Hotfixes

The following hotfix is available for Appian 19.4.

Hotfix Package J

This is a cumulative hotfix package that includes Hotfix Packages A, B, C, D, E, F, G, H, and I as well as new hotfixes in a single download and a set of instructions. This package is required for any Appian 19.4 installations not currently on Hotfix Package J. After installing, you will be running on Appian 19.4 Hotfix Package J.

See the Installation section at the bottom of this page for instructions on how to install this hotfix package.

19.4 Hotfix Package J

Release Date: 21 August 2020 (Package J)

Resolved Issues

  • Security Updates - High

  • AN-162502 - High
    The engine startup sequence has been streamlined so that if a problem occurs during startup, it will fail quickly rather than after a prolonged timeout. Previously, certain conditions could make engine startup hang for up to 10 minutes before failing.

  • AN-162346 - Medium
    Fixed an issue that prevented process model comparisons from rendering when sub-process nodes contain certain custom data type inputs.

  • AN-162600 - Medium
    Modal dialogs now show a visual indicator when the dialog itself has keyboard focus.

  • AN-163121 - Medium
    Linked cards are now properly included in the list of links dialog when using assistive technologies.

  • AN-163516 - Medium
    An issue resulting in an excessive number of threads in a waiting state on a site after the usage of data stores has been resolved.

  • AN-165492 - Medium
    Improved performance when editing interfaces containing large data structures. This prevents an issue where certain interfaces may fail to load.

Release Date: 24 July 2020 (Released as Package I)

Resolved Issues

  • Security Updates - High

  • AN-160317 - High
    Fixed an issue with component plug-ins where users on Google Chrome 83 could not download the embedded content.

  • AN-160805 - High
    Engines are more resilient during network instability and will eventually succeed in leader election even through connection loss.

  • AN-161604 - High
    Added the ability for plug-ins to access packages from the Oracle JDBC jar that ships with Appian.

  • AN-161752 - High
    Data cleanup procedures that run on site startup now run asynchronously so that the do not block the startup process.

  • AN-93216 - Medium
    The login behavior is now consistent when attempting authentication with invalid credentials and the system has both SAML and LDAP authentication mechanisms configured and enabled.

  • AN-152118 - Medium
    Service manager will now log an exception if checkpointing is disrupted due to disk access. This will then ensure the process does not hang indefinitely.

  • AN-160320 - Medium
    The default Administrator account can no longer authenticate with its default password if other system administrator accounts exist.

  • AN-160322 - Medium
    Creating a System Administrator user via passwords.properties during initial installation now invalidates the default Administrator account's default password.

  • AN-162191 - Medium
    A custom property has been added to make it easier to connect with databases that have case-sensitive collation configured. This property allows customers to work around the scenario of data stores not validating due to the application server lower-casing the schema defined in the XSD. On-premise customers can set "conf.data.teneo.naming.strategy" property in custom.properties to "none" to access the problematic entities. For cloud customers, the same property can be set via a Support case.

  • AN-163541 - Medium
    It is no longer allowed to create a business data source in the Admin Console with the same name as the Appian Cloud provided business data source.

  • AN-73461 - Low
    Fixed an issue where a horizontal scrollbar displayed when using Arabic language.

  • AN-154892 - Low
    It is no longer required to run the ResetAnalytics script on all servers, it can be run on any server running an analytics engine. Additionally, the script now has improved logging and can be used on distributed sites where components are distributed across multiple physical machines.

  • AN-160904 - Low
    A potential thread deadlock when connecting to a data source has been removed.

  • AN-161107 - Low
    Updated Java API documentation to ensure consistent terminology for terms: allow list, block list, main, and shard.

  • AN-161558 - Low
    Updated interface and data type designers to use improved terminology: ""grid with detail view"" and ""parent-child""

  • AN-163464 - Low
    Added support for sending of intermediate client certificates. This affects only newly uploaded client certificates, and will not change the behavior of previously uploaded certificates.

Release Date: 19 June 2020 (Released as Package H)

Resolved Issues

  • Security Updates - Medium

  • AN-160477 - High
    Screen reading software now correctly reads content within non-collapsible sections and boxes in Internet Explorer 11. This is not an issue in other browsers.

  • AN-142032 - Medium
    Search Server now does not repeatedly retry indexing a contiguous string greater than 32k in length. Any error due to such strings is now printed only once in the application server log.

  • AN-147793 - Medium
    Process archive directories on the filesystem are now created by the application server instead of the process execution engines in order to improve stability when engines are under high load or near the underlying server's memory capacity.

  • AN-153600 - Medium
    When replaying transactions from the transaction log, Service Manager will now discard messages that have already been written to the engine

  • AN-156333 - Medium
    Blocks the /suggest/ endpoints from being end-user accessible when Portal is disabled

  • AN-156806 - Medium
    Fixed an issue where saving an expression with unbalanced parentheses or brackets could cause an expression to use older versions of functions

  • AN-158447 - Medium
    This doesn't change any user-facing functionality, but sets up logic to enable us to easily change permission levels in uri-list.csv and auto-generate the remaining files.

  • AN-160248 - Medium
    Fixed an issue with the web content component where users on Google Chrome 83 could not download the embedded content.

  • AN-155604 - Low
    Deletes certain htmlarea example files that were not needed and could expose information

  • AN-155620 - Low
    Blocks certain endpoints within htmlarea from being end-user accessible when Portal is disabled

  • AN-159576 - Low
    Fixed an issue where the Trends report in Quick Apps shows an error if user field is used.

Release Date: 22 May 2020 (Released as Package G)

Resolved Issues

  • Security Updates - High

  • AN-155505 - High
    Kafka shutdown will no longer hang if Zookeeper is already down on any other node of the cluster.

  • AN-157887 - High
    Engine replicas that failed to start or failed to replicate due to an IllegalReferenceCountException are now able to start and replicate transactions properly.

  • AN-145552 - Medium
    Fixed a race condition on engine startup that could pollute the service manager logs with illegal state transition warnings

  • AN-151465 - Medium
    Fixed an issue where read-only grid columns using rule inputs as parameter values caused some interfaces to error on initial load.

  • AN-153200 - Medium
    During engine shutdown, Service Manager will verify that the last transaction written to the engine matches the last transaction written to Kafka in order to eliminate the need to replay any transactions when the engine starts again.

  • AN-155298 - Medium
    When invoking a web API, the authorization header is now hidden.

  • AN-155590 - Medium
    The engine checkpoint script will now return an exit code 1 when a checkpoint fails, instead of always returning 0

  • AN-156996 - Medium
    The Start Rule Tests smart services now correctly handle test inputs that reference load variables.

  • AN-157225 - Medium
    The Start Rule Tests smart services now retrieve the most recent version of data types used by test inputs.

  • AN-157650 - Medium
    Site record links are now supported by the Appian for Mobile Devices application. Links to Site records, when invoked on a mobile device, will open in the Appian application if one exists.

  • AN-154661 - Low
    Fixed Cross Site Scripting Vulnerability in Data Store name

  • AN-157343 - Low
    Fixed XSS in Generate Documentation in Process Modeler

Release Date: 24 April 2020 (Released as Hotfix Package F)

Resolved Issues

  • Security Updates - Critical

  • AN-155163 - High
    Fixed an issued where the users page in the design console was inaccessible in some scenarios

  • AN-155496 High
    Disabled web content fields no longer receive keyboard focus.

  • AN-118361 - Medium
    The primary engine will checkpoint in the event of a replica encountering a transaction replay error. This allows the replica to restart quickly and eliminates the need to replay on restart.

  • AN-130269 - Medium
    Engine checkpoint requests are now always routed to running replicas when using the High Availability configuration. Previously, they could be sent to a non-running replica, which would cause the checkpoint request to be rejected.

  • AN-153968 - Medium
    Health Check now collects the log for the Execute Stored Procedure plug-in.

  • AN-154589 - Medium
    Fixed an issue with Search Server log rotation.

  • AN-155324 - High
    Embedded interfaces now work correctly when Appian and the SAML IdP are hosted on the same domain.

  • AN-155365 - Medium
    Health Check no longer fails when collecting files that contain invalid characters.

  • AN-155700 - Medium
    A graceful shutdown of the Service Manager will now properly complete even if the Service Manager file loggers are experiencing difficulties with disk access.

  • AN-156132 - Medium
    Fixed an issue that incorrectly warned developers that others were editing the same process model.

  • AN-156168 - Medium
    When invoking a web API using an API key for authentication, the header containing the key is now hidden.

  • AN-156504 - Medium
    Trailing whitespaces have been removed from the username field on the "Forgot Password" screen to ensure users receive password reset emails.

  • AN-151100 - Low
    Service manager metrics logs will now record an error message in the service manager log if the logging process fails due to an exception.

  • AN-152521 - Low
    The web_api .csv files in logs/perflogs no longer include internal functionality in their invocation counts. The counts now only reflect invocation of developer-specified Web API design objects.

  • AN-154339 - Low
    Fixed an issue with Liquibase handling of Oracle DB timestamp values

Release Date: 30 March 2020 (Released as Hotfix Package E)

Resolved Issues

  • Security Updates - Medium

  • AN-149577 - High
    Record tag styling and other text color in Tempo has been updated to meet WCAG 2.1 accessibility compliance.

  • AN-153911 - High
    The performance of dictionaries with a large number of fields has been improved.

  • AN-150731 - Medium
    Fixed an issue with the getUsernameByUuid API that could result in null users.

  • AN-152705 - Medium
    a!queryProcessAnalytics no longer returns an error when an empty list is provided as the query.

  • AN-153819 - Medium
    Fixed an issue where saving changes on the Branding page caused subsequent interactions in the Admin Console to fail.

  • AN-154329 - Medium
    Improved performance of Interface Designer for interfaces with deeply nested components.

Release Date: 28 February 2020 (Released as Hotfix Package D)

Removals

The Disk Usage Metrics log has been removed. Previously, this log would record the amount of disk space consumed by logs, process model definitions, search indexes, and documents on a 12 hour cadence. For sites that had large numbers of these items, the size calculation could lead to intermittent performance issues.

Resolved Issues

  • Security Updates - High

  • AN-151874 - Critical
    Topologies configured in appian-topology.xml which distribute a single replica set of engines across multiple hosts now function properly. For instance, with this fix it is possible once again to configure all process-execution and process-analytics engines on one host and the remaining engines on another host. This restores behavior to be consistent with version 19.2 and earlier.

  • AN-141338 - High
    Fixed an issue where publishing a process model in some scenarios would cause the system to rollback

  • AN-149140 - High
    For security reasons, the Query Database Smart Service has been updated. Customers cannot run the LOAD DATA LOCAL INFILE command against a MySQL database by default from a Query Database Node in the Process Model. To provide higher security, for Appian Cloud customers, this command was already disabled at the database level for the Appian Cloud database and at the JDBC level for configured MySQL databases. There is no impact or action for Cloud customers. On-premise customers who wish to use this command must set the conf.data.mysql.loaddata.enabled property to "true" and conf.data.load.infile.path property as a comma-separated list of paths to whitelisted directories that contain the files to be loaded. If the required properties are not set, any Process Model using this command will pause by exception at runtime. This command is generally used to periodically load data from files into the database, and so we expect that most customers will not have to take the required action.

  • AN-149305 - High
    JDBC connector configuration property "autoDeserialize" has been set to false for all MySQL database connections, in order to improve security.

  • AN-150186 - High
    The engine transaction logs are now protected against recording additional transactions after the checkpoint request during system shutdown. Prior to this protection, a race condition could cause a transaction to be recorded after checkpointing on shutdown, which can complicate subsequent upgrades or hotfixes.

  • AN-151501 - High
    Fixed a SharePoint connected system issue that resulted in 403 Unauthorized errors on integration requests.

  • AN-151549 - High
    Adds additional protection against interfaces with large context memory sizes.

  • AN-151615 - High
    Fixed an issue on the Details tab of Health Check reports where some findings failed to display process model names.

  • AN-137156 - Medium
    Fixed an issue in the Interface Designer which prevented Design Mode from loading when using the groupsByName function.

  • AN-149342 - Medium
    Fixed an issue where styled icons with submit links in IE11 opened a blank tab on click.

  • AN-149680 - Medium
    Fixed an issue where Health Check incorrectly marked certain Appian APIs used by plug-ins as removed.

  • AN-150268 - Medium
    Start process link and report link now throw events in embedded interfaces.

  • AN-150492 - Medium
    Fixed an issue with the collection of logs for Health Check on sites with multiple application servers.

  • AN-150827 - Medium
    Fixed an issue which prevented special characters from rendering correctly in internationalized Health Check emails.

  • AN-135117 - Low
    Fixed an issue where changing a group type's name reset the attribute values of dependent groups.

  • AN-150265 - Low
    Updated export function and smart service descriptions will now include column limits.

  • AN-151309 - Low
    When configuring SAML, the Group Membership Synchronization picker now allows the selection of only a single group type.

  • AN-151882 - Low
    Email address validation now allows addresses with non-standard top-level domains.

Release Date: 31 January 2020 (released as Hotfix Package C)

Resolved Issues

  • Security Updates - Medium

  • AN-148700 - High
    Fixed an issue that sometimes caused UIs to error when navigating quickly while reevaluation requests were in progress.

  • AN-148160 - High
    A race condition that could prevent a clean shutdown of multi-node sites has been prevented.

  • AN-148043 - High
    When using IE11 in compatibility mode to authenticate to Appian via SAML, an error which prevents sign-in no longer occurs.

  • AN-147957 - High
    Application server performance under high concurrency has been improved.

  • AN-146311 - High
    A condition that could cause the process execution engines to use abnormally high amounts of CPU has been removed.

  • AN-146273 - High
    Fixed an issue where Interface Designer would revert changes in Design Mode.

  • AN-145981 - High
    An error that could prevent proper shutdown that would prevent upgrading has been prevented.

  • AN-142514 - High
    Fixed an issue that would have been introduced by an upcoming Chrome version, Chrome 80, where embedded users would be unable to login.

  • AN-149577 - Medium
    Fixed an issue where date fields in Application Portal forms were rendered incorrectly in Firefox.

  • AN-148308 - Medium
    Fixed an issue where Health Check froze when attempting to retrieve a report from Community.

  • AN-148138 - Medium
    Fixed issue causing Query Database smart service to pause by exception when its first input is null

  • AN-148009 - Medium
    Fixed an issue that was preventing Quick App sites from properly displaying Tasks as links

  • AN-147592 - Medium
    Fixed an issue where all record list errors displayed the same generic message instead of the correct error message.

  • AN-147434 - Medium
    The presence of gzip files in the logs directory will no longer cause an exception during Health Check data collection.

  • AN-147232 - Medium
    Reduces the number of messages broadcast between app servers, resulting in a performance improvement in the engines.

  • AN-146474 - Medium
    Fixed an issue where confirmation boxes now display correctly when using Internet Explorer with Document Viewer.

  • AN-148269 - Low
    A new option for dns resolution for connections over an Appian Cloud VPN tunnel to always use the first dns entry rather than round-robin across entries.

  • AN-147760 - Low
    The engine recovery script no longer encounters an error when reinserting transactions into the engine transaction log.

  • AN-146688 - Low
    Knowledge center administrators are no longer displayed in the role maps of document folders that do not inherit security.

  • AN-146512 - Low
    The cleanup script no longer removes archived kdb files when the logs parameter is specified.

  • AN-142533 - Low
    Fixed an issue where fonts were not applied correctly in Embedded interfaces.

  • AN-60854 - Low
    A 'Report-Only' Content Security Policy header has been added.

Release Date: 13 December 2019 (Released as Package B)

Resolved Issues

  • Security Updates - High

  • AN-145504 - Critical
    For security reasons, the Query DB Node smart service has been updated. Customers running the LOAD DATA INFILE command against a MySQL instance (only applicable to Configured Data Sources; not applicable to the Appian Cloud database) from a Query DB Node in a Process Model must set the conf.data.load.infile.paths custom property as a comma-separated list of file paths to whitelist the required directories. If the property is not set, any Process Model using this command will pause by exception at runtime. This command is generally used to periodically load data from files into the database, and so we expect that most customers will not have to take the required action described here.

  • AN-146029 - High
    Fixed an issue that caused the username field on the Forgot Password page to be auto-capitalized.

  • AN-146210 - High
    Saving user filters is now visible on all record types.

  • AN-146412 - High
    Clicking on a start process link after the SAIL cache is full no longer results in a full-screen error.

  • AN-147053 - High
    A memory leak in service manager has been resolved.

  • AN-145522 - Medium
    A stability fix for service manager in the case of an unstable or degraded zookeeper cluster.

  • AN-145736 - Medium
    The service manager process is now more robust to leadership changes during the startup process.

  • AN-146140 - Medium
    An error retrieving document statistics on highly-available installations has been resolved.

  • AN-145712 - Medium
    Fixed an issue with the Dynamics connected system that prevented creating or updating entity records with lookup fields.

  • AN-147070 - Medium
    Fixed an issue that prevented failed Health Check runs from being properly recorded.

  • AN-147232 - Medium
    Reduces the number of messages broadcast between app servers, resulting in a performance improvement in the engines.

  • AN-141142 - Low
    The service manager process is now robust to multiple copies of the same engine running when only one is configured.

  • AN-146167 - Low
    Fixed an issue where engine_disk_usage.csv was not logging accurate values for some directories

  • AN-146705 - Low
    Fixed an issue causing Search Server to break a site that is low on disk space

Release Date: 22 November 2019 (Released as Hotfix Package A)

Resolved Issues

  • Security Updates - Critical

  • AN-144440 - High
    A race condition in service manager that could lead to site unavailability has been resolved.

  • AN-139947 - Medium
    System memory use for Appian Cloud sites has been reduced.

  • AN-144781 - Low
    The accent color is now correctly applied to all links in Tempo.

  • AN-145596 - Low
    Stability improvement for service manager component.

Installation

Perform the following steps to apply the hotfix:

  1. Before proceeding with applying the hotfix, there may be prerequisite steps to follow:
    1. Check if you are applying this hotfix to a version of Appian with the Komodo library version 1.230.0 by viewing the library version in <APPIAN_HOME>/services/lib
    2. If the komodo-1.230.0.jar file (with that exact version number) is present, following the instructions in KB-2084 before proceeding.
  2. Stop Appian. See Starting and Stopping Appian for detailed instructions:
    1. Shut down the application server.
    2. Shut down the search server.
    3. Shut down the data server.
    4. Shutdown all Appian Engines, ensuring that the engines are checkpointed upon shutdown.
  3. Back up your existing Appian instance. See Backing Up Your Existing Appian Instance for instructions.
  4. Unzip the contents of the 19.4.0.0_Hotfix_Package_J.zip archive into your <APPIAN_HOME> directory.
  5. Run the deleteFiles script (deleteFiles.bat on Windows, deleteFiles.sh on Linux) that is now located in your <APPIAN_HOME> directory.
    • If the script reports that some files were not deleted, address the reason for the failure (common causes listed below), and run it again until it no longer reports failed deletions.
    • Common causes of failed file deletion include:
    • The file is open in another window or process
    • The file is locked
    • You do not have permission to delete the file
  6. Unzip the contents of the updates.zip archive that is now located your <APPIAN_HOME> directory.
  7. Run the installJdk script (installJdk.bat on Windows, installJdk.sh on Linux).
  8. If you maintain customized or overridden Spring Security .xml files, merge them with the associated base files in the /deployment/web.war/WEB-INF/conf/security/ directory.
  9. Delete the deleteFiles scripts, the installJdk scripts, the OpenJDK .tar.gz and .zip files, and updates.zip.
  10. If you are using a Web server, copy the content of <APPIAN_HOME>/deployment/web.war to the folder where the Web server is getting the static resources. See Copy Static Resources to the Web Server for more information.
  11. Run the configure script to deploy your environment's configuration and re-configure any node names previously set by the configure script tools.
  12. Start Appian:
    1. Start the Appian Engines.
    2. Start the data server.
    3. Start the search server.
    4. Start the application server.

To determine if Appian 19.4 Hotfix Package J is deployed, open the build.info file located in <APPIAN_HOME>/conf/. The contents of this file should match the following code sample:

build.revision=4a2ab3cf1872ebcdab5820b7781eb48b4ad8921f
build.version=19.4.203.0
Open in Github

On This Page

FEEDBACK