This page lists all the recent hotfixes for Appian 22.2.

Hotfix package (17 May 2024)

Self-managed customers can use the following links to download and install the hotfixes package. If you are managing Appian on Kubernetes, instead of using the links below, you'll need to upgrade to the latest Appian on Kubernetes images to apply the hotfixes.

• Hotfix package 22.2.2240.0
• Installation instructions

This cumulative hotfix package includes all resolved issues listed below in a single download. This hotfix is required for any Appian 22.2 installations not currently up to date with the latest hotfixes. After installing, you will be running on Appian 22.2.2240.0.

You can view your current self-managed Appian version by logging into your Appian environment as a designer or system administrator and clicking the navigation menu > About Appian.

The package resolves the following issues.

22.2.2240.0 (17 May 2024)

• Security Updates - Medium

22.2.2210.0 (09 May 2024)

• Security Updates - Medium

22.2.2190.0 (02 May 2024)

• Security Updates - High

22.2.2170.0 (25 Apr 2024)

• Security Updates - High

22.2.2155.0 (18 Apr 2024)

• Security Updates - High

• AN-266346 - Medium
  Apache Kafka upgrade to 3.7.0

• AN-270014 - Medium
  Search Server (Elasticsearch) is now upgraded to version 7.17.19.

22.2.2140.0 (11 Apr 2024)

• Security Updates - High

22.2.2135.0 (04 Apr 2024)

• Security Updates - High

22.2.2125.0 (28 Mar 2024)

• Security Updates - High

22.2.2100.0 (21 Mar 2024)

• Security Updates - High

• AN-265887 - High
  Upgraded atlassian library

• AN-265165 - Low
  Fixed an issues where engine process metrics were not properly collected.

22.2.2085.0 (14 Mar 2024)

• Security Updates - Medium

• AN-261813 - High
  Resolved an issue to prevent cloud database replication failure in the HA configuration by setting the value of the slave_parallel_mode variable to conservative.

22.2.2065.0 (07 Mar 2024)

• Security Updates - Medium

• AN-259725 - High
  Upgraded ion-java library

22.2.2040.0 (28 Feb 2024)

• Security Updates - Medium

• AN-259435 - High
  Removal of special characters (non alpha numeric) from the exception REST API response

22.2.2020.0 (22 Feb 2024)

• Security Updates - High

• AN-244356 - High
  Upgraded Jackson Core , Databind and Annotations in Dynamics and Sharepoint Connected Systems

• AN-264450 - High
  Resolved an issue where phpMyAdmin failed to automatically log in users when a special character was set in the company.name site property.

• AN-258702 - Medium
  Fixed an issue that caused embedded Appian to break for 1% of Google Chrome users, following a recent change by Google.

22.2.1995.0 (15 Feb 2024)

• Security Updates - Critical

• AN-257532 - Medium
  Security Improvement

22.2.1980.0 (08 Feb 2024)

• Security Updates - Critical

• AN-263504 - High
  Production release of AMP stratus log streaming migration

22.2.1955.0 (02 Feb 2024)

• Security Updates - Medium

• AN-261480 - Medium
  Resolved an issue where the phpMyAdmin banner color was not properly displayed based on the configuration.

22.2.1935.0 (26 Jan 2024)

• Security Updates - Medium

22.2.1915.0 (19 Jan 2024)

• Security Updates - High

• AN-255863 - Medium
  Upgraded jackson databind in blueprism connected system

• AN-255864 - Medium
  Upgraded jackson libraries in salesforce-multi

• AN-259099 - Medium
  The ability to store and view attachments on a process was deprecated in the low-code platform version 16.3, and has now been removed from platform versions later than 21.4. This change fixes an issue hampering the opening of Portlet dialogs caused by this removal.

• AN-256587 - Low
  The ability to store and view attachments on a process was deprecated in the low-code platform version 16.3, and has now been removed from platform versions later than 21.4.

22.2.1880.0 (05 Jan 2024)

• Security Updates - High

• AN-255692 - High
  Updated grpc, google cloud, jackson databind, jackson annotations and jackson core libraries

• AN-245877 - Low
  Set entity expansion limit to 100 for XML for import export functionality

22.2.1855.0 (21 Dec 2023)

• Security Updates - Critical

• AN-252629 - Low
  Fixed an issue that caused requests to the data service to timeout during recovery from component failure.

22.2.1835.0 (14 Dec 2023)

• Security Updates - High

• AN-255533 - High
  Search Server (Elasticsearch) is now upgraded to version 7.17.15.

• AN-255482 - Medium
  Updated xmlsec library to version 2.2.6

22.2.1815.0 (06 Dec 2023)

• Security Updates - High

22.2.1800.0 (30 Nov 2023)

• Security Updates - Critical

• AN-251917 - Critical
  Updated ActiveMq library

• AN-255270 - High
  Updated Jetty library to version 9.4.53.v20231009.

• CN-25284 - High
  Fixed and issue with session management for Appian Cloud.

• AN-254029 - Low
  Security Improvements

22.2.1766.0 (17 Nov 2023)

• AN-254031 - High
  Resolved an issue with High Availability Appian Cloud sites not being able to deactivate users.

22.2.1765.0 (16 Nov 2023)

• Security Updates - Critical

• AN-249920 - Medium
  Fixed an issue that prevented the slow log of the cloud database from being persisted on disk when restarting a site.

22.2.1740.0 (09 Nov 2023)

• Security Updates - Critical

• AN-250737 - High
  Updates to google cloud, google cloud storage, jackson-databind, and grpc libraries within the Google Cloud Connected Systems

• AN-249650 - Medium
  Updated support for checkpoint script to be initiated from any node, not just the primary node.

22.2.1727.0 (03 Nov 2023)

• Security Updates - High

22.2.1710.0 (26 Oct 2023)

• Security Updates - Critical

• AN-250045 - High
  Fixed display of HTML elements as text in rich text editor for Send-Email body node in Process Model

• AN-243892 - Low
  Fixed an issue that was causing users to encounter error code 500 when trying to access the cloud database through phpMyAdmin.

22.2.1706.0 (20 Oct 2023)

• Security Updates - High

• AN-245611 - High
  Security Improvement

• AN-247910 - Medium
  Fixed an issue that where a process would return an incorrect response instead of abort.

• AN-249274 - Medium
  Fixed an issue with defining the maximum checkpoint limit for Service Manager.

22.2.1686.0 (13 Oct 2023)

• Security Updates - Low

• AN-248721 - High
  Fixed issue where process models could not be saved if HTML decoding in the message Body of the Send Email node occurred

22.2.1680.0 (05 Oct 2023)

• Security Updates - High

• AN-246311 - High
  Updated third party libraries

• AN-243743 - Medium
  A maximum statement timeout of 12 hours is applied to all select queries executed through the Enhanced Data Pipeline (EDP) to prevent Appian Cloud database restart issues caused by long innodb_history_list_length.

22.2.1655.0 (28 Sep 2023)

• Security Updates - Critical

22.2.1635.0 (21 Sep 2023)

• Security Updates - Critical

• AN-242849 - Low
  TLS 1.1 has been disabled for Enhanced Data Pipeline due to various security issues. Refer to your tool’s documentation for instructions on connecting to an external database using TLS 1.2 or TLS 1.3. Alternatively, you can try adding the properties enabledSslProtocolSuites=TLSv1.2 and useSsl=true to your database connection string.

22.2.1620.0 (14 Sep 2023)

• Security Updates - High

• AN-240370 - Medium
  Updated Bouncy Castle library

• AN-244680 - Medium
  Updated guava library in the salesforce connected system

22.2.1595.0 (07 Sep 2023)

• Security Updates - High

• AN-238159 - High
  Updates to Netty library

• AN-244313 - High
  Security Improvement

• AN-207776 - Low
  Updating time picker placeholder text for 24hr-based locales.

• AN-234229 - Low
  Security Improvement

• AN-244525 - Low
  Security Improvement

22.2.1575.0 (31 Aug 2023)

• Security Updates - High

• AN-237829 - High
  Updated the guava, jackson databind, jackson core, and jackson annotations libraries.

• AN-241110 - High
  Updated spring security library

• AN-219753 - Medium
  Fixed an issue that allowed open redirects from being caught by validation.

• AN-156340 - Low
  Adding additional engine logging for troubleshooting

• AN-241206 - Low
  Adding additional logging for Kafka transaction writing for troubleshooting.

22.2.1555.0 (24 Aug 2023)

• Security Updates - High

• AN-243290 - High
  Security Improvements

• AN-236122 - Medium
  Updated Google Cloud Libraries

• AN-242736 - Medium
  The data service query request size limit is now set to 5MB.

• CN-23112 - Medium
  Kakfa performance tuning

• AN-242915 - Low
  Resolved a Kafka startup issue for Windows users.

22.2.1535.0

• Security Updates - High

• AN-240325 - Medium
  Security Improvements

22.2.1510.0 (10 Aug 2023)

• Security Updates - High

22.2.1485.0 (03 Aug 2023)

• Security Updates - Critical

• AN-240839 - Low
  Fixed an issue where Kafka topics would not come online.

22.2.1460.0 (27 Jul 2023)

• Security Updates - Critical

• AN-240255 - High
  Updated Guava Library in the Blueprism Connected System

• AN-237999 - Medium
  Fixed an issue where Kafka topics could not come online.

22.2.1445.0 (20 Jul 2023)

• Security Updates - Critical

• AN-223680 - Medium
  Fixed an issue that was causing significant delays during the checkpoint storage process.

• AN-237908 - Medium
  Updates to bouncycastle in Docusign connected system

• AN-240883 - Low
  Configuring future support of kRaft.

22.2.1420.0 (13 Jul 2023)

• Security Updates - Critical

• AN-225107 - Critical
  Updated Snakeyaml Library

• AN-226846 - Critical
  Updated Snakeyaml library

22.2.1405.0 (06 Jul 2023)

• Security Updates - Critical

• AN-238140 - Critical
  Security Improvement

• AN-203023 - Medium
  Updated POI Library

• AN-221295 - Low
  Updating MirrorMaker support for Appian on Kubernetes customers.

• AN-234393 - Low
  Updated Service Manager start script to support manual transaction replay.

22.2.1385.0 (29 Jun 2023)

• Security Updates - Critical

• AN-238270 - Critical
  Resolved an issue that was causing intermittent "403 Forbidden" errors when accessing a User Start Page site

• AN-217955 - High
  Updated Mozilla Rhino version

• AN-228346 - High
  Updated Google Cloud Translate and Protobuf Libraries

• AN-238044 - High
  Secuity update

• AN-237074 - Medium
  Updates to CMIS Data Connector

22.2.1365.0 (22 Jun 2023)

• Security Updates - Critical

• AN-201242 - Medium
  Updated Kafka server.log storage to now store up to 10 server.log files, 10MB in size each.

• AN-232723 - Low
  Enhanced Kakfka advertised listeners to support MirrorMaker

22.2.1340.0 (15 Jun 2023)

• Security Updates - Critical

• AN-223263 - High
  Windows and Linux now use independent split installers.

• AN-229662 - Low
  Fixed a ZooKeeper leadership election bug that can result in write request rejections.

• AN-234601 - Low
  Fixed an issue with the webapp gracefully stopping.

22.2.1315.0 (08 Jun 2023)

• Security Updates - Critical

22.2.1295.0 (01 Jun 2023)

• Security Updates - Critical

• AN-233537 - High
  Upgrade Atlassian and Jettison Libraries

• AN-235114 - High
  Fixed an issue that caused existing Client Credentials for Web APIs to expire after a year when new Client Credentials were generated.

• AN-234809 - Medium
  Upgrading Tomcat Application Server to 9.0.x

• AN-234223 - Low
  Fixes ADS debug logging issue.

22.2.1280.0 (24 May 2023)

• Security Updates - High

• AN-232634 - High
  Upgraded Elasticsearch to version 7.17.9.

22.2.1255.0 (19 May 2023)

• Security Updates - Critical

• AN-226471 - High
  Upgraded reload4j library

• AN-230001 - High
  Updated Clojure library

• AN-231369 - High
  Upgraded Spring library

• AN-232003 - High
  Integrations no longer fail when using TLS 1.3

• AN-230345 - Medium
  Fixed an issue with groups that have an expression defining "Visibility" where group members were being redirected to Tempo when clicking a task link in an email instead of being directed to the URL configured as the group's "User Start Page".

• AN-231563 - Medium
  Fixed an caching issue that was impacting performance.

• AN-234594 - Low
  Upgrading Redisson Client

22.2.1230.0 (11 May 2023)

• Security Updates - High

• AN-231242 - High
  Upgraded Woodstox library

• AN-232228 - High
  Updated Jackson Databind Library

• AN-233855 - Medium
  Upgraded Spring library

• AN-229296 - Low
  Fixed an issue with certificate regeneration in the "Connected Environments" feature where the generated certificate was attributed to "Administrator" instead of the user who initiated the regeneration.

• AN-232037 - Low
  Upgraded Liquibase to patch release v4.21.1.

22.2.1210.0 (04 May 2023)

• Security Updates - High

• AN-231359 - Critical
  Fixed an issue that caused intermittent "Cannot read properties of null (reading 'getIn')" errors during user site interaction.

• AN-232615 - High
  Security improvements

• AN-233239 - Low
  Better handling of exceptions thrown while processing write requests in ADS.

22.2.1195.0 (28 Apr 2023)

• Security Updates - High

• AN-232946 - High
  Bug fix in expression deserialization that threw unnecessary Invalid Byte Exception

• AN-222925 - Medium
  Updated google-cloud-core-http library

• AN-229971 - Low
  Reduced service manager shutdown time for customers managing Appian on Kubernetes.

22.2.1170.0 (20 Apr 2023)

• Security Updates - High

• AN-223083 - High
  Removed xalan library

• AN-230557 - High
  Some environments had access to develop and manage portals when they should not have. We've fixed the issue so that only organizations with a license to use Appian Portals have access.

22.2.1155.0 (13 Apr 2023)

• Security Updates - High

• AN-229036 - High
  Updates to jackson core, jackson databind, and jackson annotation libraries

• AN-230038 - High
  Updates to Woodstox core asl library

• AN-229685 - Low
  Security Improvements

22.2.1135.0 (06 Apr 2023)

• Security Updates - Critical

• AN-226331 - High
  Update Apache commons-fileupload library

• AN-229993 - Medium
  For Cloud Database, increased max_input_vars value to 2000 to prevent runtime errors from occurring in phpMyAdmin.

22.2.1120.0 (31 Mar 2023)

• Security Updates - Critical

• AN-228562 - High
  Security Improvement

• AN-228321 - Medium
  Error logging for the Execute Stored Procedure Smart Service has been added to the Tomcat logs.

• AN-227900 - Low
  Updated ADS error message to include additional information to help debug the failure.

22.2.1100.0 (23 Mar 2023)

• Security Updates - High

• AN-227457 - High
  Updated Netty Library

• AN-227747 - High
  Updated fasterxml.jackson and google.guava

• AN-211751 - Medium
  Fixed an issue that caused processes to auto-archive by default ignoring the AUTOARCHIVE custom.property setting.

• AN-221502 - Low
  Improved Kafka's logging by suppressing redundant log entries.

22.2.1080.0 (16 Mar 2023)

• Security Updates - Critical

• AN-227752 - Critical
  Security Improvements

• CN-20152 - Critical
  Unsupported non-ASCII256 header values are converted to ?

• AN-220855 - High
  Updated Jackson libraries

• AN-226788 - High
  Fixed an issue that could result in HA site failure when a site's primary engine becomes unavailable.

• AN-227793 - Medium
  Fixed a bug where generating a record action with a data type and data store would fail.

• AN-227422 - Low
  Updated error message to be more descriptive.

22.2.1055.0 (09 Mar 2023)

• Security Updates - Critical

• AN-218002 - Medium
  Appian Cloud Database now uses version 5.2.1 of phpMyAdmin.

22.2.1035.0 (03 Mar 2023)

• Security Updates - High

• AN-223242 - Critical
  Updated jave protobuf, google cloud automl, jackson databind, google cloud core, and google cloud storage libraries within Google Connected Systems

• AN-211063 - High
  Removed extraneous log entries from the MirrorMaker log file to improve overall legibility.

• AN-226698 - High
  Security Improvements

• AN-222300 - Low
  Configure Script now includes the ability to validate an installation.

22.2.1015.0 (24 Feb 2023)

• Security Updates - High

• AN-226155 - High
  CVE Fixed on Jaeger Agent image

• AN-226160 - High
  Security Improvement

• AN-224718 - Low
  Add additional handling to data service delete-kafka-topic script

22.2.995.0 (17 Feb 2023)

• Security Updates - Critical

• AN-225355 - Critical
  The appian.feature.ae.record-access-management.set-rdbms-connector-network-timeout feature toggle and conf.recordsSync.syncRdbmsConnectionNetworkTimeoutMs property in custom.properties can now be set permanently on Appian Cloud environments via an Appian Support case. The toggle enables the timeout property to be applied and the property configures the timeout value (in milliseconds) that will be applied whenever establishing a connection to the RDBMS.

• AN-225317 - High
  The RDBMS networkTimeout has been turned off by default to eliminate disruptions for customers not experiencing network connection problems when communicating with their RDBMS. The default timeout has also been increased to from 30 seconds to 5 minutes when the feature toggle has been turned on.

22.2.975.0 (09 Feb 2023)

• Security Updates - Critical

• AN-222592 - Low
  Fixed an issue where process history replication factors were incorrect following a change in site topology from single node to high availability.

• CN-18110 - Low
  Fixed an issue that prevented shutdown of the Internal Messaging Service for some high availability sites.

22.2.960.0 (02 Feb 2023)

• Security Updates - Critical

• AN-221245 - High
  Kafka Upgrade

• AN-223199 - High
  Prevent ADS issues due to Network Latency

• AN-223684 - High
  Fixed an issue which prevented newly-made Google reCAPTCHA projects from working in a reCAPTCHA Connected System.

• AN-223646 - Medium
  Check if ADS components are up-to-date

Installation

Perform the following steps to apply the hotfix:

1. Stop Appian. See Starting and Stopping Appian for detailed instructions:
   1. Shut down the application server.
   2. Shut down the search server.
   3. Shut down the data server.
   4. Shutdown all Appian Engines, ensuring that the engines are checkpointed upon shutdown.
2. Back up your existing Appian instance. See Backing Up Your Existing Appian Instance.
3. Unzip the contents of the Hotfix package 22.2.2240.0 into your <APPIAN_HOME> directory.
4. Run the deleteFiles script (deleteFiles.bat on Windows, deleteFiles.sh on Linux) that is now located in your <APPIAN_HOME> directory.
   • If the script reports that some files were not deleted, address the reason for the failure (common causes listed below), and run it again until it no longer reports failed deletions.
   • Common causes of failed file deletion include:
   • The file is open in another window or process
   • The file is locked
   • You do not have permission to delete the file
5. Unzip the contents of the updates.zip archive that is now located your <APPIAN_HOME> directory.
6. Run the installJdk script (installJdk.bat on Windows, installJdk.sh on Linux).
7. If you maintain customized or overridden Spring Security .xml files, merge them with the associated base files in the /deployment/web.war/WEB-INF/conf/security/ directory.
8. Delete the following files:
   Linux
   • deleteFiles.sh
   • installjdk script.sh
   • OpenJDK8U-jdk_x64linux_hotspot.tar.gz
   • updates.zip

   Windows

   • deleteFiles.bat
   • installjdk script.bat
   • OpenJDK8U-jdk_x64windows_hotspot.zip
   • updates.zip
9. If you are using a Web server, copy the content of <APPIAN_HOME>/deployment/web.war to the folder where the Web server is getting the static resources. See Copy Static Resources to the Web Server for more information.
10. Run the configure script to deploy your environment's configuration and re-configure any node names previously set by the configure script tools.
11. Start Appian:
    1. Start the Appian Engines.
    2. Start the data server.
    3. Start the search server.
    4. Start the application server.

To determine if the Appian 22.2 Hotfix is deployed, open the build.info file located in <APPIAN_HOME>/conf/. The contents of this file should match the following code sample:

build.revision=729a745f612d10f20e415fd9fe49c07b0071b1f8
build.version=22.2.2240.0