This page lists all the recent hotfixes for Appian 22.4.
Appian Cloud customers can refer to MyAppian to see your latest hotfix version.
For self-managed customers, all hotfixes are released as a downloadable package bimonthly, at the beginning and middle of the month. The most recent package is as of 14 Sep 2023.
Self-managed customers can use the following links to download and install the hotfixes package. If you are managing Appian on Kubernetes, instead of using the links below, you'll need to upgrade to the latest Appian on Kubernetes images to apply the hotfixes.
This cumulative hotfix package includes all resolved issues listed below in a single download. This hotfix is required for any Appian 22.4 installations not currently up to date with the latest hotfixes. After installing, you will be running on Appian 22.4.1165.0.
You can view your current self-managed Appian version by logging into your Appian environment as a designer or system administrator and clicking the navigation menu > About Appian.
The package resolves the following issues.
Security Updates - High
AN-244680 - Medium
Updated guava library in the salesforce connected system
AN-243030 - Medium
Fixed an issue where transactions executed in an Execute Stored Procedure Smart Service or function weren't getting rolled back when auto-commit was set to false after encountering an exception.
AN-240370 - Medium
Updated Bouncy Castle library
Security Updates - High
AN-244313 - High
Security Improvement
AN-238159 - High
Updates to Netty library
AN-244149 - Medium
Fixed an issue to ensure consistent error handling behavior between platform versions when using the @Version annotation in a CDT XSD to prevent lost update anomalies.
AN-244525 - Low
Security Improvement
AN-234229 - Low
Security Improvement
AN-207776 - Low
Updating time picker placeholder text for 24hr-based locales.
Security Updates - High
AN-241110 - High
Updated spring security library
AN-237829 - High
Updated the guava, jackson databind, jackson core, and jackson annotations libraries.
AN-219753 - Medium
Fixed an issue that allowed open redirects from being caught by validation.
AN-241206 - Low
Adding additional logging for Kafka transaction writing for troubleshooting.
AN-156340 - Low
Adding additional engine logging for troubleshooting
Security Updates - High
AN-243290 - High
Security Improvements
CN-23112 - Medium
Kakfa performance tuning
AN-242736 - Medium
The data service query request size limit is now set to 5MB.
AN-236122 - Medium
Updated Google Cloud Libraries
AN-242915 - Low
Resolved a Kafka startup issue for Windows users.
Security Updates - High
AN-240325 - Medium
Security Improvements
Security Updates - Critical
AN-240839 - Low
Fixed an issue where Kafka topics would not come online.
Security Updates - Critical
AN-240255 - High
Updated Guava Library in the Blueprism Connected System
AN-237999 - Medium
Fixed an issue where Kafka topics could not come online.
Security Updates - Critical
AN-237908 - Medium
Updates to bouncycastle in Docusign connected system
AN-240883 - Low
Configuring future support of kRaft.
Security Updates - Critical
AN-226846 - Critical
Updated Snakeyaml library
AN-225107 - Critical
Updated Snakeyaml Library
AN-239359 - High
Fixed an issue where an incompatible plug-in upgrade could be deployed via the Admin Console.
AN-238149 - High
Fixed an issue to support MirrorMaker for Appian on Kubernetes customers.
AN-235860 - High
Updating Admin Console Plug-ins page logic for Appian Cloud users to show all AppMarket plug-ins, but block unsupported ones from being deployed.
AN-235128 - High
Introduced disk safeguards for heap dump creation.
AN-239337 - Medium
Resolves an issue where under certain conditions variables configured to refresh on an interval stopped refreshing.
AN-223680 - Medium
Fixed an issue that was causing significant delays during the checkpoint storage process.
Security Updates - Critical
AN-238140 - Critical
Security Improvement
AN-237944 - Medium
Created a new 'logsv2' action in Cleanup Script which will clean up all old log files, including log files created after the inception of the logs action.
AN-203023 - Medium
Updated POI Library
AN-234393 - Low
Updated Service Manager start script to support manual transaction replay.
AN-221295 - Low
Updating MirrorMaker support for Appian on Kubernetes customers.
Security Updates - Critical
AN-238270 - Critical
Resolved an issue that was causing intermittent "403 Forbidden" errors when accessing a User Start Page site
AN-238044 - High
Secuity update
AN-236160 - High
Fixed an issue where saving into record type process variables with complex relationships caused performance degradation that sometimes led to the process modeler being unusable.
AN-228346 - High
Updated Google Cloud Translate and Protobuf Libraries
AN-217955 - High
Updated Mozilla Rhino version
AN-237816 - Medium
Added a removal notice to the Portals Publishing Manager. Support for the Portals Publishing Manager will be removed on all versions on July 31st.
AN-237074 - Medium
Updates to CMIS Data Connector
Security Updates - Critical
AN-235986 - Medium
Fixed an issue where the search response content length exceeded the default limit of 100MB. The maximum query response content length on search server client calls is now configurable through conf.ia.QUERY_RESPONSE_LIMIT_IN_BYTES property.
AN-201242 - Medium
Updated Kafka server.log storage to now store up to 10 server.log files, 10MB in size each.
AN-232723 - Low
Enhanced Kakfka advertised listeners to support MirrorMaker
Security Updates - Critical
AN-223263 - High
Windows and Linux now use independent split installers.
AN-234601 - Low
Fixed an issue with the webapp gracefully stopping.
AN-229662 - Low
Fixed a ZooKeeper leadership election bug that can result in write request rejections.
Security Updates - Critical
AN-236395 - High
Fixed an issue where the Tomcat garbage collection logs were being written to the wrong folder.
AN-231566 - High
Upgraded ICU library to 73.1
AN-235985 - Medium
Added new debug logging to help troubleshoot an issue where a scheduled full sync failed due to a uniqueness constraint.
AN-234932 - Medium
Fixed an issue which resulted in intermittent "branch with the given id does not exist" errors when attempting to write data to the data service.
Security Updates - Critical
AN-235533 - High
Fixed a site startup issue.
AN-235114 - High
Fixed an issue that caused existing Client Credentials for Web APIs to expire after a year when new Client Credentials were generated.
AN-233537 - High
Upgrade Atlassian and Jettison Libraries
AN-234809 - Medium
Upgrading Tomcat Application Server to 9.0.x
Security Updates - High
AN-234612 - High
Add new logging to better understand the problem and get to the root of it.
AN-232634 - High
Upgraded Elasticsearch to version 7.17.9.
AN-234671 - Medium
Performance updates for Portals that use a!queryRecordType, a!documentDownloadLink, a!documentViewerField, a!fileUploadField, fn!document,or a!documentViewerField. Performance will improve where there are more than 2 concurrent uses or users of each feature.
AN-234651 - Medium
AI Skill Designer Save Changes button correctly changes state after saving.
AN-219303 - Low
Backporting metrics around design objects. low risk
Security Updates - Critical
AN-232003 - High
Integrations no longer fail when using TLS 1.3
AN-231369 - High
Upgraded Spring library
AN-230001 - High
Updated Clojure library
AN-226471 - High
Upgraded reload4j library
AN-231563 - Medium
Fixed an caching issue that was impacting performance.
AN-230345 - Medium
Fixed an issue with groups that have an expression defining "Visibility" where group members were being redirected to Tempo when clicking a task link in an email instead of being directed to the URL configured as the group's "User Start Page".
AN-227824 - Medium
Resolved an issue with Generate Record Actions that could occur when users did not have access to related Record Types.
AN-234594 - Low
Upgrading Redisson Client
AN-234223 - Low
Fixes ADS debug logging issue.
Security Updates - High
AN-232228 - High
Updated Jackson Databind Library
AN-231242 - High
Upgraded Woodstox library
AN-233855 - Medium
Upgraded Spring library
AN-227824 - Medium
Resolved an issue with Generate Record Actions that could occur when users did not have access to related Record Types.
AN-232037 - Low
Upgraded Liquibase to patch release v4.21.1.
AN-229296 - Low
Fixed an issue with certificate regeneration in the "Connected Environments" feature where the generated certificate was attributed to "Administrator" instead of the user who initiated the regeneration.
Security Updates - High
AN-231359 - Critical
Fixed an issue that caused intermittent "Cannot read properties of null (reading 'getIn')" errors during user site interaction.
AN-232615 - High
Security improvements
AN-231979 - Medium
Fixed a bug that caused the "Test Connection" button in the Document Extraction tab of the Administration Console to display an error message for some Google accounts.
AN-229840 - Medium
Fixed an issue that caused Process Variables created from an Interface to be displayed with Type as "[Not Visible]" under Process Model Properties in the Process Modeler.
AN-233239 - Low
Better handling of exceptions thrown while processing write requests in ADS.
Security Updates - High
AN-231606 - Medium
Resolved an issue with users not getting logged out during a maintenance window.
AN-222925 - Medium
Updated google-cloud-core-http library
AN-229971 - Low
Reduced service manager shutdown time for customers managing Appian on Kubernetes.
Security Updates - High
AN-230557 - High
Some environments had access to develop and manage portals when they should not have. We've fixed the issue so that only organizations with a license to use Appian Portals have access.
AN-223083 - High
Removed xalan library
Security Updates - High
AN-230038 - High
Updates to Woodstox core asl library
AN-229036 - High
Updates to jackson core, jackson databind, and jackson annotation libraries
AN-227726 - Medium
Hibernate ORM was updated to the new maintenance release 5.6.15.Final.
AN-218781 - Medium
Added a log that aggregates metrics by the data source and procedure name that are input when using the Execute Stored Procedure feature.
AN-229685 - Low
Security Improvements
Security Updates - Critical
AN-229667 - High
Fixed a race condition issue with activity chained nodes which caused an executing process to stall under certain conditions.
AN-226331 - High
Update Apache commons-fileupload library
AN-230158 - Medium
The time out for syncs triggered by the Write to Data Store Entity or the Write to Multiple Data Store Entities smart services is now configurable via a site property. If a full sync consistently fails on your record type because multiple writes are being performed at the same time as the full sync, you can configure longer sync timeouts for these smart services to prevent the full sync from failing.
AN-229993 - Medium
For Cloud Database, increased max_input_vars value to 2000 to prevent runtime errors from occurring in phpMyAdmin.
AN-227900 - Low
Updated ADS error message to include additional information to help debug the failure.
Security Updates - Critical
AN-219989 - High
Updated org.json library
AN-228321 - Medium
Error logging for the Execute Stored Procedure Smart Service has been added to the Tomcat logs.
AN-228262 - Medium
This enhancement improves the performance of database changes that are made to the source which are then automatically synced in Appian.
AN-227959 - Medium
Classify Email Smart Service and ClassificationResult CDT now available.
Security Updates - High
AN-227747 - High
Updated fasterxml.jackson and google.guava
AN-227457 - High
Updated Netty Library
AN-211751 - Medium
Fixed an issue that caused processes to auto-archive by default ignoring the AUTOARCHIVE custom.property setting.
AN-221502 - Low
Improved Kafka's logging by suppressing redundant log entries.
Security Updates - Critical
CN-20152 - Critical
Unsupported non-ASCII256 header values are converted to ?
AN-227752 - Critical
Security Improvements
AN-226788 - High
Fixed an issue that could result in HA site failure when a site's primary engine becomes unavailable.
AN-220855 - High
Updated Jackson libraries
AN-227422 - Low
Updated error message to be more descriptive.
Security Updates - Critical
AN-227794 - High
Addressing an issue which caused some evaluations of rv!record to incorrectly return null when referring to a User Record type.
AN-226988 - Medium
Fixed an issue where grid column widths were not respected when there was no grid header label specified on the column.
Security Updates - Critical
AN-222143 - Medium
Fixed an issue where querying multiple related record type fields was evaluating a single security expression multiple times instead of one time.
AN-218002 - Medium
Appian Cloud Database now uses version 5.2.1 of phpMyAdmin.
Security Updates - High
AN-223242 - Critical
Updated jave protobuf, google cloud automl, jackson databind, google cloud core, and google cloud storage libraries within Google Connected Systems
AN-226698 - High
Security Improvements
AN-226222 - High
Security Improvement
AN-225133 - Low
Fixed an issue that occurred when using the "in" operator in a!queryFilter to filter against a real-time custom field.
AN-222300 - Low
Configure Script now includes the ability to validate an installation.
Security Updates - High
AN-226850 - High
Resolved an issue introduced by the recent Hibernate ORM 5 upgrade that was causing errors during the verification and publishing of data stores.
AN-211063 - High
Removed extraneous log entries from the MirrorMaker log file to improve overall legibility.
AN-223122 - Medium
The performance for searching records-powered grids has been improved by removing fields outside the grid from the search criteria.
Security Updates - High
AN-226160 - High
Security Improvement
AN-226155 - High
CVE Fixed on Jaeger Agent image
AN-225494 - Medium
Fixed an issue that was causing process model failures due to a previous database transaction that was incorrectly marked for rollback.
AN-224718 - Low
Add additional handling to data service delete-kafka-topic script
Security Updates - Critical
AN-225355 - Critical
The appian.feature.ae.record-access-management.set-rdbms-connector-network-timeout feature toggle and conf.recordsSync.syncRdbmsConnectionNetworkTimeoutMs property in custom.properties can now be set permanently on Appian Cloud environments via an Appian Support case. The toggle enables the timeout property to be applied and the property configures the timeout value (in milliseconds) that will be applied whenever establishing a connection to the RDBMS.
AN-223910 - Critical
Resolved a case sensitivity issue with auto-generated column names that that was impacting data store validation for DB2 and Oracle data sources.
AN-225317 - High
The RDBMS networkTimeout has been turned off by default to eliminate disruptions for customers not experiencing network connection problems when communicating with their RDBMS. The default timeout has also been increased to from 30 seconds to 5 minutes when the feature toggle has been turned on.
Security Updates - Critical
AN-223923 - Medium
Fixed an issue where Generate Record Action failed when certain locales were enabled.
CN-18110 - Low
Fixed an issue that prevented shutdown of the Internal Messaging Service for some high availability sites.
AN-223401 - Low
Updated the engine startup script to include logging on script invocation time and passed parameters.
AN-222592 - Low
Fixed an issue where process history replication factors were incorrect following a change in site topology from single node to high availability.
Security Updates - Critical
AN-223684 - High
Fixed an issue which prevented newly-made Google reCAPTCHA projects from working in a reCAPTCHA Connected System.
AN-223199 - High
Prevent ADS issues due to Network Latency
AN-221245 - High
Kafka Upgrade
AN-223646 - Medium
Check if ADS components are up-to-date
AN-220693 - Medium
For Appian Cloud customers who have a dedicated database node, the default range of read and write I/O threads is now set to be between 4 and the total number of CPUs on the database node divided by 2. Customers who have dedicated database nodes will experience performance improvement from this update.
AN-223402 - High
Fixed an issue involving Oracle data stores that was impacting schema validation when a float type CDT field was referencing a numeric column type.
AN-220449 - High
Upgraded SnakeYAML Library
AN-198434 - High
Corrected an accessibility issue with dropdowns and pickers to allow correct information about the controls to be conveyed to assistive technologies such as screen readers.
Security Updates - Low
AN-221122 - Critical
Removed references to the ConsumerConfig.addDeserializerToConfig and ProducerConfig.addSerializerToConfig methods due to deprecation in Kafka 3.3.1.
AN-222318 - Medium
Fixed an issue in Portal Forms Designer that prevented Document fields from rendering properly when opened in Microsoft Edge on IE Compatibility Mode.
AN-219648 - Medium
Viewing dependents of record fields and record relationships now properly include record field and relationship references that are referenced in record type constructors.
AN-218227 - Low
Improved ADS logging when it is run as a service.
AN-222230 - Medium
Fixed an issue involving Oracle data stores that was impacting schema validation when a text CDT field was referencing an "NCHAR" column type.
AN-220685 - Medium
A 30 second timeout has been added to database connections during full record type syncs to enable graceful failures and prevent syncs from becoming 'stuck' indefinitely.
AN-218961 - Low
Process models are now able to be saved using "Save As" in all supported languages.
Security Updates - Low
AN-222133 - Critical
Fixed an issue involving Microsoft SQL Server data stores that was impacting schema validation when a boolean CDT field was referencing a "BIT" column type.
AN-218809 - Medium
For the Appian Cloud MariaDB database, ANALYZE TABLE command is now run for all the tables at the site start up.
AN-217357 - Low
For Appian Cloud MariaDB database, transaction isolation level has been set to read-committed for phpMyAdmin connections.
AN-202061 - Low
Fixed an issue with interface data field errors where users were instructed to use an invalid date format.
Security Updates - Low
AN-220838 - Critical
For sites that use an Oracle data source, resolved an issue that was causing Data Store validation to fail when an entity was defined using a synonym.
AN-221315 - Medium
Resolved an issue with the a!executeStoredProcedureOnSave function that led to failures in which a corresponding error message was not correctly generated.
AN-220626 - Medium
The property conf.monitoring.rdbms.SLOW_QUERY_THRESHOLD_MS in custom.properties can now be set permanently on Appian Cloud environments via an Appian Support case. This property configures the threshold value (in milliseconds) that logs a slow query operation by data store.
AN-220114 - Medium
Process deletion now uses memory more efficiently. Prior to this fix, deleting a large number of processes would cause high heap memory utilization.
AN-219912 - Medium
Appian Cloud now uses the 42.5.1 version of the JDBC Driver for PostgreSQL Database.
Security Updates - Critical
AN-220177 - Medium
Security Improvements
AN-219995 - High
Security Improvement
AN-216082 - Medium
Fix an issue that caused file upload failures for files with MIME types containing parameters.
AN-218784 - Low
MariaDB database in Appian Cloud received a minor version upgrade to 10.6.11
Security Updates - Critical
AN-218450 - High
Removed the Apache Xalan Java library. If you have developed any plug-ins that depend on Apache Xalan, you will need to update them to remove or replace the use of this library. If you don't update them, they will stop working when plug-in users upgrade.
AN-219086 - Medium
Prevents ADS Edge Case
AN-218553 - Medium
Add log messages in the application server log for when the record data source configuration is invalid to aid in troubleshooting.
AN-217700 - Medium
Fixed an issue that caused intermittent "Cannot read properties of null (reading 'getIn')" errors during user site interaction.
AN-219665 - Low
Prevents data server edge case
AN-219501 - Low
SAIL Debug Logging for Casting Code
AN-219453 - Low
Interfaces and expression rules generated by record actions wizard now use proper naming convention
AN-218956 - Low
Fixed an issue where outdated gif icons would display. Now if no svgs are detected we will fallback to the default svg icon.
AN-218855 - Low
Prevents ADS Edge Case
Security Updates - Critical
AN-219070 - High
Fixed an issue in the Appian 22.3 upgrade that caused certain settings on the Appian Authentication tab in the Admin Console to be reset to their default values in some cases. After upgrading to 22.3, please verify that all Appian Authentication settings are correctly set in the Admin Console.
AN-218220 - High
Fixed an issue that prevented MariaDB from starting up on a distributed topology Appian Cloud environment with database encryption enabled.
AN-217400 - High
Fixed an issue that displayed AppMarket plug-in alerts for self-managed systems.
AN-213666 - High
Upgrade SnakeYAML Library
AN-218950 - Medium
Fixed an issue where Salesforce-backed record types were not showing the Salesforce logo in the Record Relationship Diagram.
AN-215852 - Medium
Request/Response logs are now able to be created on both Windows and Unix OS machines (previously failing for Windows OS machines due to file path issue)
AN-214213 - Medium
Upgraded OpenPDF from version 1.3.26 to 1.3.30 to provide support for additional encryption types.
AN-218847 - Low
Increase process count for the ADS docker container
AN-216864 - Low
Fixed an issue where decimals contained in a Record Type are converted to text when exported to Excel.
AN-215914 - Low
Security Improvement
AN-190586 - Low
Kubernetes customers can change their RTS count based on a property
Security Updates - Critical
AN-215827 - High
Fixed an issue caused by the new Jakarta Mail library that resulted in emails sent by processes to drop their attachment extensions.
AN-214528 - High
Fixed an issue where timestamps appear incorrectly in the Applications view when the environment is set to certain locale and calendar configurations.
AN-215834 - Medium
Security Improvement
AN-214491 - Medium
Execute stored procedure smart service and functions now correctly call the referred admin console data source even if a Tomcat data source with the same name exists in the environment. The behavior introduced by this hotfix can be reverted via a Support case if desired.
AN-214461 - Medium
Fixed an issue where Start and Stop script permissions were incorrectly set after applying a hotfix.
AN-212535 - Medium
Fixed an issue where file uploads freeze when a file upload component is embedded in an editable grid.
Perform the following steps to apply the hotfix:
<APPIAN_HOME> directory.
<APPIAN_HOME> directory.
<APPIAN_HOME> directory.<APPIAN_HOME>/deployment/web.war to the folder where the Web server is getting the static resources. See Copy Static Resources to the Web Server for more information.To determine if the Appian 22.4 Hotfix is deployed, open the build.info file located in <APPIAN_HOME>/conf/. The contents of this file should match the following code sample:
build.revision=da0422e52ad67386cfabbd4faa439c2527ef1ba3 build.version=22.4.1165.0
