Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store

Istanbul Patch 11

Istanbul Patch 11

The Istanbul Patch 11 release contains fixes to these problems.

Istanbul Patch 11 was released on February 22, 2018.
Build date: 02-16-2018_1105
Build tag: glide-istanbul-09-23-2016__patch11-02-07-2018

ServiceNow QPP targets and patches are immediately available. Users do not need to request an entitlement to schedule an upgrade to these versions.

For more information about how to upgrade an instance, refer to Upgrade to Istanbul.

For more information about the release cycle, see the ServiceNow Release Cycle. For a downloadable, sortable version of Istanbul fixed problems, see KB0598935.
Note: This version is approved for FedRAMP.

Security-related Fixes

Istanbul Patch 11 includes fixes for security-related problems that affected certain applications and the ServiceNow platform. We recommend that customers upgrade to this release for the most secure and up-to-date ServiceNow features. For more details on security problems fixed in Istanbul Patch 11, refer to KB0676822.

Notable fixes

The following problems and their fixes are ordered by potential impact to customers, starting with the most significant fixes.
Problem Short description Description Steps to reproduce

Forms and Fields



Document ID field types are showing the sys_id instead of the display value When a document ID field is set to read-only via ACL or dictionary (sever-side methods), the field shows the sys_id instead of the display value when viewed in a form.

Refer to the listed Known Error KB article for details.

Asynchronous Message Bus


Queued AMB messages can push session waiters beyond the 'Max Waiters' threshold, resulting in ignored requests AMB messages queued for delivery can push a session's waiting transactions beyond the system's allowed maximum amount. The result is that legitimate UI requests are ignored.

Release Management



Project Management creates PM Program with null sys_id resulting in mass updates to other PM task types A program with null sys_id is triggering corruption of all planned task records when project state/percent complete is changed
  1. Navigate to Project > Projects > Work In Progress.
  2. Filter for [Program] [is not empty] AND [State][is][Work in Progress].
  3. Remove the Program reference.
  4. Change State from Work in Progress to Pending.
  5. Click Update.

Configuration Management Database (CMDB)


Performance issues for users running the Service Dashboard

When the Service Dashboard is running, some users experience performance or memory usage issues.

The fix for this PRB adds the system property. If set to false, service health scores are not calculated.

All Other Fixes

Problem Short description Description Steps to reproduce



The customized scheduled job is overwritten during an upgrade The scheduled job 'Cancel Expired Assessments' is overwritten during an upgrade.
  1. Customize the scheduled job.
  2. Reactivate the com.snc.assessment_core plugin, or perform an upgrade.

Notice your customizations were overwritten.




The Chat window does not open and conversations are not displayed on the sidebar The Connect Chat window does not open. Conversations are not displayed on the sidebar for users that belong to the same chat group if one of the user's user ID has been changed.
  1. Impersonate a user (for example, Abel Tuter) and create a new incident.
  2. Assign the incident to a different user (for example, David Loo).
  3. Impersonate David Loo.
  4. Click Following.
  5. Open Connect Mini/Full.
  6. Attach a file from the chat.
  7. Rename Abel Tuter's user ID.

Note that neither Abel nor David are able to launch the Connect Chat window and the connect sidebar does not show any of the conversations/chats that the users are part of.

Cloud Management Application


VMware VMWareConfigureWindowsProbe: Time zone getting parsed incorrectly when prefixed with zero VMWareConfigureWindowsProbe does not parse time zones correctly, which can lead to errors.
  1. Install the CMP plugin.
  2. Order a VM.
  3. Try any operation on the VM which is under a policy.
  4. Cancel the Change request.

The Operation WF is canceled.

Configuration Management Database (CMDB)


The edit_ci_relations ACL is not invoked for the new 'CI Relations' formatter Users are no longer able to add a new relationship. When attempting to save the relationship, users get the error "Failed to add relationships".

Core Platform


Default "go to" search operator >= can be slow on large tables Default semaphore exhaustion.
  1. Go to cmdb_ci list.
  2. Type foo in the top search bar for Name.

Expected result: Query is "Name starts with foo".

Actual result: Query is "Name >=foo".

Customer Service Management


Anonymous chat is not working Guest users are not able to chat, and they receive a security error 'Security restricted when invoking processor'.

Data Certification



Demo data is causing certification schedules to rerun Certification schedules are unnecessarily rerun, which causes more instances and tasks.

Refer to the listed Known Error KB article for details.

Demand Management


Assessments created for demand does not show the demand details in My Assessments and Surveys
  1. Create 2 demands.
  2. Add a stakeholder for both the demands, with assessment set to yes.
  3. Screen the demand.
  4. Impersonate the stakeholder.
  5. Navigate to My Assessments & Surveys.
  6. Check the demand cards.

The assessment does not contain demand details.



Unable to discover VLAN data from Cisco switches that require the SNMPv3 context When users try to discover Cisco switches, they see the message "SNMP - Switch - ForwardingTable: 0 OIDs".



Classification of storage switches fails when a namespace is returned



Discovery probes with use_getbulk set to true disregard the SNMP v3 only discovery schedule setting, which cause unwanted queries of the target If Discovery via schedule runs a probe with use_getbulk set to true and the SNMPv3 credentials fail (including but not limited to the use case in PRB1236541), the system cycles through any community string credentials. These string credentials include 'public' unless the MID config parameter mid.snmp.enable_auto_public is disabled, since it is enabled by default. When a credential is tested, the user will see requests for 'sysDescr' made to their device(s).
  1. Configure a Discovery schedule to use SNMPv3 only.
  2. Add an IP to the schedule that will respond to SNMPv3 queries only.
  3. Add an invalid (with respect to the target device) SNMPv3 discovery credential.
  4. Add an SNMP community string credential.
  5. Add the probe parameter use_getbulk=true to the SNMP - Classify probe. You can also use a valid credential against a device where the credential will fail during exploration due to PRB1236541.
  6. Turn on debugging and/or observe SNMP traffic in Wireshark.
  7. Discover the device.

After the SNMPv3 credential fails, the system falls back to available community strings, including 'public'.

Event Management


Zabbix connector fails when a field (item) is missing on the trigger list The connectors fail while accessing a null field.

Event Management



Node Count scheduled job issues a slow query in the isNodeLicensable() function
  1. Create a large CMDB with more than 10M records.
  2. Run the job.
Note that the job takes a very long time to complete.

Event Management


The Event Management dashboard loads very slowly Slowness while accessing the Event Management dashboard can lead to performance issues.

Import / Export


REST API calls intermittently fails due to the error: "Could not initialize class ImportSetAPIService" REST API calls intermittently fail. This problem only seems to affect one node at a time, and has occurred randomly after a node restart on a very small number of instances.

Knowledge Management


If only the UI15 plugin is enabled, 'Post a question' does not give the form In the Knowledge homepage, the "Post a question" functionality is not working as expected. An injector error is thrown in the console.

Knowledge Management


On the 'Ask question' page (social_qa), users are unable to write in the field under 'Title' Users can ask a question from the knowledge homepage by clicking the button 'Post Question'. This button will take the user to the 'Ask question' page (social_qa) where the user can type the question in a field below the 'Title' field.

Knowledge Management



KB categories created through the category picker by knowledge_admin are not listed under the intended knowledge base When knowledge_admin creates a category, it is not visible because it does not have 'Parent ID'. Creating categories works for admin users.
  1. Login as knowledge_admin.
  2. Open any Knowledge article by navigating to Knowledge > All.
  3. Click on magnifying glass icon to open the Category picker.
  4. Create a new category and confirm.

Observe the article category is set to the one just created, but is not listed as a category under the associated Knowledge Base.

Knowledge Management



The image size is lost when a Word document is imported to the knowledge base
  1. Import a Word document by dragging and dropping the file to the Knowledge Homepage and following the instructions in the pop-up window.
  2. View the article.
Note that the image size and the text position are not correct.




Upon checkout of an SSH, PowerShell, and JDBC Orchestration activity, the command or SQL statement field is cleared out In the activity designer, if a user clicks he checkout button of any published SSH, PowerShell, or JDBC Orchestration activity, the command or SQL statement field is cleared out.
  1. Navigate to Workflow Editor > Custom.
  2. Click the Plus (+) button to add a new SSH activity.
  3. Fill out the form with sample data, and publish it.
  4. Click Checkout.

The command field is empty.

Performance Analytics



The Column Chart widget with the 'Previous period chart' box checked does not render the first and the last bar available for a full year period
  1. Navigate to Performance Analytics > Widgets.
  2. Create a widget with the following values:
    • Type: Time Series
    • Visualization: Line
    • Indicator: Number of Open Incidents
    • Time Series: By Avg +
  3. Select the Previous period chart checkbox.
  4. Navigate to Performance Analytics > Jobs.
  5. Open the job, select [PA Incident] Daily Data Collection, and click Run.
  6. Navigate back to Performance Analytics > Dashboard.
  7. Click the '+' sign on the top right corner to add content to the dashboard.
  8. Select Performance Analytics > Time Series.
  9. Add the newly created widget to the dashboard.

Note that the first and the last bar are not displayed in the chart.

Performance Analytics


Dashboard fails to persist default values when the URL is lengthy Due to payload size, users are unable to persist the user default value for interactive filters.

Performance Analytics


The score migration process fails on the scores table If a scores table contains over three billion scores, the migration process does not complete successfully.
  1. Generate 3 billion scores.
  2. Run the PA migration process.

The migration does not complete successfully.

Performance Analytics


Time series applied on a formula indicator displays the formula column with the configured precision Formula calculation takes the value without considering the precision on the automated indicator. On the formula, the Score tab displays the scores for the formula with the precision set on those indicators, but the result is actually based on the actual values.

The formula is no longer displayed on the Score tab if a time series is applied on the indicator.

Performance Analytics Application


Migration runs slow on large pa_scores tables
  1. Create a scores table with ~100M scores using the data generator.
  2. Run migration.

Expected behavior: Migration is finished within 2.5-3 hours.

Actual behavior: Migration was running more than 4 hours.



Importing XML can cause some records to lose attachments After importing XML, some records may lose their attachments. This issue occurs because importing XML updates does not follow the table locator. For example, if attachments are stored on a SQL Gateway, and an update set contains new attachments to be imported, those attachments are written to the primary database instead.
  1. Set up an instance with SQL Gateway.
  2. Move sys_attachment (including sys_attachment_doc) to the SQL Gateway.
  3. Hot swap so that the instance now reads and writes attachments to the Gateway.
  4. Export a task or Service Catalog record that contains attachments from another instance.
  5. Import the task or record to the instance with the Gateway.

The new attachments are missing because they are written to the primary database instead of the Gateway.



Dashboards do not load when the dashboard has a group with special characters
  1. Create a dashboard.
  2. Create a dashboard group with special characters.
  3. Open the dashboard.

You will see the error: "The entity name must immediately follow the '&' in the entity reference."




Accessing a public report of the type list deletes the default record of the report table from sys_ui_list, causing the default list for a table to revert to its system-generated version Accessing the results of a public report from the type list causes the default record from the sys_ui_list table to be deleted. Any list layout configured by the administrator is lost. In addition, a record is created by the guest user on the sys_ui_list table with an empty View field.

Risk Management


Risk SLEs and ALEs currency should be always consistent Risk calculation does not work if the instance default currency is different from the default USD.




Users without the snc_internal role are unable to Export PDF, Excel, and CSV files on Customer Service Management In Customer Service Management, users who do not have the snc_internal role are unable to Export PDF, Excel, and CSV files.
  1. Create a new user with the snc_external role.
  2. Navigate to /csm.
  3. Go to the Support tab.
  4. Click Orders.
  5. Navigate to the context menu icon in the top left corner of the Orders table and choose Export to Excel.

The message "You are not authorized" is displayed.

Service Mapping



Load balancer discovery not setting status of non-existent services, pools, and the like to Absent When discovering load balancers, previous related data and their relationships are deleted if they are not found by the most recent discovery. If data is not found again, Discovery should the status as Absent in the CMDB instead of deleting it.
  1. Discover a load balancer that is configured with some number of services, pools, pool members, VLANs, or interfaces. For more information, see Data collected by Discovery on load balancers.
  2. Perform either of these operations to modify the data:
    • Update the load balancer itself and then rediscover it.
    • Remove data from the applicable exploration probe's previous payload (for example, 'SNMP - F5 BIG-IP - System') and then rerun the appropriate sensor.

Instead of marking the missing data as Absent and retaining its relationships, note that the previously discovered load balancer services not in the current payload have been deleted from the CMDB, along with all of its relationships (for example, to the parent load balancer).

Service Mapping


Service Mapping issue with additional prompt Many of the UNIX servers are sending one or two consecutive prompts when trying to log in using SSH. The Service Mapping SSH engine is unable to address consecutive prompts. As a result, all Service Mapping attempts to discover applications on those servers fail.

Survey Management


ServicePortalSurvey processor needs to have a 'public' role assigned to it Unauthenticated users are not able to submit the survey and receive an error message.

System Applications



Setting glide.ui.escape_text property to false, displays the message 'The entity name must immediately follow the '&' in the entity reference.' on applications page Setting glide.ui.escape_text property to false, displays the message 'The entity name must immediately follow the '&' in the entity reference.' on applications page
  1. Navigate to sys_properties.list.
  2. Set the glide.ui.escape_text property to false.
  3. Navigate to System Applications > Applications from the left navigation pane.

Notice that the message is displayed on the page: "The entity name must immediately follow the '&' in the entity reference."

UI Components


Remove com.glide.k15_demo and com.glide.service-portal.k16 plugins

UI Components


Retina icons may be cached even though the file content changes after upgrading from Helsinki to Istanbul After an upgrade from Helsinki to Istanbul, the browser may continue to use previously cached icons instead of downloading new ones. This causes items in the UI to display the wrong icon.

Usage Analytics


Error messages "UA: Could not find app attrs for app" These errors appear while doing inserts, updates, or deletes on tables that begin with the prefix u_.

Usage Analytics


Compliance report 'Application Use Without a Purchased Subscription' shows no data or incorrect data Navigating to 'Compliance Overview' and the third report 'Application Use Without a Purchased Subscription' shows no data or incomplete data/count.

Vendor Management


Get Stock Quote UI action in Vendor Performance returns 'N/A' for stock_price

The Yahoo Finance API was discontinued by Yahoo, and the UI action Get Stock Quote does not return the stock price. Instead, ’N/A’ is displayed in the ‘stock_price' field.

The fix for this PRB deactivates the Get Stock Quote UI action, which will leave the 'stock_price' field blank.

Other Istanbul Patch 11 information

Explicit roles
  • Content Management System site access is also affected. CMS is set up with Sites (content_site), Pages (content_page), and other resources. Some of the sites may have the Login page configured.
    • If CMS sites do not have the Login page configured, the public role is automatically added to the Read Roles field on Pages (content_page) if the field is empty.
    • If CMS sites have the Login page configured, the snc_internal role is automatically added to the Read Roles field on Pages (content_page) if the field is empty.
  • Effective with Istanbul Patch 11: For all existing Processor [sys_processor] records or newly created Processor [sys_processor] records with Type=script, the snc_internal role is automatically added to the Roles field if the field is empty.

Fixes included with Istanbul Patch 11

* Unless any exceptions are noted, you can safely upgrade to this release version from any of the versions listed below. These prior versions contain PRB fixes that are also included with this release. Be sure to upgrade to the latest listed patch that includes all of the PRB fixes you are interested in.

Updates to site content will be made starting around 4am on January 17th (Pacific Time) and lasting approximately 6 hours.  This site may be intermittently unavailable.