This page lists all the recent hotfixes for Appian 22.2.
Note: Appian Cloud customers can refer to MyAppian to see your latest hotfix version.
For self-managed customers, all hotfixes are released as a downloadable package at the end of each week.
Self-managed customers can use the following links to download and install the hotfixes package. If you are managing Appian on Kubernetes, instead of using the links below, you'll need to upgrade to the latest Appian on Kubernetes images to apply the hotfixes.
This cumulative hotfix package includes all resolved issues listed below in a single download. This hotfix is required for any Appian 22.2 installations not currently up to date with the latest hotfixes. After installing, you will be running on Appian 22.2.2240.0.
You can view your current self-managed Appian version by logging into your Appian environment as a designer or system administrator and clicking the navigation menu > About Appian.
The package resolves the following issues.
Security Updates - High
AN-266346 - Medium
Apache Kafka upgrade to 3.7.0
AN-270014 - Medium
Search Server (Elasticsearch) is now upgraded to version 7.17.19.
Security Updates - High
AN-265887 - High
Upgraded atlassian library
AN-265165 - Low
Fixed an issues where engine process metrics were not properly collected.
Security Updates - Medium
AN-261813 - High
Resolved an issue to prevent cloud database replication failure in the HA configuration by setting the value of the slave_parallel_mode
variable to conservative.
Security Updates - Medium
AN-259725 - High
Upgraded ion-java library
Security Updates - Medium
AN-259435 - High
Removal of special characters (non alpha numeric) from the exception REST API response
Security Updates - High
AN-244356 - High
Upgraded Jackson Core , Databind and Annotations in Dynamics and Sharepoint Connected Systems
AN-264450 - High
Resolved an issue where phpMyAdmin failed to automatically log in users when a special character was set in the company.name
site property.
AN-258702 - Medium
Fixed an issue that caused embedded Appian to break for 1% of Google Chrome users, following a recent change by Google.
Security Updates - Critical
AN-257532 - Medium
Security Improvement
Security Updates - Critical
AN-263504 - High
Production release of AMP stratus log streaming migration
Security Updates - Medium
AN-261480 - Medium
Resolved an issue where the phpMyAdmin banner color was not properly displayed based on the configuration.
Security Updates - High
AN-255863 - Medium
Upgraded jackson databind in blueprism connected system
AN-255864 - Medium
Upgraded jackson libraries in salesforce-multi
AN-259099 - Medium
The ability to store and view attachments on a process was deprecated in the low-code platform version 16.3, and has now been removed from platform versions later than 21.4. This change fixes an issue hampering the opening of Portlet dialogs caused by this removal.
AN-256587 - Low
The ability to store and view attachments on a process was deprecated in the low-code platform version 16.3, and has now been removed from platform versions later than 21.4.
Security Updates - High
AN-255692 - High
Updated grpc, google cloud, jackson databind, jackson annotations and jackson core libraries
AN-245877 - Low
Set entity expansion limit to 100 for XML for import export functionality
Security Updates - Critical
AN-252629 - Low
Fixed an issue that caused requests to the data service to timeout during recovery from component failure.
Security Updates - High
AN-255533 - High
Search Server (Elasticsearch) is now upgraded to version 7.17.15.
AN-255482 - Medium
Updated xmlsec library to version 2.2.6
Security Updates - Critical
AN-251917 - Critical
Updated ActiveMq library
AN-255270 - High
Updated Jetty library to version 9.4.53.v20231009.
CN-25284 - High
Fixed and issue with session management for Appian Cloud.
AN-254029 - Low
Security Improvements
Security Updates - Critical
AN-249920 - Medium
Fixed an issue that prevented the slow log of the cloud database from being persisted on disk when restarting a site.
Security Updates - Critical
AN-250737 - High
Updates to google cloud, google cloud storage, jackson-databind, and grpc libraries within the Google Cloud Connected Systems
AN-249650 - Medium
Updated support for checkpoint script to be initiated from any node, not just the primary node.
Security Updates - Critical
AN-250045 - High
Fixed display of HTML elements as text in rich text editor for Send-Email body node in Process Model
AN-243892 - Low
Fixed an issue that was causing users to encounter error code 500 when trying to access the cloud database through phpMyAdmin.
Security Updates - High
AN-245611 - High
Security Improvement
AN-247910 - Medium
Fixed an issue that where a process would return an incorrect response instead of abort.
AN-249274 - Medium
Fixed an issue with defining the maximum checkpoint limit for Service Manager.
Security Updates - Low
AN-248721 - High
Fixed issue where process models could not be saved if HTML decoding in the message Body of the Send Email node occurred
Security Updates - High
AN-246311 - High
Updated third party libraries
AN-243743 - Medium
A maximum statement timeout of 12 hours is applied to all select
queries executed through the Enhanced Data Pipeline (EDP) to prevent Appian Cloud database restart issues caused by long innodb_history_list_length
.
Security Updates - Critical
AN-242849 - Low
TLS 1.1 has been disabled for Enhanced Data Pipeline due to various security issues. Refer to your tool’s documentation for instructions on connecting to an external database using TLS 1.2 or TLS 1.3. Alternatively, you can try adding the properties enabledSslProtocolSuites=TLSv1.2
and useSsl=true
to your database connection string.
Security Updates - High
AN-240370 - Medium
Updated Bouncy Castle library
AN-244680 - Medium
Updated guava library in the salesforce connected system
Security Updates - High
AN-238159 - High
Updates to Netty library
AN-244313 - High
Security Improvement
AN-207776 - Low
Updating time picker placeholder text for 24hr-based locales.
AN-234229 - Low
Security Improvement
AN-244525 - Low
Security Improvement
Security Updates - High
AN-237829 - High
Updated the guava, jackson databind, jackson core, and jackson annotations libraries.
AN-241110 - High
Updated spring security library
AN-219753 - Medium
Fixed an issue that allowed open redirects from being caught by validation.
AN-156340 - Low
Adding additional engine logging for troubleshooting
AN-241206 - Low
Adding additional logging for Kafka transaction writing for troubleshooting.
Security Updates - High
AN-243290 - High
Security Improvements
AN-236122 - Medium
Updated Google Cloud Libraries
AN-242736 - Medium
The data service query request size limit is now set to 5MB.
CN-23112 - Medium
Kakfa performance tuning
AN-242915 - Low
Resolved a Kafka startup issue for Windows users.
Security Updates - High
AN-240325 - Medium
Security Improvements
Security Updates - Critical
AN-240839 - Low
Fixed an issue where Kafka topics would not come online.
Security Updates - Critical
AN-240255 - High
Updated Guava Library in the Blueprism Connected System
AN-237999 - Medium
Fixed an issue where Kafka topics could not come online.
Security Updates - Critical
AN-223680 - Medium
Fixed an issue that was causing significant delays during the checkpoint storage process.
AN-237908 - Medium
Updates to bouncycastle in Docusign connected system
AN-240883 - Low
Configuring future support of kRaft.
Security Updates - Critical
AN-225107 - Critical
Updated Snakeyaml Library
AN-226846 - Critical
Updated Snakeyaml library
Security Updates - Critical
AN-238140 - Critical
Security Improvement
AN-203023 - Medium
Updated POI Library
AN-221295 - Low
Updating MirrorMaker support for Appian on Kubernetes customers.
AN-234393 - Low
Updated Service Manager start script to support manual transaction replay.
Security Updates - Critical
AN-238270 - Critical
Resolved an issue that was causing intermittent "403 Forbidden" errors when accessing a User Start Page site
AN-217955 - High
Updated Mozilla Rhino version
AN-228346 - High
Updated Google Cloud Translate and Protobuf Libraries
AN-238044 - High
Secuity update
AN-237074 - Medium
Updates to CMIS Data Connector
Security Updates - Critical
AN-201242 - Medium
Updated Kafka server.log storage to now store up to 10 server.log files, 10MB in size each.
AN-232723 - Low
Enhanced Kakfka advertised listeners to support MirrorMaker
Security Updates - Critical
AN-223263 - High
Windows and Linux now use independent split installers.
AN-229662 - Low
Fixed a ZooKeeper leadership election bug that can result in write request rejections.
AN-234601 - Low
Fixed an issue with the webapp gracefully stopping.
Security Updates - Critical
AN-233537 - High
Upgrade Atlassian and Jettison Libraries
AN-235114 - High
Fixed an issue that caused existing Client Credentials for Web APIs to expire after a year when new Client Credentials were generated.
AN-234809 - Medium
Upgrading Tomcat Application Server to 9.0.x
AN-234223 - Low
Fixes ADS debug logging issue.
Security Updates - High
AN-232634 - High
Upgraded Elasticsearch to version 7.17.9.
Security Updates - Critical
AN-226471 - High
Upgraded reload4j library
AN-230001 - High
Updated Clojure library
AN-231369 - High
Upgraded Spring library
AN-232003 - High
Integrations no longer fail when using TLS 1.3
AN-230345 - Medium
Fixed an issue with groups that have an expression defining "Visibility" where group members were being redirected to Tempo when clicking a task link in an email instead of being directed to the URL configured as the group's "User Start Page".
AN-231563 - Medium
Fixed an caching issue that was impacting performance.
AN-234594 - Low
Upgrading Redisson Client
Security Updates - High
AN-231242 - High
Upgraded Woodstox library
AN-232228 - High
Updated Jackson Databind Library
AN-233855 - Medium
Upgraded Spring library
AN-229296 - Low
Fixed an issue with certificate regeneration in the "Connected Environments" feature where the generated certificate was attributed to "Administrator" instead of the user who initiated the regeneration.
AN-232037 - Low
Upgraded Liquibase to patch release v4.21.1.
Security Updates - High
AN-231359 - Critical
Fixed an issue that caused intermittent "Cannot read properties of null (reading 'getIn')" errors during user site interaction.
AN-232615 - High
Security improvements
AN-233239 - Low
Better handling of exceptions thrown while processing write requests in ADS.
Security Updates - High
AN-232946 - High
Bug fix in expression deserialization that threw unnecessary Invalid Byte Exception
AN-222925 - Medium
Updated google-cloud-core-http library
AN-229971 - Low
Reduced service manager shutdown time for customers managing Appian on Kubernetes.
Security Updates - High
AN-223083 - High
Removed xalan library
AN-230557 - High
Some environments had access to develop and manage portals when they should not have. We've fixed the issue so that only organizations with a license to use Appian Portals have access.
Security Updates - High
AN-229036 - High
Updates to jackson core, jackson databind, and jackson annotation libraries
AN-230038 - High
Updates to Woodstox core asl library
AN-229685 - Low
Security Improvements
Security Updates - Critical
AN-226331 - High
Update Apache commons-fileupload library
AN-229993 - Medium
For Cloud Database, increased max_input_vars value to 2000 to prevent runtime errors from occurring in phpMyAdmin.
Security Updates - Critical
AN-228562 - High
Security Improvement
AN-228321 - Medium
Error logging for the Execute Stored Procedure Smart Service has been added to the Tomcat logs.
AN-227900 - Low
Updated ADS error message to include additional information to help debug the failure.
Security Updates - High
AN-227457 - High
Updated Netty Library
AN-227747 - High
Updated fasterxml.jackson and google.guava
AN-211751 - Medium
Fixed an issue that caused processes to auto-archive by default ignoring the AUTOARCHIVE custom.property setting.
AN-221502 - Low
Improved Kafka's logging by suppressing redundant log entries.
Security Updates - Critical
AN-227752 - Critical
Security Improvements
CN-20152 - Critical
Unsupported non-ASCII256 header values are converted to ?
AN-220855 - High
Updated Jackson libraries
AN-226788 - High
Fixed an issue that could result in HA site failure when a site's primary engine becomes unavailable.
AN-227793 - Medium
Fixed a bug where generating a record action with a data type and data store would fail.
AN-227422 - Low
Updated error message to be more descriptive.
Security Updates - Critical
AN-218002 - Medium
Appian Cloud Database now uses version 5.2.1 of phpMyAdmin.
Security Updates - High
AN-223242 - Critical
Updated jave protobuf, google cloud automl, jackson databind, google cloud core, and google cloud storage libraries within Google Connected Systems
AN-211063 - High
Removed extraneous log entries from the MirrorMaker log file to improve overall legibility.
AN-226698 - High
Security Improvements
AN-222300 - Low
Configure Script now includes the ability to validate an installation.
Security Updates - High
AN-226155 - High
CVE Fixed on Jaeger Agent image
AN-226160 - High
Security Improvement
AN-224718 - Low
Add additional handling to data service delete-kafka-topic script
Security Updates - Critical
AN-225355 - Critical
The appian.feature.ae.record-access-management.set-rdbms-connector-network-timeout feature toggle and conf.recordsSync.syncRdbmsConnectionNetworkTimeoutMs property in custom.properties can now be set permanently on Appian Cloud environments via an Appian Support case. The toggle enables the timeout property to be applied and the property configures the timeout value (in milliseconds) that will be applied whenever establishing a connection to the RDBMS.
AN-225317 - High
The RDBMS networkTimeout has been turned off by default to eliminate disruptions for customers not experiencing network connection problems when communicating with their RDBMS. The default timeout has also been increased to from 30 seconds to 5 minutes when the feature toggle has been turned on.
Security Updates - Critical
AN-222592 - Low
Fixed an issue where process history replication factors were incorrect following a change in site topology from single node to high availability.
CN-18110 - Low
Fixed an issue that prevented shutdown of the Internal Messaging Service for some high availability sites.
Security Updates - Critical
AN-221245 - High
Kafka Upgrade
AN-223199 - High
Prevent ADS issues due to Network Latency
AN-223684 - High
Fixed an issue which prevented newly-made Google reCAPTCHA projects from working in a reCAPTCHA Connected System.
AN-223646 - Medium
Check if ADS components are up-to-date
Perform the following steps to apply the hotfix:
<APPIAN_HOME>
directory.<APPIAN_HOME>
directory.
<APPIAN_HOME>
directory.Windows
<APPIAN_HOME>/deployment/web.war
to the folder where the Web server is getting the static resources. See Copy Static Resources to the Web Server for more information.To determine if the Appian 22.2 Hotfix is deployed, open the build.info file located in <APPIAN_HOME>/conf/
. The contents of this file should match the following code sample:
build.revision=729a745f612d10f20e415fd9fe49c07b0071b1f8 build.version=22.2.2240.0