Appian Knowledge Base

KB-1831 Cloning Appian Cloud Sites FAQ

Kaushal Patel — Thu, 30 Apr 2026 13:55:25 GMT

Current Revision posted to Appian Knowledge Base by Kaushal Patel on 4/30/2026 1:55:25 PM

Purpose

The purpose of this article is to answer common questions involved with cloning an Appian Cloud site for troubleshooting purposes.

What is a clone?
A clone is a replica of an existing Appian Cloud site. A new AWS instance is started, and a snapshot from an existing (host) Appian Cloud site is used to populate data on the new instance(s) creating a new separate site. All Appian Cloud clones are hosted in the same secure infrastructure as other Appian Cloud sites and are subject to the same security compliance protocols and controls.

Why does Appian Support request to create a clone?
Appian Support requests to clone a site for troubleshooting purposes. When investigating certain issues, it is sometimes necessary to test and debug directly to better understand the nature and scope of the behavior. In order to eliminate the risk of impact to an actual Appian Cloud site, it is necessary to run these tests on a clone of the environment.

What data will be cloned?
As a clone is created from a snapshot of a host site, all data as it exists at the time of the snapshot on the host site will be copied and present on the clone. For example, all Appian objects will be included, but not data hosted externally in customer databases.

Who has access to the code/data hosted in the clone?
Access to the code/data hosted in the clone is restricted to the following groups and is never shared with any third parties to ensure data integrity:

Those who have access to the original Appian Cloud site.
Team members from Appian Support and/or Appian's Product team that are involved in diagnosing and troubleshooting the issue(s) reported by the customer.

Do clones have any impact on the host Appian Cloud site or other existing environments?
No, clone sites exist separately outside of the host site and other existing Appian Cloud environments. Furthermore, outbound activity (emails, traffic, etc.) will be disabled as to not interfere with external systems.

How long is the clone and its data persisted?
The clone is persisted as long as the investigation into the current issue persists. Once the investigation is complete or no longer requires access to the clone, Appian will shut down the clone and delete its corresponding data. The clone can also be shut down at any time at the customer's discretion.

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: April 2026

Tags: administration, Security, infrastructure, Cloud

KB-2284 How to deploy plugins on a Kubernetes Appian instance

Ryan Good — Wed, 29 Apr 2026 16:08:28 GMT

Current Revision posted to Appian Knowledge Base by Ryan Good on 4/29/2026 4:08:28 PM

Purpose

Plug-ins are located in the directory /usr/local/appian/ae/_admin/plugins/ of the Webapp pod volume. This article describes how to deploy a plug-in to an instance of Appian on Kubernetes.

Instructions

Manually copy each plugin file into one of the webapp pods according to the documentation. Use the following template below:

kubectl cp <plugin-file.jar> :/usr/local/appian/ae/_admin/plugins -n <appian_namespace>

Example of deploying a plugin textutils-1.0.3.jar into a webapp pod named namespace:

kubectl cp .\textutils-1.0.3.jar appian-webapp-0:/usr/local/appian/ae/_admin/plugins -n namespace

If the instance is HA, run the command on one webapp pod. The plugin's directory will be mounted from the webapp RWX volume.

Affected Versions

This article applies to all self-managed versions of Appian in Kubernetes.

Last Reviewed: April 2026

Tags: webapp, how-to, Kubernetes, plugins

KB-2284 How to deploy plugins on a Kubernetes Appian instance

Kaushal Patel — Wed, 29 Apr 2026 16:07:22 GMT

Revision 18 posted to Appian Knowledge Base by Kaushal Patel on 4/29/2026 4:07:22 PM

Purpose

Plug-ins are located in the directory /usr/local/appian/ae/_admin/plugins/ of the Webapp pod volume. This article describes how to deploy a plug-in to an instance of Appian on Kubernetes.

Instructions

Manually copy each plugin file into one of the webapp pods according to the documentation. Use the following template below:

kubectl cp <plugin-file.jar> :/usr/local/appian/ae/_admin/plugins -n <appian_namespace>

Example of deploying a plugin textutils-1.0.3.jar into a webapp pod named namespace:

kubectl cp .\textutils-1.0.3.jar appian-webapp-0:/usr/local/appian/ae/_admin/plugins -n namespace

If the instance is HA, run the command on one webapp pod. The plugin's directory will be mounted from the webapp RWX volume.

Affected Versions

This article applies to all self-managed versions of Appian in Kubernetes.

Last Reviewed: May 2025

Tags: webapp, how-to, Kubernetes, plugins

KB-2380 Information about the Apache ActiveMQ security vulnerability (CVE-2026-34197)

Kaushal Patel — Wed, 29 Apr 2026 15:07:38 GMT

Current Revision posted to Appian Knowledge Base by Kaushal Patel on 4/29/2026 3:07:38 PM

On 17 April 2026, a critical vulnerability was discovered related to the Apache ActiveMQ software. This vulnerability involves improper input validation and code injection within the Jolokia JMX-HTTP bridge. An authenticated attacker can exploit this flaw by invoking management operations through the Jolokia API to trick the broker into fetching a remote configuration file, leading to arbitrary code execution (RCE) on the broker's Java Virtual Machine (JVM). Affected versions of Apache ActiveMQ Classic include all versions prior to 5.19.4 and versions 6.0.0 through 6.2.2.

Appian has investigated this vulnerability and its services. While affected versions of Apache ActiveMQ are present within the Appian platform, we have confirmed that the Jolokia JMX-HTTP bridge and ActiveMQ web console are not used. Consequently, Appian services are not impacted by this vulnerability. As a proactive security measure, our engineering teams are currently upgrading these packages to the latest secure versions. We will continue to monitor the situation and provide updates as needed.

Additional Notes:

The following CVE was released with additional information on the scope of the vulnerability:

CVE-2026-34197 - (Apache ActiveMQ Improper Input Validation / Remote Code Execution)

Supporting Documentation:

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: April 29, 2026

KB-XXXX Information about the Apache ActiveMQ security vulnerability (CVE-2026-34197)

Kaushal Patel — Wed, 29 Apr 2026 15:07:05 GMT

Revision 2 posted to Appian Knowledge Base by Kaushal Patel on 4/29/2026 3:07:05 PM

Additional Notes:

The following CVE was released with additional information on the scope of the vulnerability:

CVE-2026-34197 - (Apache ActiveMQ Improper Input Validation / Remote Code Execution)

Supporting Documentation:

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: April 29, 2026

KB-XXXX Information about the Apache ActiveMQ security vulnerability (CVE-2026-34197)

Kaushal Patel — Wed, 29 Apr 2026 15:06:12 GMT

Revision 1 posted to Appian Knowledge Base by Kaushal Patel on 4/29/2026 3:06:12 PM

Additional Notes:

The following CVE was released with additional information on the scope of the vulnerability:

CVE-2026-34197 - (Apache ActiveMQ Improper Input Validation / Remote Code Execution)

Supporting Documentation:

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: April 29, 2026

KB-2379 Appian Cloud: Self-Service Alerts

Kaushal Patel — Fri, 24 Apr 2026 14:43:05 GMT

Current Revision posted to Appian Knowledge Base by Kaushal Patel on 4/24/2026 2:43:05 PM

Purpose

Appian's self-service alert functionality enables customers to manage specific environment alerts by providing the tools for immediate action. These alerts focus on customer-driven actions, allowing you to resolve issues directly without external dependencies.

What are Self-Service Alerts?

Self-Service Alerts provide immediate visibility into issues affecting your Appian Cloud environment, offering clear and actionable steps to resolve them on your own timeline. This functionality ensures faster resolution times, reduces the need for back-and-forth communication, and grants you greater control over your environment.

Additionally, the ability to view both active and resolved alerts provides higher traceability for your cloud environment. This history allows you to track past issues and maintain a clear record of environment health and maintenance.

Available Alerts

Note: Appian continuously enhances our alerting capabilities as features evolve. This document is updated regularly to reflect these improvements. To stay informed, we recommend enabling notifications by selecting More > Turn Notifications On at the bottom of this page. You can also find the Last Reviewed date in the footer.

Long Running Database Transaction

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: April 2026

Tags: How To, how-to, alerts, Cloud

KB-2378 Appian Cloud: Self-Service Alerts

Kaushal Patel — Fri, 24 Apr 2026 14:42:13 GMT

Revision 15 posted to Appian Knowledge Base by Kaushal Patel on 4/24/2026 2:42:13 PM

Purpose

What are Self-Service Alerts?

Available Alerts

Long Running Database Transaction

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: April 2026

Tags: How To, how-to, alerts, Cloud

KB-2378 How to view DocCenter version in Appian Designer

pauline.delacruz — Thu, 23 Apr 2026 19:50:07 GMT

Current Revision posted to Appian Knowledge Base by pauline.delacruz on 4/23/2026 7:50:07 PM

Purpose

This article outlines the steps on how to view the version of DocCenter your Appian environment may be using.

Prerequisite

To view the version of DocCenter on your environment, the user running through the steps below must have access to Appian Designer.

Instructions

To view the version of DocCenter on your Appian environment, follow the steps outlined below:

Navigate to Appian Designer.
Navigate to the DocCenter Application by searching for DocCenter in the "Applications" tab.
Navigate to the "Build" Tab on the left-hand side.
Click on constant under "Object Type"
Search for AIA_VERSION
The version should be visible in the following format under the Description column: <Environment Version> - <AI DocCenter Version>

Note: Please see the documentation for more information on checking environment version compatibility with DocCenter.

Affected Versions

This article applies to all versions of Appian with DocCenter enabled.

Last Reviewed: April 2026

Tags: DocCenter, integration, how-to

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

carmen.cohen — Fri, 17 Apr 2026 15:03:36 GMT

Revision 14 posted to Appian Knowledge Base by carmen.cohen on 4/17/2026 3:03:36 PM

Purpose

What are Self-Service Alerts?

Available Alerts

Long Running Database Transaction

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: April 2026

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

carmen.cohen — Fri, 17 Apr 2026 14:56:34 GMT

Revision 13 posted to Appian Knowledge Base by carmen.cohen on 4/17/2026 2:56:34 PM

Purpose

What are Self-Service Alerts?

For a detailed view, please review our documentation.

Available Alerts

Long Running Database Transaction

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: April 2026

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

carmen.cohen — Fri, 17 Apr 2026 14:56:05 GMT

Revision 12 posted to Appian Knowledge Base by carmen.cohen on 4/17/2026 2:56:05 PM

Purpose

What are Self-Service Alerts?

For more information please review our documentation.

Available Alerts

Long Running Database Transaction

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: April 2026

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

carmen.cohen — Thu, 16 Apr 2026 09:12:23 GMT

Revision 11 posted to Appian Knowledge Base by carmen.cohen on 4/16/2026 9:12:23 AM

Purpose

Appian's self-service alert functionality enables customers to manage specific environment alerts independently of Appian Support. These alerts focus on customer-driven actions, allowing you to resolve issues directly without external dependencies.

What are Self-Service Alerts?

For more information please review our documentation.

Available Alerts

Long Running Database Transaction

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: April 2026

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

carmen.cohen — Thu, 16 Apr 2026 08:55:38 GMT

Revision 10 posted to Appian Knowledge Base by carmen.cohen on 4/16/2026 8:55:38 AM

Purpose

What are Self-Service Alerts?

For more information please review our documentation.

Available Alerts

Long Running Database Transaction

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: April 2026

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

carmen.cohen — Thu, 16 Apr 2026 08:24:24 GMT

Revision 9 posted to Appian Knowledge Base by carmen.cohen on 4/16/2026 8:24:24 AM

Purpose

What are Self-Service Alerts?

For more information please review our documentation.

Available Alerts

Long Running Database Transaction

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: April 2026

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

carmen.cohen — Wed, 15 Apr 2026 10:02:16 GMT

Revision 8 posted to Appian Knowledge Base by carmen.cohen on 4/15/2026 10:02:16 AM

Purpose

What are Self-Service Alerts?

For more information please review our documentation.

Available Alerts

Long Running Database Transaction

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: April 2026

KB-1447 Appian Cloud Vulnerability Testing

Kaushal Patel — Tue, 14 Apr 2026 15:29:27 GMT

Current Revision posted to Appian Knowledge Base by Kaushal Patel on 4/14/2026 3:29:27 PM

Purpose

Cloud customers can perform security-related activities against their Appian environments such as penetration testing and vulnerability scanning as well as software composition analysis scans on installers, containers and plugin jars. This article outlines assessment rules and accepted formats for submitting vulnerabilities to Appian.

Appian Cloud Assessment Rules

All planned security testing by customers must be submitted to Appian Technical Support at least 3 US business days (Mon-Fri 9:00 AM to 6:00 PM EST/EDT)
prior to testing via a support case.
The following details must be provided in the support case to prevent Appian or its hosting service providers from adding the test source IP addresses to a block list:
- Contact information
- Start time of test (including timezone)
- Test duration
- Expected peak bandwidth in Gigabits per second (Gbps)
- Source IP addresses generating the test traffic
Only perform assessments against the Appian Cloud Sites or FQDNs for which you have explicit approval.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.
Social engineering (e.g. phishing, vishing, smishing) is prohibited.
Denial of service attacks are prohibited.
Appian recommends performing assessments against a test or development site whenever possible, rather than a production site.
Appian considers any information identified during a security test of an Appian Cloud site to be Confidential Information that is protected under Appian’s contractual agreements with its customers. This obligation to protect Appian’s Confidential Information must flow down to any third-party security consultants hired by Appian customers. Please indicate in the support case whether a third-party entity will be used for security testing and whether the third-party entity has executed a non-disclosure agreement appropriate for the purpose.

Submitting Results

The following applies to all submissions:

Appian reviews security scan results only for recent hotfixes. Customers running older hotfix versions should upgrade to a recent hotfix and resubmit security scan results before Appian team initiates review.
All documentation (including results, summaries, and reproduction steps) must be submitted in English.
Appian will not accept findings that are missing information within the provided templates.
Submissions much be done via support case.

Appian Vulnerabilities

This section is applicable to penetration testing or vulnerability scans against Appian installations.

Fill out the Appian Vulnerability Submission Worksheet according the instructions below:

All submitted vulnerabilities must be validated by the assessor prior to submission. Appian does not accept invalidated results or direct output from automated scanners without additional manual validation.
Appian requires verifiable evidence such as screenshots, payloads, or any other associated proof-of-concept material as well as manual reproduction steps in order to properly validate any reported vulnerability findings.
All scanning or testing documentation must be accompanied by:
- A summarized index of all issues found, with the severity level of each issue.
- Clear evidence performed by the assessor showing that the proposed vulnerability can be used to exploit the system, for example by:
  - Allowing inappropriate access to the system or its data.
  - Allowing inappropriate modification of the system or its data.
  - Inappropriate use of a component of the system or as a whole.
- A description of the risk to the system.
- Guidance on how to reach the impacted end point(s).
- Clear steps on how to reproduce the issue.

Appian Third-Party Component Vulnerabilities

This section is applicable to Software Composition Analysis scans against Appian installers, containers and plugin jars.

Fill out the Appian third-party vulnerability submission worksheet according to the instructions below:

If the vulnerability reporting source is vendor specific (ex: BlackDuck or X-Ray), the customer should provide as much explanatory detail as possible in the Description column in order for Appian to effectively validate the issue.

What to Expect Next

Appian will review the findings (assuming all submission requirements have been met) and either accept or reject each one.
- For rejected findings, Appian will provide an explanation as to why the reported vulnerability was rejected (false positive, configuration-level controls available to mitigate, etc.).
- For accepted findings, Appian will classify the severity of the finding as Low/Medium/High/Critical.
Appian Support will provide analyses and impact assessments of the report and individual findings through the support case.

Affected Versions

This article applies to all versions of Appian Cloud

Last Reviewed: April 2026

Tags: Security, Cloud

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

carmen.cohen — Mon, 13 Apr 2026 13:43:04 GMT

Revision 7 posted to Appian Knowledge Base by carmen.cohen on 4/13/2026 1:43:04 PM

Purpose

What are Self-Service Alerts?

For more information please review our documentation.

Available Alerts

Long Running Database Transaction

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: April 2026

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

carmen.cohen — Mon, 13 Apr 2026 13:35:58 GMT

Revision 6 posted to Appian Knowledge Base by carmen.cohen on 4/13/2026 1:35:58 PM

Purpose

What are Self-Service Alerts?

Available Alerts

Long Running Database Transaction

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: April 2026

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

carmen.cohen — Mon, 13 Apr 2026 13:35:10 GMT

Revision 5 posted to Appian Knowledge Base by carmen.cohen on 4/13/2026 1:35:10 PM

Purpose

Appian has released self-service alert functionality, allowing customers to independently manage certain alerts independently of Appian Support.. These are alerts where the necessary actions are customer-driven and do not need Support involvement.

What are Self-Service Alerts?

Available Alerts

Long Running Database Transaction

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: April 2026

Appian Knowledge Base

KB-1831 Cloning Appian Cloud Sites FAQ

Purpose

Table of Contents:

Affected Versions

KB-2284 How to deploy plugins on a Kubernetes Appian instance

Purpose

Instructions

Affected Versions

KB-2284 How to deploy plugins on a Kubernetes Appian instance

Purpose

Instructions

Affected Versions

KB-2380 Information about the Apache ActiveMQ security vulnerability (CVE-2026-34197)

Additional Notes:

Supporting Documentation:

Affected Versions

KB-XXXX Information about the Apache ActiveMQ security vulnerability (CVE-2026-34197)

Additional Notes:

Supporting Documentation:

Affected Versions

KB-XXXX Information about the Apache ActiveMQ security vulnerability (CVE-2026-34197)

Additional Notes:

Supporting Documentation:

Affected Versions

KB-2379 Appian Cloud: Self-Service Alerts

Purpose

What are Self-Service Alerts?

Available Alerts

Affected Versions

KB-2378 Appian Cloud: Self-Service Alerts

Purpose

What are Self-Service Alerts?

Available Alerts

Affected Versions

KB-2378 How to view DocCenter version in Appian Designer

Purpose

Prerequisite

Instructions

Affected Versions

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

Purpose

What are Self-Service Alerts?

Available Alerts

Affected Versions

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

Purpose

What are Self-Service Alerts?

Available Alerts

Affected Versions

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

Purpose

What are Self-Service Alerts?

Available Alerts

Affected Versions

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

Purpose

What are Self-Service Alerts?

Available Alerts

Affected Versions

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

Purpose

What are Self-Service Alerts?

Available Alerts

Affected Versions

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

Purpose

What are Self-Service Alerts?

Available Alerts

Affected Versions

[DRAFT] [NEW] KB-XXXX Appian Cloud: Self-Service Alerts

Purpose

What are Self-Service Alerts?

Available Alerts

Affected Versions

KB-1447 Appian Cloud Vulnerability Testing

Purpose

Appian Cloud Assessment Rules

Submitting Results

Appian Vulnerabilities