Appian Hotfixes

This page lists all the recent hotfixes for Appian 23.1.

Appian Cloud customers can refer to MyAppian to see your latest hotfix version.

For self-managed customers, all hotfixes are released as a downloadable package bimonthly, at the beginning and middle of the month. The most recent package is as of 19 May 2023.

Cloud-only resolved issues

The following issues have been recently resolved in Appian Cloud 23.1 as of the date indicated. These hotfixes will be available for self-managed customers in the next bi-monthly package.

23.1.500.0 (01 Jun 2023)

  • Security Updates - Critical

  • AN-235533 - High
    Fixed a site startup issue.

  • AN-235114 - High
    Fixed an issue that caused existing Client Credentials for Web APIs to expire after a year when new Client Credentials were generated.

  • AN-233537 - High
    Upgrade Atlassian and Jettison Libraries

  • AN-234671 - Medium
    Performance updates for Portals that use a!queryRecordType, a!documentDownloadLink, a!documentViewerField, a!fileUploadField, fn!document,or a!documentViewerField. Performance will improve where there are more than 2 concurrent uses or users of each feature.

  • AN-219303 - Low
    Backporting metrics around design objects. low risk

Self-managed package (19 May 2023)

Self-managed customers can use the following links to download and install the hotfixes package. If you are managing Appian on Kubernetes, instead of using the links below, you'll need to upgrade to the latest Appian on Kubernetes images to apply the hotfixes.

This cumulative hotfix package includes all resolved issues listed below in a single download. This hotfix is required for any Appian 23.1 installations not currently up to date with the latest hotfixes. After installing, you will be running on Appian 23.1.475.0.

You can view your current self-managed Appian version by logging into your Appian environment as a designer or system administrator and clicking the navigation menu > About Appian.

The package resolves the following issues.

23.1.450.0 (19 May 2023)

  • Security Updates - Critical

  • AN-232003 - High
    Integrations no longer fail when using TLS 1.3

  • AN-231369 - High
    Upgraded Spring library

  • AN-230001 - High
    Updated Clojure library

  • AN-226471 - High
    Upgraded reload4j library

  • AN-231563 - Medium
    Fixed an caching issue that was impacting performance.

  • AN-230345 - Medium
    Fixed an issue with groups that have an expression defining "Visibility" where group members were being redirected to Tempo when clicking a task link in an email instead of being directed to the URL configured as the group's "User Start Page".

  • AN-227824 - Medium
    Resolved an issue with Generate Record Actions that could occur when users did not have access to related Record Types.

  • AN-234594 - Low
    Upgrading Redisson Client

  • AN-234223 - Low
    Fixes ADS debug logging issue.

23.1.425.0 (11 May 2023)

  • Security Updates - High

  • AN-232615 - High
    Security improvements

  • AN-232228 - High
    Updated Jackson Databind Library

  • AN-231242 - High
    Upgraded Woodstox library

  • AN-233982 - Medium
    For portals, HTTP integrations that do not use connected systems now function without error.

  • AN-233855 - Medium
    Upgraded Spring library

  • AN-233239 - Low
    Better handling of exceptions thrown while processing write requests in ADS.

  • AN-232037 - Low
    Upgraded Liquibase to patch release v4.21.1.

  • AN-229837 - Low
    Fixed an issues where some codeless data modeling issues were not being properly recorded in the codeless-data-modeling.log file.

  • AN-229296 - Low
    Fixed an issue with certificate regeneration in the "Connected Environments" feature where the generated certificate was attributed to "Administrator" instead of the user who initiated the regeneration.

23.1.400.0 (04 May 2023)

  • Security Updates - High

  • AN-231359 - Critical
    Fixed an issue that caused intermittent "Cannot read properties of null (reading 'getIn')" errors during user site interaction.

  • AN-233312 - High
    Fixed a race condition that caused process nodes to intermittently remain in "Not Started" status.

  • AN-231979 - Medium
    Fixed a bug that caused the "Test Connection" button in the Document Extraction tab of the Administration Console to display an error message for some Google accounts.

  • AN-229840 - Medium
    Fixed an issue that caused Process Variables created from an Interface to be displayed with Type as "[Not Visible]" under Process Model Properties in the Process Modeler.

  • AN-225171 - Low
    Saving edits in Codeless Data Modeling no longer produces warning messages in tomcat-stdOut.log.

23.1.375.0 (28 Apr 2023)

  • Security Updates - High

  • AN-231606 - Medium
    Resolved an issue with users not getting logged out during a maintenance window.

  • AN-222925 - Medium
    Updated google-cloud-core-http library

  • AN-229971 - Low
    Reduced service manager shutdown time for customers managing Appian on Kubernetes.

23.1.345.0 (20 Apr 2023)

  • Security Updates - High

  • AN-230557 - High
    Some environments had access to develop and manage portals when they should not have. We've fixed the issue so that only organizations with a license to use Appian Portals have access.

  • AN-223083 - High
    Removed xalan library

23.1.320.0 (13 Apr 2023)

  • Security Updates - High

  • AN-230038 - High
    Updates to Woodstox core asl library

  • AN-229036 - High
    Updates to jackson core, jackson databind, and jackson annotation libraries

  • AN-227726 - Medium
    Hibernate ORM was updated to the new maintenance release 5.6.15.Final.

  • AN-226130 - Medium
    Fixed an issue that prevented users from using codeless data modeling to create tables that included relationships to a record type with another source.

  • AN-218781 - Medium
    Added a log that aggregates metrics by the data source and procedure name that are input when using the Execute Stored Procedure feature.

  • AN-230273 - Low
    Fixed an issue where an invalid datetime format displays in the application information pane of Explore view if the locale is set to English (UK). (06 Apr 2023)

  • Security Updates - Critical

  • AN-226331 - High
    Update Apache commons-fileupload library

  • AN-230158 - Medium
    The time out for syncs triggered by the Write to Data Store Entity or the Write to Multiple Data Store Entities smart services is now configurable via a site property. If a full sync consistently fails on your record type because multiple writes are being performed at the same time as the full sync, you can configure longer sync timeouts for these smart services to prevent the full sync from failing.

  • AN-229993 - Medium
    For Cloud Database, increased max_input_vars value to 2000 to prevent runtime errors from occurring in phpMyAdmin.

  • AN-227900 - Low
    Updated ADS error message to include additional information to help debug the failure. (31 Mar 2023)

  • Security Updates - Critical

  • AN-219989 - High
    Updated org.json library

  • AN-228321 - Medium
    Error logging for the Execute Stored Procedure Smart Service has been added to the Tomcat logs.

  • AN-228262 - Medium
    This enhancement improves the performance of database changes that are made to the source which are then automatically synced in Appian.

  • AN-227959 - Medium
    Classify Email Smart Service and ClassificationResult CDT now available. (23 Mar 2023)

  • Security Updates - High

  • AN-228759 - Critical
    Fixed an issue where publishing the datastore would fail if the table included a column of type timestamp with timezone.

  • AN-227747 - High
    Updated fasterxml.jackson and google.guava

  • AN-227457 - High
    Updated Netty Library

  • AN-211751 - Medium
    Fixed an issue that caused processes to auto-archive by default ignoring the AUTOARCHIVE setting.

  • AN-221502 - Low
    Improved Kafka's logging by suppressing redundant log entries. (16 Mar 2023)

  • Security Updates - Critical

  • CN-20152 - Critical
    Unsupported non-ASCII256 header values are converted to ?

  • AN-227752 - Critical
    Security Improvements

  • AN-227794 - High
    Addressing an issue which caused some evaluations of rv!record to incorrectly return null when referring to a User Record type.

  • AN-226788 - High
    Fixed an issue that could result in HA site failure when a site's primary engine becomes unavailable.

  • AN-220855 - High
    Updated Jackson libraries

  • AN-228188 - Medium
    For sync-enabled record types using Oracle as a data source, table synonyms are included in the list of tables to select as a sync source. In some environments the total number of available objects could result in performance issues in retrieving the list. It is now possible to query only tables if synonyms are not utilized by the application. Current implementations relying on using synonyms for sync-enabled record types should not utilize this option, and Customer Support can assist with an evaluation and implementation.

  • AN-228110 - Medium
    Fixes an issue with publishing portals when using a!queryRecordType() in the portal interface.

  • AN-226988 - Medium
    Fixed an issue where grid column widths were not respected when there was no grid header label specified on the column.

  • AN-227422 - Low
    Updated error message to be more descriptive. (09 Mar 2023)

  • Security Updates - Critical

  • AN-226222 - High
    Security Improvement

  • AN-218002 - Medium
    Appian Cloud Database now uses version 5.2.1 of phpMyAdmin.

  • CN-18110 - Low
    Fixed an issue that prevented shutdown of the Internal Messaging Service for some high availability sites.

  • AN-227526 - Low
    Portal pages url stubs now have a validation against using a single underscore.

  • AN-225133 - Low
    Fixed an issue that occurred when using the "in" operator in a!queryFilter to filter against a real-time custom field. (03 Mar 2023)

  • Security Updates - High

  • AN-223242 - Critical
    Updated jave protobuf, google cloud automl, jackson databind, google cloud core, and google cloud storage libraries within Google Connected Systems

  • AN-223122 - Medium
    The performance for searching records-powered grids has been improved by removing fields outside the grid from the search criteria.

  • AN-222300 - Low
    Configure Script now includes the ability to validate an installation. (24 Feb 2023)

  • Security Updates - High

  • AN-226160 - High
    Security Improvement

  • AN-211063 - High
    Removed extraneous log entries from the MirrorMaker log file to improve overall legibility.

  • AN-225494 - Medium
    Fixed an issue that was causing process model failures due to a previous database transaction that was incorrectly marked for rollback.

  • AN-224718 - Low
    Add additional handling to data service delete-kafka-topic script (17 Feb 2023)

  • Security Updates - Critical

  • AN-225355 - Critical
    The feature toggle and conf.recordsSync.syncRdbmsConnectionNetworkTimeoutMs property in can now be set permanently on Appian Cloud environments via an Appian Support case. The toggle enables the timeout property to be applied and the property configures the timeout value (in milliseconds) that will be applied whenever establishing a connection to the RDBMS.

  • AN-223910 - Critical
    Resolved a case sensitivity issue with auto-generated column names that that was impacting data store validation for DB2 and Oracle data sources.

  • AN-225317 - High
    The RDBMS networkTimeout has been turned off by default to eliminate disruptions for customers not experiencing network connection problems when communicating with their RDBMS. The default timeout has also been increased to from 30 seconds to 5 minutes when the feature toggle has been turned on. (09 Feb 2023)

  • Security Updates - Critical

  • AN-223923 - Medium
    Fixed an issue where Generate Record Action failed when certain locales were enabled.

  • AN-223680 - Medium
    Fixed an issue that was causing significant delays during the checkpoint storage process. (03 Feb 2023)

  • Security Updates - Critical

  • AN-221122 - Critical
    Removed references to the ConsumerConfig.addDeserializerToConfig and ProducerConfig.addSerializerToConfig methods due to deprecation in Kafka 3.3.1.

  • AN-223684 - High
    Fixed an issue which prevented newly-made Google reCAPTCHA projects from working in a reCAPTCHA Connected System.

  • AN-223402 - High
    Fixed an issue involving Oracle data stores that was impacting schema validation when a float type CDT field was referencing a numeric column type.

  • AN-223199 - High
    Prevent ADS issues due to Network Latency

  • AN-221245 - High
    Kafka Upgrade

  • AN-220449 - High
    Upgraded SnakeYAML Library

  • AN-222230 - Medium
    Fixed an issue involving Oracle data stores that was impacting schema validation when a text CDT field was referencing an "NCHAR" column type.

  • AN-223401 - Low
    Updated the engine startup script to include logging on script invocation time and passed parameters.

  • AN-222592 - Low
    Fixed an issue where process history replication factors were incorrect following a change in site topology from single node to high availability.


Perform the following steps to apply the hotfix:

  1. Stop Appian. See Starting and Stopping Appian for detailed instructions:
    1. Shut down the application server.
    2. Shut down the search server.
    3. Shut down the data server.
    4. Shutdown all Appian Engines, ensuring that the engines are checkpointed upon shutdown.
  2. Back up your existing Appian instance. See Backing Up Your Existing Appian Instance.
  3. Unzip the contents of the archive into your <APPIAN_HOME> directory.
  4. Run the deleteFiles script (deleteFiles.bat on Windows, on Linux) that is now located in your <APPIAN_HOME> directory.
    • If the script reports that some files were not deleted, address the reason for the failure (common causes listed below), and run it again until it no longer reports failed deletions.
    • Common causes of failed file deletion include:
    • The file is open in another window or process
    • The file is locked
    • You do not have permission to delete the file
  5. Unzip the contents of the archive that is now located your <APPIAN_HOME> directory.
  6. Run the installJdk script (installJdk.bat on Windows, on Linux).
  7. If you maintain customized or overridden Spring Security .xml files, merge them with the associated base files in the /deployment/web.war/WEB-INF/conf/security/ directory.
  8. Delete the deleteFiles scripts, the installJdk scripts, the OpenJDK .tar.gz and .zip files, and
  9. If you are using a Web server, copy the content of <APPIAN_HOME>/deployment/web.war to the folder where the Web server is getting the static resources. See Copy Static Resources to the Web Server for more information.
  10. Run the configure script to deploy your environment's configuration and re-configure any node names previously set by the configure script tools.
  11. Start Appian:
    1. Start the Appian Engines.
    2. Start the data server.
    3. Start the search server.
    4. Start the application server.

To determine if the Appian 23.1 Hotfix is deployed, open the file located in <APPIAN_HOME>/conf/. The contents of this file should match the following code sample:

Open in Github Built: Fri, Jun 02, 2023 (06:02:31 PM)

On This Page