This page lists all the recent hotfixes for Appian 23.3.

Hotfix package (31 Oct 2024)

Self-managed customers can use the following links to download and install the hotfixes package. If you are managing Appian on Kubernetes, instead of using the links below, you'll need to upgrade to the latest Appian on Kubernetes images to apply the hotfixes.

• Hotfix package 23.3.1395.0
• Installation instructions

This cumulative hotfix package includes all resolved issues listed below in a single download. This hotfix is required for any Appian 23.3 installations not currently up to date with the latest hotfixes. After installing, you will be running on Appian 23.3.1395.0.

You can view your current self-managed Appian version by logging into your Appian environment as a designer or system administrator and clicking the navigation menu > About Appian.

The package resolves the following issues.

23.3.1395.0 (31 Oct 2024)

• Security Updates - High

23.3.1380.0 (25 Oct 2024)

• Security Updates - High

• AN-294004 - High
  Updated Google Libraries

23.3.1360.0 (18 Oct 2024)

• Security Updates - Medium

23.3.1350.0 (10 Oct 2024)

• Security Updates - High

• AN-289556 - Medium
  HotFix

23.3.1340.0 (04 Oct 2024)

• Security Updates - Medium

23.3.1335.0 (27 Sep 2024)

• Security Updates - Critical

• AN-292191 - Medium
  Fixed an issue that caused embedded Appian to break for Google Chrome users, following a recent upgrade to Google Chrome.

23.3.1320.0 (20 Sep 2024)

• Security Updates - Medium

• AN-287338 - Critical
  Update oscore library

23.3.1295.0 (13 Sep 2024)

• Security Updates - High

23.3.1275.0 (06 Sep 2024)

• Security Updates - High

• AN-290307 - Medium
  Resolved an error with k transactions due to a negative time.

23.3.1255.0 (29 Aug 2024)

• Security Updates - Medium

• AN-271602 - High
  Updated the bcprov library

23.3.1240.0 (22 Aug 2024)

• Security Updates - Critical

23.3.1220.0 (15 Aug 2024)

• Security Updates - High

• AN-277986 - High
  Updated the Okio JVM library

• AN-277983 - Medium
  Updated the Netty Codec HTTP library

• AN-280345 - Low
  Search Server (Elasticsearch) is now upgraded to version 7.17.23.

23.3.1195.0 (09 Aug 2024)

• Security Updates - Critical

23.3.1175.0 (01 Aug 2024)

• Security Updates - Critical

• AN-286157 - Critical
  Fixed an issue with phpMyAdmin being unavailable.

• AN-284801 - Medium
  Resolved an issue where component plugin interactions did not properly extend the session

• AN-285720 - Medium
  Fixed an issue where log files would get incorrectly moved after a site restart.

23.3.1135.0 (18 Jul 2024)

• Security Updates - High

23.3.1120.0 (11 Jul 2024)

• Security Updates - Critical

• AN-282655 - Medium
  JWT expiration and refresh time has been updated properly.

• AN-283427 - Medium
  Increased timeout for smart service syncs to prevent record type invalidation when full syncs occur at the same time.

23.3.1110.0 (03 Jul 2024)

• Security Updates - Medium

• AN-282192 - High
  Fixed an issue that caused Appian instances to fail to start when the HTTP Proxy credentials can not be decrypted.

• AN-265640 - Medium
  Upgraded commons-compress,commons-io and commons-lang3

• AN-277303 - Medium
  Fixes an issue where Zookeeper configurations are missing for self-managed customers.

23.3.1086.0 (28 Jun 2024)

• Security Updates - Medium

• AN-278708 - High
  Fixed an issue that caused AI Skill smart services to hang indefinitely, exhausting the thread pool and causing failures in smart service executions.

• AN-279466 - High
  Fixed an issue where the search server consumes half of the available memory of an instance by default after an upgrade. The default maximum size of the total heap space used by the search server is now set at 1 GB.

• AN-277954 - Low
  Fixed and issue where engine directories were not being created during installation.

23.3.1075.0 (21 Jun 2024)

• Security Updates - High

• AN-242202 - High
  Upgraded Jackson databind in master and maint branches and Disabled jetifier flag in maint branches

23.3.1055.0 (13 Jun 2024)

• Security Updates - High

• AN-271778 - High
  Updates to the Spring library version

23.3.1035.0 (06 Jun 2024)

• Security Updates - High

• AN-266898 - High
  Upgraded Clojure version to 1.12.0-alpha8

• AN-278415 - High
  Fixed an issue that caused a subset of columns in the records metrics log files to be reported incorrectly.

23.3.1010.0 (31 May 2024)

• Security Updates - High

• AN-277857 - Critical
  changes the directory permission from root to appian for /usr/local/appian/local-data/rpa-data/tomcat8

23.3.995.0 (24 May 2024)

• Security Updates - High

• AN-276098 - Medium
  Improved the query for fetching design objects.

• AN-276266 - Low
  Cleaned up the Service Manager logs from redundant messaging regarding the new Java 17 use.

23.3.980.0 (17 May 2024)

• Security Updates - High

• AN-274533 - High
  Fixed issue where sync failed with error 'specified branch timed out' during sync operations.

• AN-274920 - Medium
  Resolved an issue with Redis that was displaying Redis client 500 errors.

23.3.955.0 (09 May 2024)

• Security Updates - High

23.3.935.0 (02 May 2024)

• Security Updates - High

• AN-270717 - Medium
  Fixed an error for self-managed Windows customers, where in some cases errors would not be properly logged.

23.3.915.0 (25 Apr 2024)

• Security Updates - High

• AN-272222 - High
  Improves the UI performance of the Reconcile Document Extraction task.

23.3.890.0 (18 Apr 2024)

• Security Updates - High

• AN-266346 - Medium
  Apache Kafka upgrade to 3.7.0

• AN-270014 - Medium
  Search Server (Elasticsearch) is now upgraded to version 7.17.19.

23.3.875.0 (11 Apr 2024)

• Security Updates - High

23.3.860.0 (04 Apr 2024)

• Security Updates - High

23.3.845.0 (28 Mar 2024)

• Security Updates - High

23.3.820.0 (21 Mar 2024)

• Security Updates - High

• AN-265165 - Low
  Fixed an issues where engine process metrics were not properly collected.

23.3.805.0 (14 Mar 2024)

• Security Updates - Medium

• AN-261813 - High
  Resolved an issue to prevent cloud database replication failure in the HA configuration by setting the value of the slave_parallel_mode variable to conservative.

23.3.785.0 (07 Mar 2024)

• Security Updates - Medium

• AN-259725 - High
  Upgraded ion-java library

• AN-259860 - High
  Updated grpc library

23.3.760.0 (28 Feb 2024)

• Security Updates - Medium

• AN-259435 - High
  Removal of special characters (non alpha numeric) from the exception REST API response

23.3.740.0 (22 Feb 2024)

• Security Updates - High

• AN-244356 - High
  Upgraded Jackson Core , Databind and Annotations in Dynamics and Sharepoint Connected Systems

• AN-262624 - High
  Performance optimization for development environments related to type and rule updates.

• AN-264450 - High
  Resolved an issue where phpMyAdmin failed to automatically log in users when a special character was set in the company.name site property.

• AN-260985 - Medium
  Fixed an issue where in rare cases file uploads would fail with a 401 error on embedded forms.

• AN-261897 - Medium
  Fixed an issue which caused infrequent synced record type outages due to data service write failures.

23.3.720.0 (15 Feb 2024)

• Security Updates - Critical

• AN-258702 - Medium
  Fixed an issue that caused embedded Appian to break for 1% of Google Chrome users, following a recent change by Google.

23.3.705.0 (08 Feb 2024)

• Security Updates - Critical

• AN-263504 - High
  Production release of AMP stratus log streaming migration

• AN-248734 - Medium
  This fixes the issue for the ability to save a salesforce integration with large payloads over> 200KB using a Salesforce Connected System

23.3.685.0 (02 Feb 2024)

• Security Updates - Medium

• AN-261480 - Medium
  Resolved an issue where the phpMyAdmin banner color was not properly displayed based on the configuration.

23.3.670.0 (26 Jan 2024)

• Security Updates - High

• AN-255863 - Medium
  Upgraded jackson databind in blueprism connected system

• AN-255864 - Medium
  Upgraded jackson libraries in salesforce-multi

• AN-258199 - Medium
  Fixed an issue which prevented certain deactivated users from being reactivated on sign in. Before this fix, deactivated users with rule based membership could not be reactivated through SAML automatically.

• AN-259083 - Medium
  Fixed an issue that caused record action submissions to lead to unresponsive user interfaces in rare scenarios.

• AN-259099 - Medium
  The ability to store and view attachments on a process was deprecated in the low-code platform version 16.3, and has now been removed from platform versions later than 21.4. This change fixes an issue hampering the opening of Portlet dialogs caused by this removal.

• AN-259639 - Medium
  Fixed a bug that prevented log in and password reset for SSO users.

• AN-256587 - Low
  The ability to store and view attachments on a process was deprecated in the low-code platform version 16.3, and has now been removed from platform versions later than 21.4.

23.3.610.0 (05 Jan 2024)

• Security Updates - High

• AN-255692 - High
  Updated grpc, google cloud, jackson databind, jackson annotations and jackson core libraries

• AN-246050 - Medium
  Fixed an issue where product areas supported in IE Mode 11 of Edge were not working

• AN-245877 - Low
  Set entity expansion limit to 100 for XML for import export functionality

23.3.585.0 (21 Dec 2023)

• Security Updates - Critical

• AN-255285 - High
  Added new debug logging to help troubleshoot an issue where a!queryRecordType() returned null when placed inside a!dataSubset().

• AN-253349 - Medium
  Improved throttling mechanism for parallel thread creation and associated observability

• AN-252629 - Low
  Fixed an issue that caused requests to the data service to timeout during recovery from component failure.

23.3.565.0 (14 Dec 2023)

• Security Updates - High

• AN-255533 - High
  Search Server (Elasticsearch) is now upgraded to version 7.17.15.

• AN-255482 - Medium
  Updated xmlsec library to version 2.2.6

23.3.545.0 (07 Dec 2023)

• Security Updates - High

• AN-255429 - Medium
  Robotic task executions that have been queued for over 5 hours now return results back to the process model node.

23.3.535.0 (30 Nov 2023)

• Security Updates - Critical

• AN-251917 - Critical
  Updated ActiveMq library

• AN-255175 - Critical
  Fixed issue where sync failed with error 'specified branch timed out' during sync operations.

• AN-252551 - High
  Appian Designer no longer hangs if the AI Skill service returns a bad response.

• AN-255270 - High
  Updated Jetty library to version 9.4.53.v20231009.

• CN-25284 - High
  Fixed and issue with session management for Appian Cloud.

• AN-252472 - Medium
  Fixed an issue where Health Check would time out for large customers.

• AN-253495 - Low
  Fixed an issue that prevented users from changing the application for documents created from the site object.

• AN-254105 - Low
  Timestamps in the Operations Console now correctly display in user's timezone.

23.3.492.0 (17 Nov 2023)

• AN-254031 - High
  Resolved an issue with High Availability Appian Cloud sites not being able to deactivate users.

23.3.491.0 (16 Nov 2023)

• Security Updates - Critical

• AN-251762 - High
  Reduces the volume of logs generated by certain long-running evaluations.

• AN-249920 - Medium
  Fixed an issue that prevented the slow log of the cloud database from being persisted on disk when restarting a site.

• AN-251203 - Medium
  Added two custom properties which control retry behavior in the event the underlying database update or insert statement encounters a deadlock as part of a Write Records transaction.

23.3.466.0 (10 Nov 2023)

• Security Updates - Critical

• AN-250737 - High
  Updates to google cloud, google cloud storage, jackson-databind, and grpc libraries within the Google Cloud Connected Systems

• AN-247653 - Medium
  Fixed a Bug in xpathsnippet and xpathdocument function causing xpath issues when parsing xmls which have same namespace prefix pointing to different URIs.In 23.2 fixed issues to support the local-name xpath function.

• AN-249650 - Medium
  Updated support for checkpoint script to be initiated from any node, not just the primary node.

23.3.441.0 (03 Nov 2023)

• Security Updates - High

• AN-245003 - High
  Fixed an issue that prevented some documents from being rendered properly in the reconciliation task when opening the task from a record action or the process modeler debug view.

• AN-249578 - Medium
  Fixed an issue that caused a migration in the execution engine to fail due to certain work items, preventing the upgrade to Appian 22.4 and later versions.

23.3.420.0 (26 Oct 2023)

• Security Updates - Critical

• AN-250045 - High
  Fixed display of HTML elements as text in rich text editor for Send-Email body node in Process Model

• AN-251116 - High
  Fixed an issues where logs were not rotating.

• AN-243892 - Low
  Fixed an issue that was causing users to encounter error code 500 when trying to access the cloud database through phpMyAdmin.

23.3.396.0 (20 Oct 2023)

• Security Updates - High

• AN-247910 - Medium
  Fixed an issue that where a process would return an incorrect response instead of abort.

• AN-249274 - Medium
  Fixed an issue with defining the maximum checkpoint limit for Service Manager.

23.3.376.0 (13 Oct 2023)

• Security Updates - High

• AN-248677 - High
  Fixed an issue where the validation for sequence increment values failed when the primary key of an Oracle Data Store was configured to automatically increment a sequence value greater than one. This issue pertains to customers who are upgrading to version 22.4 or later. You have the option to enable conf.data.hibernate.sequence.ignoreIncrement.enabled site property in the custom.properties to bypass this validation.

• AN-248721 - High
  Fixed issue where process models could not be saved if HTML decoding in the message Body of the Send Email node occurred

• AN-247518 - Medium
  Fixed issue where process node evaluation could trigger the Memory Circuit Breaker

• AN-248874 - Medium
  Robotic tasks and robot pools are now able to run on VPN-only environments.

• AN-248145 - Low
  The memory limit applied to user interfaces throughout Appian is now configurable by Appian Support and will be persisted after a site restart.

23.3.350.0 (05 Oct 2023)

• Security Updates - High

• AN-248369 - Critical
  Fixed an issue where HTTP integrations using Google Service Account authentication didn't respect the HTTP proxy configuration

• AN-246311 - High
  Updated third party libraries

• AN-243743 - Medium
  A maximum statement timeout of 12 hours is applied to all select queries executed through the Enhanced Data Pipeline (EDP) to prevent Appian Cloud database restart issues caused by long innodb_history_list_length.

• AN-247428 - Medium
  Fixed an issue to ensure that users accessing a page within a page group from a mobile app could access the link to open the page in their mobile browser.

23.3.325.0 (28 Sep 2023)

• Security Updates - Critical

23.3.305.0 (21 Sep 2023)

• Security Updates - Critical

• AN-246001 - Medium
  Fixed an issue that prevented upgrading to RHEL 7.x by reverting Holy Build Box version to 2.2.0

• AN-245502 - Low
  Fixed an issue that caused occasional Kafka errors when restarting the data service.

23.3.285.0 (14 Sep 2023)

• Security Updates - High

• AN-245148 - High
  Fixed an issue that could cause performance degradation or errors when using Compare & Deploy to deploy to target environments.

• AN-240370 - Medium
  Updated Bouncy Castle library

• AN-243030 - Medium
  Fixed an issue where transactions executed in an Execute Stored Procedure Smart Service or function weren't getting rolled back when auto-commit was set to false after encountering an exception.

• AN-244680 - Medium
  Updated guava library in the salesforce connected system

• AN-245631 - Medium
  Fixed an issue where the horizontal scrollbar in the process model was hidden by the site wide banner.

• AN-245754 - Medium
  Fixed an issue that caused an incorrect inspection error to display when deploying robotic tasks that reference new groups.

• AN-244685 - Low
  Fixed an issue where the entire header bar of a single page Helium style site was clickable.

23.3.265.0 (07 Sep 2023)

• Security Updates - High

• AN-238159 - High
  Updates to Netty library

• AN-241658 - High
  Fixed an issue where in some cases xpathsnippet() would return an error

• AN-244149 - Medium
  Fixed an issue to ensure consistent error handling behavior between platform versions when using the @Version annotation in a CDT XSD to prevent lost update anomalies.

• AN-244402 - Medium
  Fixed an issue where using Content APIs did not overwrite an existing document.

• AN-207776 - Low
  Updating time picker placeholder text for 24hr-based locales.

23.3.241.0 (31 Aug 2023)

• Security Updates - High

• AN-244869 - Critical
  Delay the Primary Key Enforcement feature roll-out for new cloud sites using MariaDB as the business data source to a future release.

• AN-237829 - High
  Updated the guava, jackson databind, jackson core, and jackson annotations libraries.

• AN-219753 - Medium
  Fixed an issue that allowed open redirects from being caught by validation.

• AN-156340 - Low
  Adding additional engine logging for troubleshooting

• AN-241206 - Low
  Adding additional logging for Kafka transaction writing for troubleshooting.

23.3.215.0 (24 Aug 2023)

• Security Updates - Critical

• AN-236122 - Medium
  Updated Google Cloud Libraries

• AN-242736 - Medium
  The data service query request size limit is now set to 5MB.

• AN-242767 - Medium
  Removed support for the Portals Publishing Manager application. All portals must be created and managed using Appian Designer.

• CN-23112 - Medium
  Kakfa performance tuning

• AN-242915 - Low
  Resolved a Kafka startup issue for Windows users.

23.3.205.0 (18 Aug 2023)

• Security Updates - Medium

• AN-242915 - Low
  Resolved a Kafka startup issue for Windows users.

23.3.180.0 (10 Aug 2023)

• Security Updates - High

• AN-241578 - High
  Fixed an issue where an error message was shown to users when loading some UIs due to an incorrect calculation of memory utilization.

• AN-242024 - High
  Fixed an issue where intermittent failures in database connections resulted in the indefinite locking of the database type cache.

• AN-242676 - Low
  Updated translations for the Appian product

23.3.155.0 (03 Aug 2023)

• Security Updates - Critical

• AN-240073 - High
  Fixed issue that prevented some portals from being published when they had precedents using Record Map type.

23.3.130.0 (27 Jul 2023)

• Security Updates - Critical

• AN-240255 - High
  Updated Guava Library in the Blueprism Connected System

23.3.115.0 (24 Jul 2023)

• Security Updates - Critical

• AN-225107 - Critical
  Updated Snakeyaml Library

• AN-235128 - High
  Introduced disk safeguards for heap dump creation.

• AN-235860 - High
  Updating Admin Console Plug-ins page logic for Appian Cloud users to show all AppMarket plug-ins, but block unsupported ones from being deployed.

• AN-239359 - High
  Fixed an issue where an incompatible plug-in upgrade could be deployed via the Admin Console.

• AN-240085 - High
  Updating or deploying a portal now causes it to reflect the correct subdomain if the environment's subdomain was changed since the portal was first published.

• AN-237908 - Medium
  Updates to bouncycastle in Docusign connected system

• AN-239554 - Medium
  Performance improvements for Portals load times.

• AN-240432 - Medium
  Fixed an issue which caused slowness while building interface in the Edit tab when using column layouts.

Installation

Perform the following steps to apply the hotfix:

1. Stop Appian. See Starting and Stopping Appian for detailed instructions:
   1. Shut down the application server.
   2. Shut down the search server.
   3. Shut down the data server.
   4. Shutdown all Appian Engines, ensuring that the engines are checkpointed upon shutdown.
2. Back up your existing Appian instance. See Backing Up Your Existing Appian Instance.
3. Unzip the contents of the Hotfix package 23.3.1395.0 into your <APPIAN_HOME> directory.
4. Run the deleteFiles script (deleteFiles.bat on Windows, deleteFiles.sh on Linux) that is now located in your <APPIAN_HOME> directory.
   • If the script reports that some files were not deleted, address the reason for the failure (common causes listed below), and run it again until it no longer reports failed deletions.
   • Common causes of failed file deletion include:
   • The file is open in another window or process
   • The file is locked
   • You do not have permission to delete the file
5. Unzip the contents of the updates.zip archive that is now located your <APPIAN_HOME> directory.
6. Run the installJdk script (installJdk.bat on Windows, installJdk.sh on Linux).
7. If you maintain customized or overridden Spring Security .xml files, merge them with the associated base files in the /deployment/web.war/WEB-INF/conf/security/ directory.
8. Delete the following files:
   Linux
   • deleteFiles.sh
   • installjdk script.sh
   • OpenJDK8U-jdk_x64linux_hotspot.tar.gz
   • updates.zip

   Windows

   • deleteFiles.bat
   • installjdk script.bat
   • OpenJDK8U-jdk_x64windows_hotspot.zip
   • updates.zip
9. If you are using a Web server, copy the content of <APPIAN_HOME>/deployment/web.war to the folder where the Web server is getting the static resources. See Copy Static Resources to the Web Server for more information.
10. Run the configure script to deploy your environment's configuration and re-configure any node names previously set by the configure script tools.
11. Start Appian:
    1. Start the Appian Engines.
    2. Start the data server.
    3. Start the search server.
    4. Start the application server.

To determine if the Appian 23.3 Hotfix is deployed, open the build.info file located in <APPIAN_HOME>/conf/. The contents of this file should match the following code sample:

build.revision=57b9230f26fb7f7abd882b87011693f3bf42a988
build.version=23.3.1395.0