Hotfixes

The following hotfix is available for Appian 20.1.

Hotfix Package H

This is a cumulative hotfix package that includes Hotfix Packages A, B, C, D, E, F, and G as well as new hotfixes in a single download and a set of instructions. This package is required for any Appian 20.1 installations not currently on Hotfix Package H. After installing, you will be running on Appian 20.1 Hotfix Package H.

See the Installation section at the bottom of this page for instructions on how to install this hotfix package.

20.1 Hotfix Package H

Release Date: 20 November 2020 (Package H)

Resolved Issues

  • Security Updates - High

  • AN-168877 - Medium
    Process history now properly displays a user whose username was changed. Prior to this fix, process history would display a blank user for users whose username was changed.

  • AN-170363 - Medium
    Fixed an issue that caused interfaces to become unresponsive after submitting a record action dialog and then quickly opening another record action dialog.

  • AN-171665 - Medium
    Update RPA Execute Process Integration to fix issue of an empty dropdown parameter value causing error

  • AN-171833 - Medium
    Fixed an issue that caused interfaces to become unresponsive after submitting a record action dialog and then quickly opening another record action dialog.

  • AN-164728 - Low
    Users with a null username can no longer be reactivated using the Reactivate User Smart Service. Prior to this fix, it was possible to reactivate a user with a null username causing errors while accessing the user.

  • AN-165165 - Low
    When duplicating objects, developers are no longer added to the security rolemap as an administrator if they already belong to a group with administrator permissions.

  • AN-168586 - Low
    When deploying applications to a target environment, developers are no longer added to the application's security rolemap as an administrator if they already belong to a group with administrator permissions.

  • AN-170066 - Low
    Fixed an issue that prevented system administrators from logging in when they are not part of the Designer and Application User groups.

  • AN-171145 - Low
    Duplicating a process model now correctly generates new node UUIDs.

Release Date: 30 October 2020 (Released as Package G)

Resolved Issues

  • Security Updates - High

  • AN-143009 - High
    Nested CDTs with date or datetime fields are now not updated redundantly when the parent CDT is updated. This results in performance improvement during writes to parent CDTs.

  • AN-165870 - High
    Processes archived after adding additional process execution shards beyond the default three can now be unarchived safely. Prior to this fix, unarchiving these processes would fail due to data corruption.

  • AN-166375 - High
    Processes that were archived prior to version 6.6.3 can now be successfully unarchived. Prior to this fix, unarchiving these process caused the process execution engine to rollback in some scenarios.

  • AN-168308 - High
    Fixed an issue that caused an error when opening certain related actions in a dialog box.

  • AN-167283 - Medium
    Fixed an issue where navigating quickly between pages on a site could cause an unexpected error.

  • AN-168025 - Medium
    Fixed an issue that prevented Search Server settings from getting applied to a site.

  • AN-168003 - Low
    Unused configuration files have been removed from the Service Manager conf directory.

  • AN-168554 - Low
    Fixed an issue with a broken documentation link in the Button Widget validation parameter.

Release Date: 25 September 2020 (Released as Package F)

Resolved Issues

  • Security Updates - High

  • AN-143009 - High
    Nested CDTs with date or datetime fields are now not updated redundantly when the parent CDT is updated. This results in performance improvement during writes to parent CDTs.

  • AN-165870 - High
    Processes archived after adding additional process execution shards beyond the default three can now be unarchived safely. Prior to this fix, unarchiving these processes would fail due to data corruption.

  • AN-166375 - High
    Processes that were archived prior to version 6.6.3 can now be successfully unarchived. Prior to this fix, unarchiving these processes caused the process execution engine to rollback in some scenarios.

  • AN-168308 - High
    Fixed an issue that caused an error when opening certain related actions in a dialog box.

  • AN-167283 - Medium
    Fixed an issue where navigating quickly between pages on a site could cause an unexpected error.

  • AN-168025 - Medium
    Fixed an issue that prevented Search Server settings from getting applied to a site.

  • AN-168003 - Low
    Unused configuration files have been removed from the Service Manager conf directory.

  • AN-168554 - Low
    Fixed an issue with a broken documentation link in the Button Widget validation parameter.

Release Date: 21 August 2020 (Released as Package E)

Resolved Issues

  • Security Updates - High

  • AN-153413 - High
    Fixed an issue where importing types or deploying a plugin in some scenarios would cause the process design engine to rollback

  • AN-162502 - High
    The engine startup sequence has been streamlined so that if a problem occurs during startup, it will fail quickly rather than after a prolonged timeout. Previously, certain conditions could make engine startup hang for up to 10 minutes before failing.

  • AN-163470 - High
    Newly added process execution engines now properly validate for missing users. Prior to this fix, certain functionality such as unarchiving processes would fail if they contained one of the missing users.

  • AN-164452 - High
    Health Check no longer collects certain audit logs during data collection.

  • AN-164491 - High -
    Fixed an issue that caused the Start Doc Extraction Smart Service node to fail after upgrading a site from 20.1 to a higher version.

  • AN-164708 - High
    Improved performance of larger interfaces when the system is under high load.

  • AN-165843 - High
    Archived processes that are missing user UUIDs can now be unarchived safely. The missing users in the unarchived process will show up as "null" in the unarchived process. Prior to this fix the process execution engine could roll back in such a situation, causing a temporary outage. The issue causing processes to archive with missing user UUIDs was fixed in a different hotfix (see AN-160176).

  • AN-160413 - Medium
    Fixed an issue where rule renaming did not automatically rename rules called in the expression editor in the record header configuration.

  • AN-162346 - Medium
    Fixed an issue that prevented process model comparisons from rendering when sub-process nodes contain certain custom data type inputs.

  • AN-162600 - Medium
    Modal dialogs now show a visual indicator when the dialog itself has keyboard focus.

  • AN-163121 - Medium
    Linked cards are now properly included in the list of links dialog when using assistive technologies.

  • AN-163494 - Medium
    Reduced memory footprint of the Read-Only Grid Component.

  • AN-163516 - Medium
    An issue resulting in an excessive number of threads in a waiting state on a site after the usage of data stores has been resolved.

  • AN-164042 - Medium
    Health Check data collection no longer fails due to certain invalid application configurations.

  • AN-164662 - Medium
    Fixed an issue that occasionally caused types to be cached incorrectly in the system on appserver startup.

  • AN-164748 - Medium
    Fixed an issue that caused record types to appear to be modified

  • AN-165492 - Medium
    Improved performance when editing interfaces containing large data structures. This prevents an issue where certain interfaces may fail to load.

Release Date: 24 July 2020 (Released as Package D)

Resolved Issues

  • Security Updates - High

  • AN-160176 - High
    New users created after adding additional process execution shards beyond the default three are now properly populated in the newly added execution engine shards. Prior to this fix, certain functionality such as unarchiving processes would fail if they contained one of the newly-created users. This restores behavior to be consistent with version 19.4 and earlier.

  • AN-160317 - High
    Fixed an issue with component plug-ins where users on Google Chrome 83 could not download the embedded content.

  • AN-160805 - High
    Engines are more resilient during network instability and will eventually succeed in leader election even through connection loss.

  • AN-161531 - High
    Restore the previous default encoding to UTF-8 for integration responses that don't explicitly specify a charset.

  • AN-161604 - High
    Added the ability for plug-ins to access packages from the Oracle JDBC jar that ships with Appian.

  • AN-161752 - High
    Data cleanup procedures that run on site startup now run asynchronously so that the do not block the startup process.

  • AN-161767 - High
    Reduced memory footprint and improved stability of the application server in certain cases.

  • AN-93216 - Medium
    The login behavior is now consistent when attempting authentication with invalid credentials and the system has both SAML and LDAP authentication mechanisms configured and enabled.

  • AN-152118 - Medium
    Service manager will now log an exception if checkpointing is disrupted due to disk access. This will then ensure the process does not hang indefinitely.

  • AN-160320 - Medium
    The default Administrator account can no longer authenticate with its default password if other system administrator accounts exist.

  • AN-160322 - Medium
    Creating a System Administrator user via passwords.properties during initial installation now invalidates the default Administrator account's default password.

  • AN-160350 - Medium
    When viewing the process history of a process, the values of process variables of type user now show the new username for users that have been renamed instead of blank. This restores behavior to be consistent with version 19.4 and earlier.

  • AN-161467 - Medium
    Fixed an issue in the process modeler that allowed for the creation of process variables with invalid types.

  • AN-162191 - Medium
    A custom property has been added to make it easier to connect with databases that have case-sensitive collation configured. This property allows customers to work around the scenario of data stores not validating due to the application server lower-casing the schema defined in the XSD. On-premise customers can set "conf.data.teneo.naming.strategy" property in custom.properties to "none" to access the problematic entities. For cloud customers, the same property can be set via a Support case.

  • AN-163423 - Medium
    Health Check now gracefully handles the presence of multiple gzip files in the logs directory.

  • AN-163541 - Medium
    It is no longer allowed to create a business data source in the Admin Console with the same name as the Appian Cloud provided business data source.

  • AN-73461 - Low
    Fixed an issue where a horizontal scrollbar displayed when using Arabic language.

  • AN-154892 - Low
    It is no longer required to run the ResetAnalytics script on all servers, it can be run on any server running an analytics engine. Additionally, the script now has improved logging and can be used on distributed sites where components are distributed across multiple physical machines.

  • AN-158425 - Low
    Plug-ins that use the Apache Velocity library can now be deployed to sites running in Appian Cloud. The system now provides a default properties configuration for Velocity so that log files are written to the proper directory.

  • AN-158574 - Low
    Removed a broken documentation link from expression-backed records created prior to 18.3

  • AN-160904 - Low
    A potential thread deadlock when connecting to a data source has been removed.

  • AN-161107 - Low
    Updated Java API documentation to ensure consistent terminology for terms: allow list, block list, main, and shard.

  • AN-161470 - Low
    Fixed an issue where references to a!refreshVariable could be displayed as their internal storage form after upgrade.

  • AN-161558 - Low
    Updated interface and data type designers to use improved terminology: ""grid with detail view"" and ""parent-child""

  • AN-162015 - Low
    Users that have had a username rename performed are now listed correctly in the Record Type Security dialog in Appian Designer.

  • AN-162270 - Low
    Rule input expressions in the Forms tab of a process node now display system rules in a human-readable format.

  • AN-163464 - Low
    Added support for sending of intermediate client certificates. This affects only newly uploaded client certificates, and will not change the behavior of previously uploaded certificates.

Release Date: 19 June 2020 (Released as Package C)

Resolved Issues

  • Security Updates - Medium

  • AN-159696 - High
    Fixed an issue where Dictionary could not be cast to RecordType in certain situations

  • AN-160012 - High
    Preemptively updated the cache to prevent errors when interacting with Appian Designer.

  • AN-160126 - High
    The stability of the process execution engine has been improved. Previously, a user ID stored in the engine in an unexpected format could cause the engine to rollback, causing a temporary service outage for process execution.

  • AN-160477 - High
    Screen reading software now correctly reads content within non-collapsible sections and boxes in Internet Explorer 11. This is not an issue in other browsers.

  • AN-161240 - High
    Fixed an issue where a process model could automatically save an incorrect version with missing node connections, swim lanes, or data output targets when using RecordType as an input type to a User Input Task.

  • AN-147793 - Medium
    Process archive directories on the filesystem are now created by the application server instead of the process execution engines in order to improve stability when engines are under high load or near the underlying server's memory capacity.

  • AN-150573 - Medium
    A data migration in the notifications engine now gracefully handles the rare case of mix of user identifier types. Previously, there was a chance of a rollback when encountering such a scenario.

  • AN-153600 - Medium
    When replaying transactions from the transaction log, Service Manager will now discard messages that have already been written to the engine

  • AN-156333 - Medium
    Blocks the /suggest/ endpoints from being end-user accessible when Portal is disabled

  • AN-156806 - Medium
    Fixed an issue where saving an expression with unbalanced parentheses or brackets could cause an expression to use older versions of functions.

  • AN-157262 - Medium
    The "Back to sign-in page" link on the "Forgot Password" page is now keyboard accessible.

  • AN-158447 - Medium
    This doesn't change any user-facing functionality, but sets up logic to enable us to easily change permission levels in uri-list.csv and auto-generate the remaining files.

  • AN-157615 - Medium
    The import error message for a missing Record Action precedent now includes the corresponding Record Type’s UUID in addition to the Record Action’s UUID.

  • AN-160248 - Medium
    Fixed an issue with the web content component where users on Google Chrome 83 could not download the embedded content.

  • AN-160973 - Medium
    The multiple dropdown component now shows visual indication of keyboard focus when the user's keyboard focus is on a selected option.

  • AN-142032 - Medium
    Search Server now does not repeatedly retry indexing a contiguous string greater than 32k in length. Any error due to such strings is now printed only once in the application server log.

  • AN-155604 - Low
    Deletes certain htmlarea example files that were not needed and could expose information

  • AN-155620 - Low
    Blocks certain endpoints within htmlarea from being end-user accessible when Portal is disabled

  • AN-159576 - Low
    Fixed an issue where the Trends report in Quick Apps shows an error if user field is used.

  • AN-160994 - Low
    Fixed an issue that caused column layout alignment issues.

Release Date: 22 May 2020 (Released as Package B)

Resolved Issues:

  • Security Updates - High

  • AN-155505 - High
    Kafka shutdown will no longer hang if Zookeeper is already down on any other node of the cluster.

  • AN-156879 - High
    Record types that contain record action components in the record list now import successfully.

  • AN-157887 - High
    Engine replicas that failed to start or failed to replicate due to an IllegalReferenceCountException are now able to start and replicate transactions properly.

  • AN-158972 - High
    Fixed an issue where users not in the "Tempo Users" group would see an error in record action dialogs.

  • AN-140219 - Medium
    Resolved an issue where the changes to the maximum file upload size property were not remembered on cloud sites.

  • AN-145552 - Medium
    Fixed a race condition on engine startup that could pollute the service manager logs with illegal state transition warnings

  • AN-151465 - Medium
    Fixed an issue where read-only grid columns using rule inputs as parameter values caused some interfaces to error on initial load.

  • AN-153200 - Medium
    During engine shutdown, Service Manager will verify that the last transaction written to the engine matches the last transaction written to Kafka in order to eliminate the need to replay any transactions when the engine starts again.

  • AN-155298 - Medium
    When invoking a web API, the authorization header is now hidden.

  • AN-155590 - Medium
    The engine checkpoint script will now return an exit code 1 when a checkpoint fails, instead of always returning 0

  • AN-156954 - Medium
    Fixed an issue where screen readers did not announce the label in picker fields if the number of selections already reached the maximum.

  • AN-156996 - Medium
    The Start Rule Tests smart services now correctly handle test inputs that reference load variables.

  • AN-157225 - Medium
    The Start Rule Tests smart services now retrieve the most recent version of data types used by test inputs.

  • AN-157229 - Medium
    Updates the Google API endpoint used by the document extraction features. The new endpoint uses the 'US' region by default. Administrators can select between the 'US' and 'EU' regions in the Administration Console.

  • AN-157619 - Medium
    File upload components now validate against adding empty files.

  • AN-157633 - Medium
    Record action dialogs now only show the 'X' to close the dialog on start forms.

  • AN-157650 - Medium
    Site record links are now supported by the Appian for Mobile Devices application. Links to Site records, when invoked on a mobile device, will open in the Appian application if one exists.

  • AN-159511 - Medium
    Record views can now be deleted successfully on all record types where the record header is a color or image. If your application is in this state, export the Record type and import it again to fix the issue.

  • AN-153843 - Low
    The Rule Inputs and Local Variables panes in the Interface Designer now resize correctly when expanding and collapsing a row.

  • AN-154661 - Low
    Fixed Cross Site Scripting Vulnerability in Data Store name

  • AN-156955 - Low
    In the deployments view, direct deployments with multiple database scripts will now always display the scripts in the correct order of execution.

  • AN-157343 - Low
    Fixed XSS in Generate Documentation in Process Modeler

Release Date: 24 April 2020 (Released as Hotfix Package A)

Resolved Issues

  • Security Updates - Critical

  • AN-151874 - Critical
    Topologies configured in appian-topology.xml which distribute a single replica set of engines across multiple hosts now function properly. For instance, with this fix is it possible once again to configure all process-execution and process-analytics engines on one host and the remaining engines on another host. This restores behavior to be consistent with version 19.2 and earlier.

  • AN-141338 - High
    Fixed an issue where publishing a process model in some scenarios would cause the system to rollback

  • AN-142514 - High
    Fixed an issue that would have been introduced by an upcoming Chrome version, Chrome 80, where embedded users would be unable to login.

  • AN-149140 - High
    For security reasons, the Query Database Smart Service has been updated. Customers cannot run the LOAD DATA LOCAL INFILE command against a MySQL database by default from a Query Database Node in the Process Model. To provide higher security, for Appian Cloud customers, this command was already disabled at the database level for the Appian Cloud database and at the JDBC level for configured MySQL databases. There is no impact or action for Cloud customers. On-premise customers who wish to use this command must set the conf.data.mysql.loaddata.enabled property to "true" and conf.data.load.infile.path property as a comma-separated list of paths to whitelisted directories that contain the files to be loaded. If the required properties are not set, any Process Model using this command will pause by exception at runtime. This command is generally used to periodically load data from files into the database, and so we expect that most customers will not have to take the required action.

  • AN-149305 - High
    JDBC connector configuration property "autoDeserialize" has been set to false for all MySQL database connections, in order to improve security.

  • AN-149577 - High
    Record tag styling and other text color in Tempo has been updated to meet WCAG 2.1 accessibility compliance.

  • AN-150186 - High
    The engine transaction logs are now protected against recording additional transactions after the checkpoint request during system shutdown. Prior to this protection, a race condition could cause a transaction to be recorded after checkpointing on shutdown, which can complicate subsequent upgrades or hotfixes.

  • AN-151501 - High
    Fixed a SharePoint connected system issue that resulted in 403 Unauthorized errors on integration requests.

  • AN-151615 - High
    Fixed an issue on the Details tab of Health Check reports where some findings failed to display process model names.

  • AN-153911 - High
    The performance of dictionaries with a large number of fields has been improved.

  • AN-155163 - High
    Fixed an issued where the users page in the design console was inaccessible in some scenarios

  • AN-155324 - High
    Embedded interfaces now work correctly when Appian and the SAML IdP are hosted on the same domain.

  • AN-155496 - High
    Disabled web content fields no longer receive keyboard focus.

  • AN-155927 - High
    Fixed an issue with process reports that could cause it to fail when associated with a custom data type with multiple versions

  • AN-157111 - High
    Document Extraction no longer returns an error when processing PDF files that contain checkboxes.

  • AN-118361 - Medium
    The primary engine will checkpoint in the event of a replica encountering a transaction replay error. This allows the replica to restart quickly and eliminates the need to replay on restart.

  • AN-130269 - Medium
    Engine checkpoint requests are now always routed to running replicas when using the High Availability configuration. Previously, they could be sent to a non-running replica, which would cause the checkpoint request to be rejected.

  • AN-137156 - Medium
    Fixed an issue in the Interface Designer which prevented Design Mode from loading when using a!groupsByName().

  • AN-149342 - Medium
    Fixed an issue where styled icons with submit links in IE11 opened a blank tab on click.

  • AN-149680 - Medium
    Fixed an issue where Health Check incorrectly marked certain Appian APIs used by plug-ins as removed.

  • AN-150268 - Medium
    Start process link and report link now throw events in embedded interfaces.

  • AN-150492 - Medium
    Fixed an issue with the collection of logs for Health Check on sites with multiple application servers.

  • AN-150731 - Medium
    Fixed an issue with the getUsernameByUuid API that could result in null users

  • AN-150827 - Medium
    Fixed an issue which prevented special characters from rendering correctly in internationalized Health Check emails.

  • AN-152705 - Medium
    a!queryProcessAnalytics no longer returns an error when an empty list is provided as the query.

  • AN-153968 - Medium
    Health Check now collects the log for the Execute Stored Procedure plug-in.

  • AN-154329 - Medium
    Improved performance of Interface Designer for interfaces with deeply nested components.

  • AN-154589 - Medium
    Fixed an issue with Search Server log rotation.

  • AN-155365 - Medium
    Health Check no longer fails when collecting files that contain invalid characters.

  • AN-155700 - Medium
    A graceful shutdown of the Service Manager will now properly complete even if the Service Manager file loggers are experiencing difficulties with disk access.

  • AN-155929 - Medium
    Fixed a cosmetic process modeler issue that removed swim lane and node connection information from parent processes in monitoring view

  • AN-156132 - Medium
    Fixed an issue that incorrectly warned developers that others were editing the same process model.

  • AN-156168 - Medium
    When invoking a web API using an API key for authentication, the header containing the key is now hidden.

  • AN-156396 - Medium
    Fixed an issue that prevented creating a process model by duplicating a model selected via the browser.

  • AN-156504 - Medium
    Trailing whitespaces have been removed from the username field on the "Forgot Password" screen to ensure users receive password reset emails.

  • AN-135117 - Low
    Fixed an issue where changing a group type's name reset the attribute values of dependent groups.

  • AN-151100 - Low
    Service manager metrics logs will now record an error message in the service manager log if the logging process fails due to an exception.

  • AN-151309 - Low
    When configuring SAML, the Group Membership Synchronization picker now allows the selection of only a single group type.

  • AN-151650 - Low
    Toggles such as the Design Mode or Expression Mode in Interface Designer will no longer move its text or icon jump, when mousing over it on a zoomed-in browser page.

  • AN-151882 - Low
    Email address validation now allows addresses with non-standard top-level domains.

  • AN-152521 - Low
    The web_api .csv files in logs/perflogs no longer include internal functionality in their invocation counts. The counts now only reflect invocation of developer-specified Web API design objects.

  • AN-154339 - Low
    Fixed an issue with Liquibase handling of Oracle DB timestamp values

  • AN-155339 - Low
    It is now possible to successfully run the Engine Restart Script without any additional configuration.

  • AN-155514 - Low
    Fixed an issue in record user filters on mobile where an error displayed when using a newer version mobile client.

Installation

Perform the following steps to apply the hotfix:

  1. Stop Appian. See Starting and Stopping Appian for detailed instructions:
    1. Shut down the application server.
    2. Shut down the search server.
    3. Shut down the data server.
    4. Shutdown all Appian Engines, ensuring that the engines are checkpointed upon shutdown.
  2. Back up your existing Appian instance. See Backing Up Your Existing Appian Instance for instructions.
  3. Unzip the contents of the 20.1.0.0_Hotfix_Package_H.zip archive into your <APPIAN_HOME> directory.
  4. Run the deleteFiles script (deleteFiles.bat on Windows, deleteFiles.sh on Linux) that is now located in your <APPIAN_HOME> directory.
    • If the script reports that some files were not deleted, address the reason for the failure (common causes listed below), and run it again until it no longer reports failed deletions.
    • Common causes of failed file deletion include:
    • The file is open in another window or process
    • The file is locked
    • You do not have permission to delete the file
  5. Unzip the contents of the updates.zip archive that is now located your <APPIAN_HOME> directory.
  6. Run the installJdk script (installJdk.bat on Windows, installJdk.sh on Linux).
  7. If you maintain customized or overridden Spring Security .xml files, merge them with the associated base files in the /deployment/web.war/WEB-INF/conf/security/ directory.
  8. Delete the deleteFiles scripts, the installJdk scripts, the OpenJDK .tar.gz and .zip files, and updates.zip.
  9. If you are using a Web server, copy the content of <APPIAN_HOME>/deployment/web.war to the folder where the Web server is getting the static resources. See Copy Static Resources to the Web Server for more information.
  10. Run the configure script to deploy your environment's configuration and re-configure any node names previously set by the configure script tools.
  11. Start Appian:
    1. Start the Appian Engines.
    2. Start the data server.
    3. Start the search server.
    4. Start the application server.

To determine if Appian 20.1 Hotfix Package H is deployed, open the build.info file located in <APPIAN_HOME>/conf/. The contents of this file should match the following code sample:

build.revision=141e92622367566506a6606aeb23423509eb8f1b
build.version=20.1.350.0
Open in Github

On This Page

FEEDBACK