Helsinki Patch 0 Hot Fix 3

Helsinki Patch 0 Hot Fix 3 provides fixes for the Helsinki release.

For Helsinki Patch 0 Hot Fix 3:
Build date: 06-06-2016_1539
Build tag: glide-helsinki-03-16-2016__patch0-hotfix3-05-31-2016

For more information about how to upgrade an instance, see Upgrade to Helsinki.

For more information about the release cycle, see the ServiceNow Release Cycle. For a downloadable, sortable version of Helsinki fixed problems, see KB0598266.

Note: This version is approved for FedRAMP.

Fixed problems in Helsinki Patch 0 Hot Fix 3

Problem Short description Description Steps to reproduce
Authentication

PRB680620

After upgrading to Helsinki, POP/LDAP fail with a keystore exception, and users are unable to log in Unable to load certificate.
SAML 2.0 SP Keystore - b88267271b012000f1129141be071393:
java.io.IOException: Keystore was tampered with,
  or password was incorrect:
sun.security.provider.JavaKeyStore.engineLoad
  (JavaKeyStore.java:780) 
sun.security.provider.JavaKeyStore$JKS.engineLoad
  (JavaKeyStore.java:56) 
sun.security.provider.KeyStoreDelegator.engineLoad
  (KeyStoreDelegator.java:21
Server Side Scripting

PRB680182

Instances which compile thousands of short JavaScript expressions may experience OOM after upgrading to Helsinki When compiled to Java classes instead of being interpretatively executed, very short JavaScript expressions create larger Java class files in Helsinki due to an upgrade to the JavaScript compiler. Instances which compile very large numbers of very short JavaScript expressions to Java classes rather than interpreting them may experience OOM (Out Of Memory) issues after upgrading to Helsinki as a result. For example, filter expressions can cause a large number of short JavaScript expressions to be compiled.

The Rhino JavaScript compiler operates in two distinct modes. It can compile JavaScript to Java classes and then execute the generated class, or it can compile the JavaScript into a simple stack-based pseudocode (pcode) and then interpretatively execute the pcode.

If Java classes are generated, they are stored in a special area of JVM memory, which was historically known as 'permgen' and (since Java 8) is now known as 'metaspace'. This area of memory is a limited resource, so compiling thousands of short scripts should be avoided, since it tends to cause the system to run out of permgen / metaspace.

There is no specific set of steps to reproduce. The only known case of this problem involved an instance which was using many SLAs and a large number of filter expressions. The expression cache contained thousands of slightly different entries for filter expressions.

Transaction and Session Management

PRB646966

KB0594709

MID Server stops communicating to the instance and continuously produces the socket timeout error: Accepted with code: 202

Recycled requests cause session leak issues. This results in either of these behaviors:

  • MID Server stops communicating with the instance and continuously produces the socket timeout error: Accepted with code: 202, until the user upgrades to a fixed version.
  • Stuck sessions in the transaction queue. In this case, users receive 429 "Rejecting request" errors due to the session leaks.

This is caused by the platform holding a session sync on a transaction that has been cancelled.

Refer to the listed Known Error KB article for details.

Platform Performance

PRB670075

KB0594813

ServletTransaction does not account for recycled requests and leaves sessions in session sync The RESTAPIProcessor throws an exception that causes the transaction to be cancelled, but not release the session sync on the session. This results in sessions "leaking" in the queue and can eventually, in a worst case scenario, consume the whole transaction queue. The affected end user(s) experiences HTTP 429 "Rejecting request" errors. Refer to the listed Known Error KB article for details.
Platform Performance

PRB677407

Mean semaphore exhausted on HI A script error is being generated, which may be a cause for the semaphore to exhaust. As a customer_admin, try to change the Primary/Secondary Technical/Support contacts in the core_company table.
org.mozilla.javascript.JavaScriptException: The war version is not a string.
(sys_script_include.976754ec7bac45001fe25a4d784d4d99; line 146)

Fixes included with Helsinki Patch 0 Hot Fix 3

* Unless any exceptions are noted, you can safely upgrade to this release version from any of the versions listed below. These prior versions contain PRB fixes that are also included with this release. Be sure to upgrade to the latest listed patch that includes all of the PRB fixes you are interested in.