Xanadu Patch 11

Xanadu Patch 11 was released on December 11, 2025.

Build date: 12-07-2025_2348
Build tag: glide-xanadu-07-02-2024__patch11-11-27-2025

Important:

For more information about how to upgrade an instance, see ServiceNow Upgrades.

For more information about the release cycle, see the ServiceNow Release Cycle.

Note:

This ServiceNow AI Platform major family release is now available in ServiceNow's Regulated Market environments. For more information about services available in isolated environments, see KB0743854.

For a downloadable, sortable version of the fixed problems in this release, click here.

Overview

Xanadu Patch 11 includes 99 problem fixes in various categories. The chart below shows the top 10 problem categories included in this patch.

Fixed issues grouped by problem categories bar chart — Figure 1. Top 10 problem categories

Security-related fixes

Xanadu Patch 11 includes fixes for security-related problems that affected certain ServiceNow® applications and the ServiceNow AI Platform®. We recommend that customers upgrade to this release for the most secure and up-to-date features. For more details on security problems fixed in Xanadu Patch 11, refer to KB2646306.

Changes in Xanadu Patch 11

: The Discovery Sensitive Data Filters [discovery_sensitive_data_filter] table provides a way to help prevent sensitive information from being exposed in the Configuration Management Database (CMDB) by applying redaction rules during data collection.

Notable fixes

The following problems and their fixes are ordered by potential impact to customers, starting with the most significant fixes.


Problem	Short description	Description	Steps to reproduce
Discovery PRB1927941 KB2434137	Discovery patterns failed prematurely, causing Discovery failure	An example is during 'Windows OS - Server' pattern Discovery, running the Cluster pattern library throws consecutive errors, which should be expected, but the pattern engine failed the pattern instead.	Refer to the listed KB article for details.
Flows (Family Channel) PRB1938123	Flows using base instance actions related to the plugin 'Customer Service Spoke' fail after upgrading to Yokohama	The flows in question are base instance actions related to 'Customer Service Spoke': Add Work Note to Task and Add Comment To Task.
Service Portal PRB1839297 KB1925168	A SPEntry page error 'Execute operation on script include 'SPEntryPage'' from scope occurs	Switching the scope and refreshing the page gives the error, 'Execute operation on script include 'SPEntryPage' from scope 'Knowledge Management - Service Portal' was denied'.	Log in to a Xanadu instance. Create the glide.entry. first.page .script system property. Give it the value: new SPEntryPage(). getFirst PageURL(). Make 'Knowledge Management - Service Portal' as the current scope. Refresh the browser page. Notice the error, 'Execute operation on script include 'SPEntryPage' from scope 'Knowledge Management - Service Portal' was denied. The application 'Knowledge Management - Service Portal' must declare a cross scope access privilege. Please contact the application author to update their privilege requests.' Repeat step 2 and step 3 with the scopes 'CI Landing Experience' and 'Conversational Interfaces - Diagnostics'. Notice that the same error message occurs.

All other fixes


Problem	Short description	Description	Steps to reproduce
Analytics Export API PRB1853207	Export traffic should be migrated to K8s by default for commercial environments	When a user without elevated privileges logs in to ServiceNow and exports a dashboard or visualization, the traffic goes to VMs because 'glide.par.export.use.sk8s' is false. Instead, K8s traffic should be enabled by default for commercial environments.
Audit History PRB1938364 KB2531096	Large amount of history (audit) data can lead to node memory contention on node when loading a form	When loading a form for the first time, the node will run out of memory and crash if the history set has to be built to load the Activity Stream and if there's a lot of data to be loaded.	Refer to the listed KB article for details.
Database Persistence - Data Access PRB1923704	Due to an ordering change on Raptor post migration, certificate authentications for API calls may fail and cause '500' errors	When mutual authentication is configured using both protocol profile and system properties, the system property takes precedence. This causes the SSL exchange to utilize the socket factory for client certificate provisioning, bypassing the keystore defined in the protocol profile. Additionally, when mutual authentication is enabled via property configuration, all certificates from the sys_certificate table are loaded. This can lead to intermittent outbound call failures if expired certificates are cached and used for mutual authentication, resulting in HTTP 500 responses.
Database Persistence - Data Scale PRB1959979	Get connections from secondary pool doesn't retry more than once	Retry count is capped because failImmediate is always set to true for secondary pools. This causes some issues with read replica routing.
Discovery PRB1833795 KB1825538	The credential alias doesn't work for applicative credentials	.	Refer to the listed KB article for details.
Flow Engine PRB1958181 KB2606177	Flows are intermittently not triggered after upgrade in a domain separation enabled instance	After upgrading a domain separated instance, some flows are no longer triggered. This is because some of the flow's records are in the domain that the flow was defined in, and other records in a different domain.	Refer to the listed KB article for details.
Incident Management PRB1941995	Problem coordinators can't associate closed incidents to problems in Service Operations Workspace (SOW) (incident end)	Problem coordinators can't associate closed incidents to problems in SOW due to a change in the script include 'related_list_edit_helper' from using GlideRecord to GlideRecordSecure. The MRA in the workspace lists closed incidents for linking, but then ACLs block the writing of the record. This is not the case in UI16, as it uses a different script include.	Impersonate 'Problem Coordinator A'. Open a problem in UI16 and the incident list in another tab. In the incident list, find a closed incident that was last updated by 'system' and open it. Check the 'Related Records' section of the incident form. See that the Problem field is read-only. Return to tab with a problem open. In the 'Incidents' related list of the problem record, select Add. Find and add the previous incident. Navigate back to the tab with the incident open. Notice that the Problem field has updated. Continue impersonating and try to link a closed incident in the SOW.
Integration Hub PRB1943215 KB2605052	ua_ih_usage tracking displays 'unlicensed' when used with new Workflow Data Fabric (WDF) SKUs in Xanadu	WDF bundle entitlement results in 'unlicensed' usages in Xanadu.	Refer to the listed KB article for details.
Language and Translations PRB1910767	The question_choice field is displaying 'um' instead of 'A' for Brazilian Portuguese language	This issue was observed when upgrading to Xanadu.	Navigate to a base Xanadu or Yokohama instance. Install the I18N Brazilian Portuguese Translations plugin. Navigate to sys_translated.LIST. Filter the table as 'question_choice' is value 'a'. Observe in Brazilian Portuguese language Label (translate) is displaying as 'um'.
Lifecycle Events PRB1913012	Creating a case of any journey config doesn't show the Journey number field in the case details	The issue occurs due to changes that modify the form when GenAI is installed. Rather than adding the fields in an if folder, the fields should just be added to the normal form layout in the update folder; if the fields do not exist, they will not show up on the form.
Problem Management PRB1930428	Problem coordinators can't associate closed incidents to problems in Service Operations Workspace (SOW)	Problem coordinators can't associate closed incidents to problems in SOW due to a change in the script include 'related_list_edit_helper' from using GlideRecord to GlideRecordSecure. The MRA in the workspace lists closed incidents for linking, but then ACLs block the writing of the record. This is not the case in UI16, as it uses a different script include.	Impersonate 'Problem Coordinator A'. Open a problem in UI16 and the incident list in another tab. In the incident list, find a closed incident that was last updated by 'system' and open it. Check the 'Related Records' section of the incident form. See that the Problem field is read-only. Return to tab with a problem open. In the 'Incidents' related list of the problem record, select Add. Find and add the previous incident. Navigate back to the tab with the incident open. Notice that the Problem field has updated. Continue impersonating and try to link a closed incident in the SOW.
Procurement PRB1962139 KB2625821	Enable stockroom receiving for assets which are part of PO	The script include POReceiveManager is essential for receiving Purchase Orders (PO), but in pre-Zurich releases, it's restricted to global scope. Due to this limitation, assets associated with a PO cannot be received using the Stockroom Receiving feature. When attempting to receive assets, the following error is displayed: 'Unable to receive the asset. Use the Procurement module or update to the Zurich release or later to continue.'	On a Xanadu or Yokohama instance, provision an instance with the following applications installed: Hardware Asset Management 13.0 Asset Management Common 13.0 Create a PO for a hardware model. Import the assets using ASN. Attempt to receive the assets using one of the following UI actions on the stockroom form: Receive assets Import assets Expected behavior: Assets are received successfully. Actual behavior: The error message appears, and the asset cannot be received.
Versatile Node and Cluster Configuration PRB1946310	Jobs don't always resume on AHA v3	When transferring to AHA 2.0, the job restarts.	Create an on-demand job that runs for at least 5 minutes. Start the job. Initiate an AHA 2.0 transfer. Notice that after the transfer completes, the on-demand job automatically restarts.
Virtual Agent PRB1890944 KB2338484	Large /api/now/v1/cs/ consumerAccount /unreadMessage calls from Proactive Trigger exhausts instance API resources	Some users on Portal have over 1 million of /api/now/v1/cs/ consumerAccount /unreadMessage call observers in the node logs. This causes an issue as it exhausts the API rate limit and prevents people from submitting forms on the portal and other issues. The API call is constantly sent out even when the session is timed out.	Refer to the listed KB article for details.
Visual Task Boards PRB1955767	vtb_card and vtb_task ACLs cause performance issues if either table is used in a related list	A user created a related list on an incident form that queries vtb_task table. After an upgrade, they started seeing performance issues when viewing incident records and automated database alerts were generated.

Fixes included

Unless any exceptions are noted, you can safely upgrade to this release version from any of the versions listed below. These prior versions contain PRB fixes that are also included with this release. Be sure to upgrade to the latest listed patch that includes all of the PRB fixes you are interested in.