The following hotfix is available for Appian 19.2.
This is a cumulative hotfix package that includes Hotfix Packages A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, and Q as well as new hotfixes in a single download and a set of instructions. This package is required for any Appian 19.2 installations not currently on Hotfix Package R. After installing, you will be running on Appian 19.2 Hotfix Package R.
See the Installation section at the bottom of this page for instructions on how to install this hotfix package.
Resolved Issues
Resolved Issues
Security Updates - Medium
AN-55085 - Medium
The Render Phase Mean Time metric is now accurately logged in rest_details.csv
. Prior to this fix, the metric was logged incorrectly in certain scenarios, causing its value to be larger than the Mean Total Time.
Resolved Issues
Security Updates - High
AN-143009 - High
Nested CDTs with date or datetime fields are now not updated redundantly when the parent CDT is updated. This results in performance improvement during writes to parent CDTs.
AN-166375 - High
Processes that were archived prior to version 6.6.3 can now be successfully unarchived. Prior to this fix, unarchiving these processes caused the process execution engine to rollback in some scenarios.
AN-168025 - Medium
Fixed an issue that prevented Search Server settings from getting applied to a site.
AN-168003 - Low
Unused configuration files have been removed from the Service Manager conf directory.
AN-168554 - Low
Fixed an issue with a broken documentation link in the Button Widget validation parameter.
Resolved Issues
Security Updates - High
AN-162502 - High
The engine startup sequence has been streamlined so that if a problem occurs during startup, it will fail quickly rather than after a prolonged timeout. Previously, certain conditions could make engine startup hang for up to 10 minutes before failing.
AN-162600 - Medium
Modal dialogs now show a visual indicator when the dialog itself has keyboard focus.
AN-163516 - Medium
An issue resulting in an excessive number of threads in a waiting state on a site after the usage of data stores has been resolved.
Resolved Issues
Security Updates - High
AN-160317 - High
Fixed an issue with component plug-ins where users on Google Chrome 83 could not download the embedded content.
AN-160805 - High
Engines are more resilient during network instability and will eventually succeed in leader election even through connection loss.
AN-161604 - High
Added the ability for plug-ins to access packages from the Oracle JDBC jar that ships with Appian.
AN-161752 - High
Data cleanup procedures that run on site startup now run asynchronously so that the do not block the startup process.
AN-93216 - Medium
The login behavior is now consistent when attempting authentication with invalid credentials and the system has both SAML and LDAP authentication mechanisms configured and enabled.
AN-152118 - Medium
Service manager will now log an exception if checkpointing is disrupted due to disk access. This will then ensure the process does not hang indefinitely.
AN-160320 - Medium
The default Administrator account can no longer authenticate with its default password if other system administrator accounts exist.
AN-160322 - Medium
Creating a System Administrator user via passwords.properties during initial installation now invalidates the default Administrator account's default password.
AN-162191 - Medium
A custom property has been added to make it easier to connect with databases that have case-sensitive collation configured. This property allows customers to work around the scenario of data stores not validating due to the application server lower-casing the schema defined in the XSD. On-premise customers can set "conf.data.teneo.naming.strategy" property in custom.properties to "none" to access the problematic entities. For cloud customers, the same property can be set via a Support case.
AN-163541 - Medium
It is no longer allowed to create a business data source in the Admin Console with the same name as the Appian Cloud provided business data source.
AN-154892 - Low
It is no longer required to run the ResetAnalytics script on all servers, it can be run on any server running an analytics engine. Additionally, the script now has improved logging and can be used on distributed sites where components are distributed across multiple physical machines.
AN-160904 - Low
A potential thread deadlock when connecting to a data source has been removed.
AN-161107 - Low
Updated Java API documentation to ensure consistent terminology for terms: allow list, block list, main, and shard.
AN-161558 - Low
Updated interface and data type designers to use improved terminology: ""grid with detail view"" and ""parent-child""
AN-163464 - Low
Added support for sending of intermediate client certificates. This affects only newly uploaded client certificates, and will not change the behavior of previously uploaded certificates.
Resolved Issues
Security Updates - Medium
AN-160477 - High
Screen reading software now correctly reads content within non-collapsible sections and boxes in Internet Explorer 11. This is not an issue in other browsers.
AN-153600 - Medium
When replaying transactions from the transaction log, Service Manager will now discard messages that have already been written to the engine
AN-156333 - Medium
Blocks the /suggest/ endpoints from being end-user accessible when Portal is disabled
AN-156806 - Medium
Fixed an issue where saving an expression with unbalanced parentheses or brackets could cause an expression to use older versions of functions.
AN-158447 - Medium
This doesn't change any user-facing functionality, but sets up logic to enable us to easily change permission levels in uri-list.csv and auto-generate the remaining files.
AN-160248 - Medium
Fixed an issue with the web content component where users on Google Chrome 83 could not download the embedded content.
AN-142032 - Medium
Search Server now does not repeatedly retry indexing a contiguous string greater than 32k in length. Any error due to such strings is now printed only once in the application server log.
AN-155604 - Low
Deletes certain htmlarea example files that were not needed and could expose information
AN-155620 - Low
Blocks certain endpoints within htmlarea from being end-user accessible when Portal is disabled
AN-159576 - Low
Fixed an issue where the Trends report in Quick Apps shows an error if user field is used.
Resolved Issues
Security Updates - High
AN-155505 - High
Kafka shutdown will no longer hang if Zookeeper is already down on any other node of the cluster.
AN-157887 - High
Engine replicas that failed to start or failed to replicate due to an IllegalReferenceCountException are now able to start and replicate transactions properly.
AN-145552 - Medium
Fixed a race condition on engine startup that could pollute the service manager logs with illegal state transition warnings
AN-151465 - Medium
Fixed an issue where read-only grid columns using rule inputs as parameter values caused some interfaces to error on initial load.
AN-153200 - Medium
During engine shutdown, Service Manager will verify that the last transaction written to the engine matches the last transaction written to Kafka in order to eliminate the need to replay any transactions when the engine starts again.
AN-155298 - Medium
When invoking a web API, the authorization header is now hidden.
AN-155590 - Medium
The engine checkpoint script will now return an exit code 1 when a checkpoint fails, instead of always returning 0
AN-154661 - Low
Fixed Cross Site Scripting Vulnerability in Data Store name"
AN-157343 - Low
Fixed XSS in Generate Documentation in Process Modeler
Resolved Issues
Security Updates - Low
AN-155163 - High
Fixed an issued where the users page in the design console was inaccessible in some scenarios
AN-118361 - Medium
The primary engine will checkpoint in the event of a replica encountering a transaction replay error. This allows the replica to restart quickly and eliminates the need to replay on restart.
AN-130269 - Medium
Engine checkpoint requests are now always routed to running replicas when using the High Availability configuration. Previously, they could be sent to a non-running replica, which would cause the checkpoint request to be rejected.
AN-154589 - Medium
Fixed an issue with Search Server log rotation.
AN-155700 - Medium
A graceful shutdown of the Service Manager will now properly complete even if the Service Manager file loggers are experiencing difficulties with disk access.
AN-156132 - Medium
Fixed an issue that incorrectly warned developers that others were editing the same process model.
AN-156168 - Medium
When invoking a web API using an API key for authentication, the header containing the key is now hidden.
AN-151100 - Low
Service manager metrics logs will now record an error message in the service manager log if the logging process fails due to an exception.
AN-152521 - Low
The web_api
.csv files in logs/perflogs
no longer include internal functionality in their invocation counts. The counts now only reflect invocation of developer-specified Web API design objects.
AN-154339 - Low
Fixed an issue with Liquibase handling of Oracle DB timestamp values
Resolved Issues
Security Updates - Medium
AN-153911 - High
The performance of dictionaries with a large number of fields has been improved.
AN-150731 - Medium
Fixed an issue with the getUsernameByUuid API that could result in null users
AN-152705 - Medium
a!queryProcessAnalytics no longer returns an error when an empty list is provided as the query.
AN-153819 - Medium
Fixed an issue where saving changes on the Branding page caused subsequent interactions in the Admin Console to fail.
AN-154329 - Medium
Improved performance of Interface Designer for interfaces with deeply nested components.
Removals
The Disk Usage Metrics log has been removed. Previously, this log would record the amount of disk space consumed by logs, process model definitions, search indexes, and documents on a 12 hour cadence. For sites that had large numbers of these items, the size calculation could lead to intermittent performance issues.
Resolved Issues
Security Updates - Medium
AN-151874 - Critical
Topologies configured in appian-topology.xml which distribute a single replica set of engines across multiple hosts now function properly. For instance, with this fix it is possible once again to configure all process-execution
and process-analytics
engines on one host and the remaining engines on another host. This restores behavior to be consistent with version 19.2 and earlier.
AN-149140 - High
For security reasons, the Query Database Smart Service has been updated. Customers cannot run the LOAD DATA LOCAL INFILE command against a MySQL database by default from a Query Database Node in the Process Model. To provide higher security, for Appian Cloud customers, this command was already disabled at the database level for the Appian Cloud database and at the JDBC level for configured MySQL databases. There is no impact or action for Cloud customers. On-premise customers who wish to use this command must set the conf.data.mysql.loaddata.enabled property to "true" and conf.data.load.infile.path property as a comma-separated list of paths to whitelisted directories that contain the files to be loaded. If the required properties are not set, any Process Model using this command will pause by exception at runtime. This command is generally used to periodically load data from files into the database, and so we expect that most customers will not have to take the required action.
AN-149305 - High
JDBC connector configuration property "autoDeserialize" has been set to false for all MySQL database connections, in order to improve security.
AN-150186 - High
The engine transaction logs are now protected against recording additional transactions after the checkpoint request during system shutdown. Prior to this protection, a race condition could cause a transaction to be recorded after checkpointing on shutdown, which can complicate subsequent upgrades or hotfixes.
AN-151549 - High
Adds additional protection against interfaces with large context memory sizes.
AN-137156 - Medium
Fixed an issue in the Interface Designer which prevented Design Mode from loading when using a!groupsByName().
AN-135117 - Low
Fixed an issue where changing a group type's name reset the attribute values of dependent groups.
AN-150265 - Low
Updated export function and smart service descriptions to include column limits.
Resolved Issues
Security Updates - Medium
AN-148700 - High
Fixed an issue that sometimes caused UIs to error when navigating quickly while reevaluation requests were in progress.
AN-148160 - High
A race condition that could prevent a clean shutdown of multi-node sites has been prevented.
AN-148043 - High
When using IE11 in compatibility mode to authenticate to Appian via SAML, an error which prevents sign-in no longer occurs.
AN-147957 - High
Application server performance under high concurrency has been improved.
AN-147763 - High
Fixed an issue with the "not in" operator in a!queryFilter.
AN-146311 - High
A condition that could cause the process execution engines to use abnormally high amounts of CPU has been removed.
AN-145981 - High
An error that could prevent proper shutdown that would prevent upgrading has been prevented.
AN-142514 - High
Fixed an issue that would have been introduced by an upcoming Chrome version, Chrome 80, where embedded users would be unable to login.
AN-148138 - Medium
Fixed issue causing Query Database smart service to pause by exception when its first input is null
AN-148009 - Medium
Fixed an issue that was preventing Quick App sites from properly displaying Tasks as links
AN-147232 - Medium
Reduces the number of messages broadcast between app servers, resulting in a performance improvement in the engines.
AN-146474 - Medium
Fixed an issue where confirmation boxes now display correctly when using Internet Explorer with Document Viewer.
AN-147760 - Low
The engine recovery script no longer encounters an error when reinserting transactions into the engine transaction log.
AN-146688 - Low
Knowledge center administrators are no longer displayed in the role maps of document folders that do not inherit security.
AN-146512 - Low
The cleanup script no longer removes archived kdb files when the logs
parameter is specified.
AN-60854 - Low
A 'Report-Only' Content Security Policy header has been added.
Resolved Issues
Security Updates - High
AN-145504 - Critical
For security reasons, the Query DB Node smart service has been updated. Customers running the LOAD DATA INFILE command against a MySQL instance (only applicable to Configured Data Sources; not applicable to the Appian Cloud database) from a Query DB Node in a Process Model must set the conf.data.load.infile.paths custom property as a comma-separated list of file paths to whitelist the required directories. If the property is not set, any Process Model using this command will pause by exception at runtime. This command is generally used to periodically load data from files into the database, and so we expect that most customers will not have to take the required action described here.
AN-146412 - High
Clicking on a start process link after the SAIL cache is full no longer results in a full-screen error.
AN-147053 - High
A memory leak in service manager has been resolved.
AN-145522 - Medium
A stability fix for service manager in the case of an unstable or degraded zookeeper cluster.
AN-145736 - Medium
The service manager process is now more robust to leadership changes during the startup process.
AN-146140 - Medium
An error retrieving document statistics on highly-available installations has been resolved.
AN-147232 - Medium
Reduces the number of messages broadcast between app servers, resulting in a performance improvement in the engines.
AN-141142 - Low
The service manager process is now robust to multiple copies of the same engine running when only one is configured.
AN-146092 - Low
Fixed an issue preventing the application server from starting when non-critical components of Search Server are not running.
AN-146167 - Low
Fixed an issue where engine_disk_usage.csv was not logging accurate values for some directories.
AN-146705 - Low
Fixed an issue causing Search Server to break a site that is low on disk space.
Resolved Issues
Security Updates - Critical
AN-141281 - High
Fixed an issue where orphan process variables could exist and impact system performance.
AN-144440 - High
A race condition in service manager that could lead to site unavailability has been resolved.
AN-139947 - Medium
System memory use for Appian Cloud sites has been reduced.
AN-145027 - Medium
Document upload will no longer be limited by personal user storage space quotas, which were deprecated in Appian 17.3.
AN-145158 - Medium
When a connection to a data source is closed due to a network error, Appian will now recover.
AN-140484 - Low
A NullPointException
is no longer logged in the tomcat-stdOut.log
log file when clicking a related action shortcut on a record view in sites.
AN-144395 - Low
A race condition that could result in multiple primaries for a single engine has been resolved.
AN-145153 - Low
When more than one value is present in a SAML assertion for a single-valued field, the first value is always selected.
AN-145596 - Low
Stability improvement for service manager component.
Resolved Issues
Security Updates - Critical
AN-143289 - Critical
Fixed an issue with a null parameter in a!queryLogicalExpression and a!queryAggregation.
AN-143776 - High
An issue that could prevent the application server from connecting to the engines has been prevented.
AN-132464 - High
The Kafka component used by the Internal Messaging Service has been upgraded to version 2.2. This upgrade resolves stability issues, such as KAFKA-2729.
AN-143655 - Medium
Restarting a single node on a Highly Available Appian Cloud site no longer prevents the data server from starting up.
AN-143583 - Medium
Memory optimization for the service manager process.
AN-142283 - Medium
Fixed an issue that caused some record links to break on import of the record type.
AN-141658 - Medium
Users no longer need to be in the Designer group to upload documents using Google Cloud Vision, SharePoint, and other document-based connected systems.
AN-140220 - Medium
A race condition that could prevent an engine from shutting down cleanly has been resolved.
AN-144259 - Low
For Appian Cloud customers, data server startup procedure is now more robust to issues on the standby server.
AN-142517 - Low
Scheduled backups for on-premise customers taken with the backup script now include Kafka logs and Zookeeper data
AN-142355 - Low
Multiple data types with the same names but different casing can now be in the same export package.
AN-141300 - Low
HTML entered in a post, message, or comment is now rendered as text in Appian emails.
AN-139911 - Low
The queryFilter function with an 'in' filter that has many values now performs as expected again. In fact, it is over an order of magnitude faster than it was before this issue was introduced! All query filters have improved noticeably in performance, but none nearly as much as an 'in' filter with many values. This applies equally to uses of queryFilter in the queryentity, queryrecord, and queryProcessAnalytics functions.
Enhancements
Resolved Issues
Security Updates - High
AN-141232 Critical
The process analytics engine now correctly handles the case where it mistakenly receives multiple copies for a single process variable for the same process from the process execution engines. Previously this could cause a sudden increase in memory used by the analytics engine.
AN-141683 - High
Fixed an issue where users were unable to load mobile-enabled quick tasks that were group assigned.
AN-141901 - High
Fixed an issue where users were unable to view mobile-enabled quick tasks in the related actions tab after opening the task.
AN-139860 - Medium
Deselecting a pre-selected row in read-only grids now properly saves the row data.
AN-140894 - Medium
Fixes an error caused by indexing into invalid fields or list indices in unevaluated branches of a local variable definition, such as the valueIfFalse parameter of an if() when the condition is true.
AN-140947 - Medium
Fixed an issue where auditor and viewer roles for Sites were not being respected after upgrading to 18.4.
AN-141212 - Medium
Clarify DevOps infrastructure connection statuses.
AN-141355 - Medium
Navigating to a record view no longer triggers extra requests after navigating away from that view.
AN-141740 - Medium
A warning is no longer logged every time a service account calls a Web API using API key authentication.
AN-130623 - Low
Process model diagrams in process model comparisons will no longer fail to render.
AN-133660 - Low
Using an expression for process model node assignment no longer causes errors in the process model comparison.
AN-134753 - Low
Added additional product metrics for integration executions.
AN-141453 - Low
Saving interface expressions with syntax errors now have better error handling when reopening an interface.
AN-141466 - Low
Allow incoming PATCH calls to the app server.
Enhancements
Resolved Issues
Security Updates - Critical
AN-138540 - High
Completing a Task via a Tempo Task Report no longer prevents the Task list from properly appearing.
AN-138598 - High
Fixed an issue where users were unable to accept tasks built via the Forms Designer when navigating from a direct link.
AN-138721 - High
Fixed an issue where users were unable to interact with related actions for mobile-enabled forms in Internet Explorer 11.
AN-139079 - High
An issue that could prevent zookeeper from restarting cleanly in on-premises installations has been resolved.
AN-70284 - Medium
Fixes a variety of internationalization issues with date and time formatting. For the Arabic [ar] locale, hours and seconds are now internationalized correctly, as well as the timezone. For the Arabic [ar], Chinese (Simplified) [zh_CN], Chinese (Traditional) [zh_HK], Japanese [ja], and Swedish [sv] locales, AM and PM will also be properly internationalized.
AN-125589 - Medium
No errors are thrown if devops infrastructure url wasn't set on cloud sites
AN-129916 - Medium
A error in Kafka that could prevent startup has been corrected.
AN-134827 - Medium
Fixed an issue with rendering interfaces containing deeply nested columns in Interface Designer's live preview.
AN-136540 - Medium
Fixed a bug that caused integrations to break on import when they reference themselves in the default test values
AN-137595 - Medium
Fixed an indexing error that could occur with updates to the analytics engine
AN-137603 - Medium
Fixed an issue where line charts with date or datetime categories affected tooltips of components on the same interface.
AN-137727 - Medium
Read-only grid now shows a user-friendly value when called within the expression rule designer.
AN-138292 - Medium
When running as a Windows service, the service manager process is now more tightly linked to the Windows service, preventing cases where one would be running without the other.
AN-138526 - Medium
Notification emails for tasks assigned to groups are now styled correctly.
AN-140057 - Medium
The Blue Prism connected system now properly handles requests that contain special characters.
AN-50653 - Low
Large folders no longer display negative sizes.
AN-134751 - Low
Added data metrics for api keys
AN-134752 - Low
Added data metrics for SSL certificates
AN-136623 Low
Fixed an issue where duplicate entries were being logged for some exec errors
AN-136712 - Low
The speed at which Tasks, Actions, and News items are loaded has been improved. The improvement removes the performance degradation observed in some cases on Appian versions 18.3 and later.
AN-137051 - Low
User and user and group picker results have been updated to be consistent with 19.1 and earlier.
AN-137640 - Low
Added a new audit log, removed_processes.csv, to track events where a process is deleted or archived off of the system
AN-138326 - Low
Added logging improvements to the engine client.
AN-138674 - Low
Search server startup now waits for 30 seconds before timing out. Enhanced messaging has been added for the waiting period.
AN-138724 - Low
Formatted test outputs in Appian Designer now correctly display null decimal and datetime fields in CDTs
AN-139526 - Low
Adds additional logging when certain errors occur while executing a save in an interface.
AN-140194 - Low
The performance improvement for Tasks, Actions, and News items loading in AN-136712 has been reverted due to race conditions which caused users to see 403 errors. The reversion applies to Appian versions 19.1 and later.
AN-140249 - Low
Fixed an issue where performance metrics did not log once a data limit had been reached.
AN-140291 - Low
User profile and group membership data no longer get synched via SAML login. This feature is available in version 19.3.
Enhancements
Resolved Issues
Security Updates - High
AN-136428, AN-136466, AN-136570 - High
The Hotfix resolves a vulnerability related to Google Service Account integrations with Appian. It is recommended that users of Google Service Account integrations reset their passwords in connection with the installation of this Hotfix.
AN-137627 - High
Query database smart service now tolerates MySQL client-side prepared statements and does not fail.
AN-113345 - Medium
Drilling from a process report to individual processes now works correctly.
AN-123890 - Medium
Fixed an issue that prevented some tasks from disappearing immediately from the Task list upon completion
AN-134067 Medium
Updating the batch size on a read-only grid query expression now updates the grid page size.
AN-135140 - Medium
Fixes domain name mismatch on certificate from cloud sites
AN-135673 - Medium < br> An issue loading drivers for old versions of SQL Server on Appian Cloud sites has been resolved.
AN-135990 - Medium
The "version" Process Model property now returns the correct result in Process Reports when the process has undergone In-Flight Modification (IFM).
AN-136057 - Medium
Overhead of calling functions in the a! domain has been reduced.
AN-136782 - Medium
MySQL prepared statements are now correctly closed. Query Database Smart Service will no longer fail because of application reaching the max_prepared_stmt_count value for prepared statements.
AN-136861 - Medium
Side-By-Side Layout item lists no longer cause an error with null or empty string values.
AN-137015 - Medium
A new Appian installation now correctly starts with MySQL 8.0.16 configured as a primary data source. Customers will no longer see the data truncation error.
AN-137219 - Medium
Enabled TLSv1.1 and TLSv1.2 support for outgoing emails over SMTP
AN-137414 - Medium
The optimization to enable faster querying of deeply nested CDTs with one-to-many relationships has been turned on by default for on-premise customers.
AN-137955 - Medium
Fixed an issue that caused an error to flash on-screen when completing a Task from Sites
AN-129208 - Low
The start process smart service no longer logs excessive error messages if the user who starts the process does not have permission to see that process.
AN-134946 - Low
Binding an Appian Engine to a port already in use now logs a detailed error message and returns error code 100.
AN-135661 - Low
The Mean Individual Time value in the appian_functions_details.csv and expressions_details.csv logs is now calculated correctly. Prior to this fix, the value could be greater than the Mean Total Time value.
AN-136209 - Low
Zookeeper connectivity issues during startup no longer prevent a clean shutdown of the Appian engines.
AN-136685 - Low
Fixed an issue that caused extraneous logging in customer logs
AN-136741 - Low
Number of CPU threads created by the data server is now capped at 8 per data server process
AN-136746 - Low
Data Type comparisons no longer include the Source field
AN-137010 - Low
An artificial memory cap for the search server has been removed.
AN-137338 - Low
A rare race condition that could cause an engine to hang in a "stopping" state when stopping the engines immediately after starting them has been prevented.
AN-137373 - Low
Data sync process that copies data from one data server node to the other nodes is now more robust.
AN-137418 - Low
Read-only grids now handle nested lists when used as grid data.
Resolved Issues
a!sortInfo()
but the ascending
parameter is not defined.javax.swing.*
package now work in Appian Cloud. Prior to this fix, the plug-in smart service or function would fail and an error message similar to the following would be logged by the application server: java.lang.NoClassDefFoundError: Could not initialize class javax.swing.RepaintManager
. This returns behavior to that of versions 18.4 and earlier.if()
function. Now duplicates of the component are no longer displayed. This restores behavior to be consistent with version 18.4 and earlier.dom4j
library now deploy without error without restarting the application server.Perform the following steps to apply the hotfix:
1.230.0
by viewing the library version in <APPIAN_HOME>/services/lib
komodo-1.230.0.jar
file (with that exact version number) is present, following the instructions in KB-2084 before proceeding.<APPIAN_HOME>
directory.
<APPIAN_HOME>
directory.
<APPIAN_HOME>
directory.<APPIAN_HOME>/deployment/web.war
to the folder where the Web server is getting the static resources. See Copy Static Resources to the Web Server for more information.To determine if Appian 19.2 Hotfix Package R is deployed, open the build.info file located in <APPIAN_HOME>/conf/
. The contents of this file should match the following code sample:
build.revision=09c4fc3d76b39905dd37425d855ec02ad274bf73 build.version=19.2.455.0
On This Page