Model using this command will pause by exception at runtime. This command is generally used to periodically load data from files into the database, and so we expect that most customers will not have to take the required action.
AN-149305 - High
JDBC connector configuration property "autoDeserialize" has been set to false for all MySQL database connections, in order to improve security.
AN-151549 - High
Adds additional protection against interfaces with large context memory sizes.
AN-137156 - Medium
Fixed an issue in the Interface Designer which prevented Design Mode from loading when using a!groupsByName().
AN-135117 - Low
Fixed an issue where changing a group type's name reset the attribute values of dependent groups.
AN-150265 - Low
Updated export function and smart service descriptions to include column limits.

Release Date: 31 January 2020 (released as Package K)

Resolved Issues

Security Updates - Medium
AN-148043 - High
When using IE11 in compatibility mode to authenticate to Appian via SAML, an error which prevents sign-in no longer occurs.
AN-147957 - High
Application server performance under high concurrency has been improved.
AN-147763 - High
Fixed an issue with the "not in" operator in a!queryFilter.
AN-146311 - High
A condition that could cause the process execution engines to use abnormally high amounts of CPU has been removed.
AN-145981 - High
An error that could prevent proper shutdown that would prevent upgrading has been prevented.
AN-142514 - High
Fixed an issue that would have been introduced by an upcoming Chrome version, Chrome 80, where embedded users would be unable to login.
AN-148138 - Medium
Fixed issue causing Query Database smart service to pause by exception when its first input is null
AN-146512 - Low
The cleanup script no longer removes archived kdb files when the logs parameter is specified.
AN-60854 - Low
A 'Report-Only' Content Security Policy header has been added.

Release Date: 13 December 2019 (Released as Package J)

Resolved Issues

Security Updates - High
AN-145504 - Critical
For security reasons, the Query DB Node smart service has been updated. Customers running the LOAD DATA INFILE command against a MySQL instance (only applicable to Configured Data Sources; not applicable to the Appian Cloud database) from a Query DB Node in a Process Model must set the conf.data.load.infile.paths custom property as a comma-separated list of file paths to whitelist the required directories. If the property is not set, any Process Model using this command will pause by exception at runtime. This command is generally used to periodically load data from files into the database, and so we expect that most customers will not have to take the required action described here.
AN-146705 - Low
Fixed an issue causing Search Server to break a site that is low on disk space

Release Date: 22 November 2019 (Released as Hotfix Package I)

Resolved Issues

Security Updates - Critical
AN-141281 - High
Fixed an issue where orphan process variables could exist and impact system performance.
AN-139947 - Medium
System memory use for Appian Cloud sites has been reduced.
AN-145027 - Medium
Document upload will no longer be limited by personal user storage space quotas, which were deprecated in Appian 17.3.

Release Date: 31 October 2019 (Released as Hotfix Package H)

Resolved Issues

Security Updates - Critical
AN-143289 - Critical
Fixed an issue with a null parameter in a!queryLogicalExpression and a!queryAggregation.
AN-142283 - Medium
Fixed an issue that caused some record links to break on import if the record type was deleted and then re-imported.
AN-141658 - Medium
Users no longer need to be in the Designer group to upload documents using Google Cloud Vision, SharePoint, and other document-based connected systems.
AN-142517 - Low
Scheduled backups for on-premise customers taken with the backup script now include Kafka logs and Zookeeper data
AN-141300 - Low
HTML entered in a post, message, or comment is now rendered as text in Appian emails.
AN-139911 - Low
The queryFilter function with an 'in' filter that has many values now performs as expected again. In fact, it is over an order of magnitude faster than it was before this issue was introduced! All query filters have improved noticeably in performance, but none nearly as much as an 'in' filter with many values. This applies equally to uses of queryFilter in the queryentity, queryrecord, and queryProcessAnalytics functions.

Release Date: 30 September 2019 (Released as Hotfix Package G)

Resolved Issues

Security Updates - High
AN-141232 - Critical
The process analytics engine now correctly handles the case where it mistakenly receives multiple copies for a single process variable for the same process from the process execution engines. Previously this could cause a sudden increase in memory used by the analytics engine.
AN-140947 - Medium
Fixed an issue where auditor and viewer roles for Sites were not being respected after upgrading to 18.4.
AN-141212 - Medium
Clarify DevOps infrastructure connection statuses.
AN-141355 - Medium
Navigating to a record view no longer triggers extra requests after navigating away from that view.
AN-133660 - Low
Using an expression for process model node assignment no longer causes errors in the process model comparison.

Release Date: 4 September 2019 (Released as Hotfix Package F)

Resolved Issues

Security Updates - Critical
AN-139079 - High
An issue that could prevent zookeeper from restarting cleanly in on-premises installations has been resolved.
AN-70284 - Medium
Fixes a variety of internationalization issues with date and time formatting. For the Arabic [ar] locale, hours and seconds are now internationalized correctly, as well as the timezone. For the Arabic [ar], Chinese (Simplified) [zh_CN], Chinese (Traditional) [zh_HK], Japanese [ja], and Swedish [sv] locales, AM and PM will also be properly internationalized.
AN-125589 - Medium
No errors are thrown if devops infrastructure url wasn't set on cloud sites
AN-129916 - Medium
A error in Kafka that could prevent startup has been corrected.
AN-134827 - Medium
Fixed an issue with rendering interfaces containing deeply nested columns in Interface Designer's live preview.
AN-136540 - Medium
Fixed a bug that caused integrations to break on import when they reference themselves in the default test values
AN-137595 - Medium
Fixed an indexing error that could occur with updates to the analytics engine
AN-138292 - Medium
When running as a Windows service, the service manager process is now more tightly linked to the Windows service, preventing cases where one would be running without the other.
AN-50653 - Low
Large folders no longer display negative sizes.
AN-134752 - Low
Added data metrics for SSL certificates
AN-136623 Low
Fixed an issue where duplicate entries were being logged for some exec errors
AN-136712 - Low
The speed at which Tasks, Actions, and News items are loaded has been improved. The improvement removes the performance degradation observed in some cases on Appian versions 18.3 and later.
AN-137640 - Low
Added a new audit log, removed_processes.csv, to track events where a process is deleted or archived off of the system
AN-138326 - Low
Added logging improvements to the engine client.
AN-138674 - Low
Search server startup now waits for 30 seconds before timing out. Enhanced messaging has been added for the waiting period.
AN-139526 - Low
Adds additional logging when certain errors occur while executing a save in an interface.
AN-140194 - Low
The performance improvement for Tasks, Actions, and News items loading in AN-136712 has been reverted due to race conditions which caused users to see 403 errors. The reversion applies to Appian versions 19.1 and later.

Release Date: 26 July 2019 (Released as Hotfix Package E)

Enhancements

AN-52550
Usernames may now contain apostrophes.

Resolved Issues

Security Updates - High
AN-136428, AN-136466, AN-136570 - High
The Hotfix resolves a vulnerability related to Google Service Account integrations with Appian. It is recommended that users of Google Service Account integrations reset their passwords in connection with the installation of this Hotfix.
AN-137627 - High
Query database smart service now tolerates MySQL client-side prepared statements and does not fail.
AN-113345 - Medium
Drilling from a process report to individual processes now works correctly.
AN-135990 - Medium
The "version" Process Model property now returns the correct result in Process Reports when the process has undergone In-Flight Modification (IFM).
AN-136782 - Medium
MySQL prepared statements are now correctly closed. Query Database Smart Service will no longer fail because of application reaching the max_prepared_stmt_count value for prepared statements.
AN-136861 - Medium
Side-By-Side Layout item lists no longer cause an error with null or empty string values.
AN-137015 - Medium
A new Appian installation now correctly starts with MySQL 8.0.16 configured as a primary data source. Customers will no longer see the data truncation error.
AN-137414 - Medium
The optimization to enable faster querying of deeply nested CDTs with one-to-many relationships has been turned on by default for on-premise customers.
AN-129208 - Low
The start process smart service no longer logs excessive error messages if the user who starts the process does not have permission to see that process.
AN-135661 - Low
The Mean Individual Time value in the appian_functions_details.csv and expressions_details.csv logs is now calculated correctly. Prior to this fix, the value could be greater than the Mean Total Time value.
AN-136209 - Low
Zookeeper connectivity issues during startup no longer prevent a clean shutdown of the Appian engines.
AN-136685 - Low
Fixed an issue that caused extraneous logging in customer logs
AN-137010 - Low
An artificial memory cap for the search server has been removed.
AN-137338 - Low
A rare race condition that could cause an engine to hang in a "stopping" state when stopping the engines immediately after starting them has been prevented.

Release Date: 25 June 2019 (Released as Hotfix Package D)

Resolved Issues

Security Updates - Medium
AN-134504 - Critical
Clear the Appian WSDL cache and retry the request if an error occurs
AN-135342 - Critical
The Export Data Store Entity to Excel and the Export Data Store Entity to CSV smart services (and their related functions) now export data without having duplicated rows. This issue only occurred when no 'Selection' or 'Aggregation' parameters were set on these smart services.
AN-132064 - High
Resolved a browser-specific issue with Google Chrome 78+ that caused developers to be falsely alerted about concurrent editing of an object.
AN-134686 - High
An issue that prevented some Data Stores from appearing in the Create Constants dialog has been resolved.
AN-135134 - High
Fixes content length too long when sending over multipart form data in an integration
AN-131383 - Medium
Fixed an issue related to user navigation after submitting a form on an Action site page.
AN-131428 - Medium
Exporting a record list to Excel will now work when the record type's sort is defined using a!sortInfo() but the ascending parameter is not defined.
AN-1132239 - Medium
Loading interfaces containing start process links when the SAIL cache is full no longer results in an error.
AN-134022 - Medium
Appian now recovers correctly after receiving certain types of error responses from an RDBMS. Previously an application server restart was required to recover.
AN-134652 - Medium
Fixed a condition where the View Record Dashboard and View Related Action List fields in the records_usage.csv log were not logged correctly while using Tempo.
AN-134663 - Medium
Fixed an issue related to dynamically displaying interface components based on an array condition in the if() function. Now duplicates of the component are no longer displayed. This restores behavior to be consistent with version 18.4 and earlier.
AN-135140 - Medium
Fixes domain name mismatch on certificate from cloud sites
AN-136057 - Medium
Overhead of calling functions in the a! domain has been reduced.
AN-133038, AN-75970 - Low
The "version" Process Model property now returns the correct result in Process Reports and sorts along with the other data when sorting by a different column.
AN-134946 - Low
Binding an Appian Engine to a port already in use now logs a detailed error message and returns error code 100.

Release Date: 28 May 2019 (Released as Hotfix Package C)

Resolved Issues

Security Updates - High
AN-131765 - High
The version of OpenJDK bundled with the installer is now 8u212b03.
AN-132818 - High
An optimization has been added to enable faster querying of deeply nested CDTs with one to many relationships. A custom property can be set to enable this optimization if customers experience slowness with queries involving deeply nested CDTs.
AN-134002 - High
Application server stability has been improved for Appian Cloud sites that run with application server memory greater than 5GB.
AN-123861 - Medium
Designers and end users now see errors on activity chained interfaces that contain errors instead of displaying nothing.
AN-131472 - Medium
Appian's topology configurations are now more flexible
AN-131227 - Medium
Appian's shutdown process is now more resilient to services stopping out of order
AN-132129 - Medium
Migration has been introduced to unlock the datatypes that are incorrectly locked. This will prevent errors on CDT import and updates.
AN-132813 - Medium
The system is now more resilient against cascading degradations caused by thread exhaustion when the connection between the application server and business datasource is unavailable.
AN-1132763 - Medium
Plug-ins that load classes from the javax.swing.* package now work in Appian Cloud. Prior to this fix, the plug-in smart service or function would fail and an error message similar to the following would be logged by the application server: java.lang.NoClassDefFoundError: Could not initialize class javax.swing.RepaintManager. This returns behavior to that of versions 18.4 and earlier.
AN-119314 - Medium
In High Availability configurations, when an Appian engine is unable to write to disk, that engine will be taken out of the cluster so that it no longer receives traffic.
AN-131658 - Medium
The appian.keystore file is now better protected against potential corruption when starting Appian on a server with no free disk space remaining.
AN-131812 - Medium
The performance of task reports has been improved.
AN-126478 - Medium
Improves performance currently experienced when loading a record list for which 'Export to Excel' is enabled.
AN-129783 - Medium
Fixed a race condition issue related to the addition of multiple users to a new group. Users who have just been added to a new group will no longer see hibernate errors when they access product the product simultaneously.
AN-130544 - Low
When fetchTotalCount is null, the query editor now opens with the fetchTotalCount checkbox unchecked.
AN-130674 - Low
Fixed an issue where the browser window title was not set correctly for Entity Backed Records in Sites. As a result, excessive ERROR level logs being written to the appserver logs is also fixed.
AN-131695 - Low
The logging mechanism for the embedded Tomcat application server is now more memory efficient.
AN-127646 - Low
Incremental update errors no longer log the entire content of the update message to the analytics logs. Previously, repeated incremental update errors could rapidly increase the amount of disk space used by these logs.
AN-132430 - Low
Fixed a race condition issue related to the creation of Users in Appian. Users will no longer see a "JDBC Batch Update" error which appeared randomly on opening User records that were not correctly stored in the database.

Release Date: 19 April 2019 (Released as Hotfix Package B)

Resolved Issues

Security Updates - Medium
AN-131443 - High
Fixed an issue that prevented the Document Viewer component from being displayed correctly when using a non-standard top-level domain.
AN-131275 - High
Fix wrong types for OpenAPI Integration headers and query parameters as well as wrong types for OpenAPI Connected System basic authentication.
AN-130798 - High
Fixes an issue where an interface would revert back to a previous state and lose the user's input.
AN-129865 - Medium
This migration fixes any existing occurrence of older versions of a data type not being correctly associated with the newer versions. This will prevent errors on import and CDT updates.
AN-129840 - High
Fixes an issue where some caches were not properly removing entries periodically.
AN-131226 - Medium
When creating an interface from a data type, the generated buttons are now correctly wrapped in lists.
AN-131163 - Medium
Fixed an issue related to older versions of data types not being correctly associated with the newer versions. This will prevent errors on import and CDT updates.
AN-130960 - Medium
Fixes an issue where one very large interface context caused a performance degradation in other interfaces.
AN-130406 - Medium
Updated the alert type labels on infrastructure notification emails to be human-readable in the apps portal
AN-130402 - Medium
A query filter that has a null value and uses the "between" operator is now properly ignored if the ignoreFiltersWithEmptyValues parameter is set to true.
AN-130272 - Medium
Empty cells in columns that contain usernames in process reports now display as blank instead of "system null."
AN-129632 - Medium
Fixed an issue that prevented the application server from shutting down.
AN-129449 - Medium
When creating an interface from a data type, an error no longer occurs when the data type has a field that holds a list of boolean values.
AN-129323 - Medium
A rollback in the process execution engines that could result from saving a process variable of type Date and Time no longer occurs.
AN-127971 - Medium
Arabic task titles now display correctly in emails.
AN-130704 - Low
Amazon Machine Learning connected system now indicates that new Amazon customers cannot create AmazonML models.
AN-130416 - Low
Fixed an issue that resulted in pop up error on reselecting placeholder in operation dropdown.
AN-130316 - Low
Engine leadership election upon site startup is now more stable.
AN-129466 - Low
When importing a change that causes a parent group to gain indirect members, those indirect members will now have the correct permissions inherited from the parent.
AN-128658 - Low
Changing the definition of a data type now results in less network traffic and lower memory usage for the analytics engines.
AN-128201 - Low
Hidden process variables are no longer sent to the process analytics engines, reducing the amount of memory they use.
AN-110140 - Low
Cleanup script now successfully executes on the nodes that do not run Search Server

Release Date: 22 March 2019 (Released as Hotfix Package A)

Enhancements

Appian now supports using Login.gov as a SAML identity provider. See SAML for Single Sign-On documentation for details.
The Appian Function Details log, appian_functions_details.csv, has been updated to include an additional column that displays the evaluation time of the individual function excluding the evaluation time of its parameters.

Resolved Issues

Security Updates - High
AN-126930 - High An error in the engine sizing script has been resolved
AN-116120 - Medium
Fixed an issue to prevent visibility expressions in a record list grid column from evaluating on each row
AN-123111 - Medium
Fixed an issue with performance when designing interfaces; the change will especially improve navigation to/from the Performance View and general performance of large interfaces.
AN-125925 - Medium
The service manager will now terminate with a descriptive error message if it is unable to allocate a thread rather than run in a potentially unstable state.
AN-126449 - Medium
The Kafka component of the service manager has been updated to prevent crashes on Windows due to file contention during deletion operations.
AN-126960 - Medium
Parameters for a!queryFilter are now not evaluated if the showWhen parameter is false.
AN-127442 - Medium
The performance of the Start Process smart service has been improved.
AN-128387 - Medium
Connecting to External JMS Brokers is now supported.
AN-128504 - Medium
Fixed OAuth authorization error for Connected System Plug-ins that occurred after import.
AN-121597 - Low
The system now better protects against the inadvertent deletion of system objects.
AN-125603 - Low
Fixed an issue where clicking on the caption on a rich text icon with a link launched the link.
AN-126631 - Low
Autofill no longer interferes with entering values in date and date time components.
AN-127095 - Low
Fixed an issue where recent changes to an interface of a component plugin are not reflected at runtime.
AN-127101 - Low
Fixed an issue where the toolbar on the Process Model Metrics page displayed incorrectly for some browsers.
AN-127483 - Low
An error message is now displayed when a designer executes a non-HTTP Integration that is not associated with a Connected System.
AN-128290 - Low
Fixed an issue that reported an invalid session count for Appian Cloud sites with Trusted IP addresses.

Installation

Perform the following steps to apply the hotfix:

Stop Appian. See Starting and Stopping Appian for detailed instructions:
1. Shut down the application server.
2. Shut down the search server.
3. Shut down the data server.
4. Shutdown all Appian Engines, ensuring that the engines are checkpointed upon shutdown.
Back up your existing Appian instance. See Backing Up Your Existing Appian Instance for instructions.
Unzip the contents of the 19.1.0.0_Hotfix_Package_P.zip archive into your <APPIAN_HOME> directory.
- Download link: 19.1 Hotfix Package P
Run the deleteFiles script (deleteFiles.bat on Windows, deleteFiles.sh on Linux) that is now located in your <APPIAN_HOME> directory.
- If the script reports that some files were not deleted, address the reason for the failure (common causes listed below), and run it again until it no longer reports failed deletions.
- Common causes of failed file deletion include:
- The file is open in another window or process
- The file is locked
- You do not have permission to delete the file
Unzip the contents of the updates.zip archive that is now located your <APPIAN_HOME> directory.
Run the installJdk script (installJdk.bat on Windows, installJdk.sh on Linux).
If you maintain customized or overridden Spring Security .xml files, merge them with the associated base files in the /deployment/web.war/WEB-INF/conf/security/ directory.
Delete the deleteFiles scripts, the installJdk scripts, the OpenJDK .tar.gz and .zip files, and updates.zip.
If you are using a Web server, copy the content of <APPIAN_HOME>/deployment/web.war to the folder where the Web server is getting the static resources. See Copy Static Resources to the Web Server for more information.
Run the configure script to deploy your environment's configuration and re-configure any node names previously set by the configure script tools.
Start Appian:
1. Start the Appian Engines.
2. Start the data server.
3. Start the search server.
4. Start the application server.

To determine if Appian 19.1 Hotfix Package P is deployed, open the build.info file located in <APPIAN_HOME>/conf/. The contents of this file should match the following code sample:

build.revision=c29d8b1419ce44ee6c7992443f0c5db5fe89c1e6
build.version=19.1.283.0

Open in Github

On This Page