Free cookie consent management tool by TermsFeed Appian Hotfixes [Hotfixes]
Appian Hotfixes

This page lists all the recent hotfixes for Appian 23.3.

Appian Cloud customers can refer to MyAppian to see your latest hotfix version.

For self-managed customers, all hotfixes are released as a downloadable package bimonthly, at the beginning and middle of the month. The most recent package is as of 17 Nov 2023.

Self-managed package (17 Nov 2023)

Self-managed customers can use the following links to download and install the hotfixes package. If you are managing Appian on Kubernetes, instead of using the links below, you'll need to upgrade to the latest Appian on Kubernetes images to apply the hotfixes.

This cumulative hotfix package includes all resolved issues listed below in a single download. This hotfix is required for any Appian 23.3 installations not currently up to date with the latest hotfixes. After installing, you will be running on Appian 23.3.492.0.

You can view your current self-managed Appian version by logging into your Appian environment as a designer or system administrator and clicking the navigation menu > About Appian.

The package resolves the following issues.

23.3.492.0 (17 Nov 2023)

  • AN-254031 - High
    Resolved an issue with High Availability Appian Cloud sites not being able to deactivate users.

23.3.491.0 (16 Nov 2023)

  • Security Updates - Critical

  • AN-251762 - High
    Reduces the volume of logs generated by certain long-running evaluations.

  • AN-251203 - Medium
    Added two custom properties which control retry behavior in the event the underlying database update or insert statement encounters a deadlock as part of a Write Records transaction.

  • AN-249920 - Medium
    Fixed an issue that prevented the slow log of the cloud database from being persisted on disk when restarting a site.

23.3.466.0 (10 Nov 2023)

  • Security Updates - Critical

  • AN-250737 - High
    Updates to google cloud, google cloud storage, jackson-databind, and grpc libraries within the Google Cloud Connected Systems

  • AN-249650 - Medium
    Updated support for checkpoint script to be initiated from any node, not just the primary node.

23.3.441.0 (03 Nov 2023)

  • Security Updates - High

  • AN-245003 - High
    Fixed an issue that prevented some documents from being rendered properly in the reconciliation task when opening the task from a record action or the process modeler debug view.

  • AN-249578 - Medium
    Fixed an issue that caused a migration in the execution engine to fail due to certain work items, preventing the upgrade to Appian 22.4 and later versions.

23.3.420.0 (26 Oct 2023)

  • Security Updates - Critical

  • AN-251116 - High
    Fixed an issues where logs were not rotating.

  • AN-250045 - High
    Fixed display of HTML elements as text in rich text editor for Send-Email body node in Process Model

  • AN-243892 - Low
    Fixed an issue that was causing users to encounter error code 500 when trying to access the cloud database through phpMyAdmin.

23.3.396.0 (20 Oct 2023)

  • Security Updates - High

  • AN-249274 - Medium
    Fixed an issue with defining the maximum checkpoint limit for Service Manager.

  • AN-249103 - Medium
    Fixed an issue that caused unnecessary processing time for some synced records queries that use Record-Level Security or apply filters within a logical expression using the "OR" operator.

  • AN-247910 - Medium
    Fixed an issue that where a process would return an incorrect response instead of abort.

23.3.376.0 (13 Oct 2023)

  • Security Updates - High

  • AN-248721 - High
    Fixed issue where process models could not be saved if HTML decoding in the message Body of the Send Email node occurred

  • AN-248677 - High
    Fixed an issue where the validation for sequence increment values failed when the primary key of an Oracle Data Store was configured to automatically increment a sequence value greater than one. This issue pertains to customers who are upgrading to version 22.4 or later. You have the option to enable site property in the to bypass this validation.

  • AN-248874 - Medium
    Robotic tasks and robot pools are now able to run on VPN-only environments.

  • AN-247518 - Medium
    Fixed issue where process node evaluation could trigger the Memory Circuit Breaker

  • AN-248145 - Low
    The memory limit applied to user interfaces throughout Appian is now configurable by Appian Support and will be persisted after a site restart.

23.3.350.0 (05 Oct 2023)

  • Security Updates - High

  • AN-248369 - Critical
    Fixed an issue where HTTP integrations using Google Service Account authentication didn't respect the HTTP proxy configuration

  • AN-246311 - High
    Updated third party libraries

  • AN-247428 - Medium
    Fixed an issue to ensure that users accessing a page within a page group from a mobile app could access the link to open the page in their mobile browser.

  • AN-243743 - Medium
    A maximum statement timeout of 12 hours is applied to all select queries executed through the Enhanced Data Pipeline (EDP) to prevent Appian Cloud database restart issues caused by long innodb_history_list_length.

23.3.325.0 (28 Sep 2023)

  • Security Updates - Critical

23.3.305.0 (21 Sep 2023)

  • Security Updates - Critical

  • AN-245611 - High
    Security Improvement

  • AN-246001 - Medium
    Fixed an issue that prevented upgrading to RHEL 7.x by reverting Holy Build Box version to 2.2.0

  • AN-245502 - Low
    Fixed an issue that caused occasional Kafka errors when restarting the data service.

  • AN-242849 - Low
    TLS 1.1 has been disabled for Enhanced Data Pipeline due to various security issues. Refer to your tool’s documentation for instructions on connecting to an external database using TLS 1.2 or TLS 1.3. Alternatively, you can try adding the properties enabledSslProtocolSuites=TLSv1.2 and useSsl=true to your database connection string. (14 Sep 2023)

  • Security Updates - High

  • AN-245148 - High
    Fixed an issue that could cause performance degradation or errors when using Compare & Deploy to deploy to target environments.

  • AN-245754 - Medium
    Fixed an issue that caused an incorrect inspection error to display when deploying robotic tasks that reference new groups.

  • AN-245631 - Medium
    Fixed an issue where the horizontal scrollbar in the process model was hidden by the site wide banner.

  • AN-244680 - Medium
    Updated guava library in the salesforce connected system

  • AN-243030 - Medium
    Fixed an issue where transactions executed in an Execute Stored Procedure Smart Service or function weren't getting rolled back when auto-commit was set to false after encountering an exception.

  • AN-240370 - Medium
    Updated Bouncy Castle library

  • AN-244685 - Low
    Fixed an issue where the entire header bar of a single page Helium style site was clickable. (07 Sep 2023)

  • Security Updates - High

  • AN-244313 - High
    Security Improvement

  • AN-241658 - High
    Fixed an issue where in some cases xpathsnippet() would return an error

  • AN-238159 - High
    Updates to Netty library

  • AN-244402 - Medium
    Fixed an issue where using Content APIs did not overwrite an existing document.

  • AN-244149 - Medium
    Fixed an issue to ensure consistent error handling behavior between platform versions when using the @Version annotation in a CDT XSD to prevent lost update anomalies.

  • AN-244525 - Low
    Security Improvement

  • AN-234229 - Low
    Security Improvement

  • AN-207776 - Low
    Updating time picker placeholder text for 24hr-based locales. (31 Aug 2023)

  • Security Updates - High

  • AN-244869 - Critical
    Delay the Primary Key Enforcement feature roll-out for new cloud sites using MariaDB as the business data source to a future release.

  • AN-241110 - High
    Updated spring security library

  • AN-237829 - High
    Updated the guava, jackson databind, jackson core, and jackson annotations libraries.

  • AN-219753 - Medium
    Fixed an issue that allowed open redirects from being caught by validation.

  • AN-241206 - Low
    Adding additional logging for Kafka transaction writing for troubleshooting.

  • AN-156340 - Low
    Adding additional engine logging for troubleshooting (24 Aug 2023)

  • Security Updates - Critical

  • AN-243290 - High
    Security Improvements

  • CN-23112 - Medium
    Kakfa performance tuning

  • AN-242767 - Medium
    Removed support for the Portals Publishing Manager application. All portals must be created and managed using Appian Designer.

  • AN-242736 - Medium
    The data service query request size limit is now set to 5MB.

  • AN-240325 - Medium
    Security Improvements

  • AN-236122 - Medium
    Updated Google Cloud Libraries

  • AN-242915 - Low
    Resolved a Kafka startup issue for Windows users. (18 Aug 2023)

  • Security Updates - Low

  • AN-240325 - Medium
    Security Improvements

  • AN-242915 - Low
    Resolved a Kafka startup issue for Windows users. (10 Aug 2023)

  • Security Updates - High

  • AN-242024 - High
    Fixed an issue where intermittent failures in database connections resulted in the indefinite locking of the database type cache.

  • AN-241578 - High
    Fixed an issue where an error message was shown to users when loading some UIs due to an incorrect calculation of memory utilization.

  • AN-242676 - Low
    Updated translations for the Appian product (03 Aug 2023)

  • Security Updates - Critical

  • AN-240073 - High
    Fixed issue that prevented some portals from being published when they had precedents using Record Map type. (27 Jul 2023)

  • Security Updates - Critical

  • AN-240255 - High
    Updated Guava Library in the Blueprism Connected System

  • AN-235533 - High
    Fixed a site startup issue.

  • AN-235986 - Medium
    Fixed an issue where the search response content length exceeded the default limit of 100MB. The maximum query response content length on search server client calls is now configurable through conf.ia.QUERY_RESPONSE_LIMIT_IN_BYTES property.

  • AN-234601 - Low
    Fixed an issue with the webapp gracefully stopping. (24 Jul 2023)

  • Security Updates - Critical

  • AN-225107 - Critical
    Updated Snakeyaml Library

  • AN-240085 - High
    Updating or deploying a portal now causes it to reflect the correct subdomain if the environment's subdomain was changed since the portal was first published.

  • AN-239359 - High
    Fixed an issue where an incompatible plug-in upgrade could be deployed via the Admin Console.

  • AN-235860 - High
    Updating Admin Console Plug-ins page logic for Appian Cloud users to show all AppMarket plug-ins, but block unsupported ones from being deployed.

  • AN-235128 - High
    Introduced disk safeguards for heap dump creation.

  • AN-228346 - High
    Updated Google Cloud Translate and Protobuf Libraries

  • AN-217955 - High
    Updated Mozilla Rhino version

  • AN-240432 - Medium
    Fixed an issue which caused slowness while building interface in the Edit tab when using column layouts.

  • AN-239554 - Medium
    Performance improvements for Portals load times.

  • AN-237908 - Medium
    Updates to bouncycastle in Docusign connected system

  • AN-236738 - Medium
    Fixed an issue related to import circular dependencies for record events, where importing a record type with record events would fail due to failed references to the event record type, even though the event record type was in the package.


Perform the following steps to apply the hotfix:

  1. Stop Appian. See Starting and Stopping Appian for detailed instructions:
    1. Shut down the application server.
    2. Shut down the search server.
    3. Shut down the data server.
    4. Shutdown all Appian Engines, ensuring that the engines are checkpointed upon shutdown.
  2. Back up your existing Appian instance. See Backing Up Your Existing Appian Instance.
  3. Unzip the contents of the archive into your <APPIAN_HOME> directory.
  4. Run the deleteFiles script (deleteFiles.bat on Windows, on Linux) that is now located in your <APPIAN_HOME> directory.
    • If the script reports that some files were not deleted, address the reason for the failure (common causes listed below), and run it again until it no longer reports failed deletions.
    • Common causes of failed file deletion include:
    • The file is open in another window or process
    • The file is locked
    • You do not have permission to delete the file
  5. Unzip the contents of the archive that is now located your <APPIAN_HOME> directory.
  6. Run the installJdk script (installJdk.bat on Windows, on Linux).
  7. If you maintain customized or overridden Spring Security .xml files, merge them with the associated base files in the /deployment/web.war/WEB-INF/conf/security/ directory.
  8. Delete the following files:
    • installjdk
    • OpenJDK8U-jdk_x64linux_hotspot.tar.gz


    • deleteFiles.bat
    • installjdk script.bat
  9. If you are using a Web server, copy the content of <APPIAN_HOME>/deployment/web.war to the folder where the Web server is getting the static resources. See Copy Static Resources to the Web Server for more information.
  10. Run the configure script to deploy your environment's configuration and re-configure any node names previously set by the configure script tools.
  11. Start Appian:
    1. Start the Appian Engines.
    2. Start the data server.
    3. Start the search server.
    4. Start the application server.

To determine if the Appian 23.3 Hotfix is deployed, open the file located in <APPIAN_HOME>/conf/. The contents of this file should match the following code sample:

Open in Github Built: Tue, Nov 28, 2023 (04:19:20 PM)

Appian Hotfixes