PI Web API 2023 SP2 release notes

Save PDF

Last UpdatedMay 27, 2026
5 minute read

PI Web API is a RESTful service in the Developer Technologies suite, designed to provide cross-platform web and mobile programmatic interfaces to the PI System. The PI Web API presently contains basic functionality needed to retrieve and manipulate time series data from the PI Data Archive, Asset and Event Frame data from the PI Asset Framework, and to index and search on objects within the PI System.

PI Web API 2023 SP2 (Version 1.20.0.2008), released June 2026, is a feature release that addresses bug fixes and includes minor enhancements.

For more information on product features and functions, such as system requirements, upgrade, and installation instructions, refer to PI Web API.

The latest information about the 2023 SP2 release is available on the AVEVA Documentation Portal.

New features and enhancements

The following items were added in this release:

Work Item	Description
4228244	Allow setting "IsIndexed" property in Create and Update AFAttributeTemplate actions.
4298000	Encode illegal characters in OMF messages.

Resolved issues

This section lists items resolved in this release:

Work Item	Description
3890671	PI Web API hangs or crashes when cancelling long-running requests.
4491552	Admin Utility may crash with certain Windows Error Reporting (WER) configurations.
4567227	Expired bearer tokens may be incorrectly cached by PI Web API for up to five minutes.

Known issues

This section lists problems and/or enhancements that have been deferred until a future release:

Work Items	Description
61475	PI Web API silent installation fails if InstallationConfig.json path has spaces.
63862	PI Web API Admin Utility adds CA-signed certificate to local machine Trusted People store.
64081	The OMF feature will not be available after modifying an installation using the control panel and will return 404 not found error. To work around the issue, run the PI Web API Admin Utility after the installation.
64268	If a user is removed from the “PI Web API Admins” group and later runs the installer, that user will not be re-added to the group. Workaround: Add the user manually to the “PI Web APIAdmins” group.
130566	Non-ASCII characters cannot be used in usernames or passwords in Basic Authentication.
192785	Retrieving Digital State values may fail if the Digital Set has been changed.
256431	Changing the EventLogDebugAnalyticCharacterLimit app.config setting stops OMF request/responses from being logged.
258584	PI Web API incorrectly converts string stream values that are formatted as valid ISO8601 timestamps to DateTime format.
268437	OMF Property that is marked as both ‘IsIndex’ or ‘IsName’ and ‘IsQuality’ breaks type.
276901	OMF DATA of type ‘number’ does not emit loss of precision warnings.
3734990	In a Remote Desktop Session to a Windows Server 2016 machine, the PI Web API Admin Utility can become unresponsive upon enumerating available SSL certificates. Workaround: Make the Remote Desktop Session lose focus (for example, click outside the Remote Desktop Connection window), and then restore focus to the PI Web API Admin Utility. No work item has been created to address this issue.
3734992	On a Windows Server Core machine, the PI Web API Admin Utility cannot use “OpenID ConnectAuthentication” option to connect to a claims-enabled AF/DA server with an error “Class notregistered”. Workaround: Use Windows Authentication to connect. The root cause is that no “default web browser” is set up on the Windows Core machine. No work item has been created to address this issue.

Security information and guidance

We are committed to releasing secure products. This section is intended to provide relevant security-related information to guide your installation or upgrade decision.

We proactively disclose aggregate information about the number and severity of security vulnerabilities addressed in each release. The tables below provide an overview of security issues addressed and their relative severity based on standard scoring.

Overview of new vulnerabilities - Fixed or Mitigated

This section is intended to provide relevant security-related information to guide your installation or upgrade decision. AVEVA is proactively disclosing aggregate information about the number and severity of PI Web API security vulnerabilities that are fixed in this release.

For this release of PI Web API, the following vulnerabilities have been fixed or mitigated.

Security vulnerabilities fixed in PI Web API 2023 SP2 v1.20.0 release

Severity Category	CVSS Base Score Range	Number of Fixed Vulnerabilities
Critical	9 - 10	0
High	7.0 - 8.9	0
Medium	4.0 - 6.9	0
Low	0 - 3.9	0

Security vulnerabilities fixed in PI AF Client 2024 R2 release

Related to this release of PI Web API, no vulnerabilities have been fixed in PI AF Client 2024 R2.

Severity Category	CVSS Base Score Range	Number of Fixed Vulnerabilities
Critical	9 - 10	0
High	7.0 - 8.9	0
Medium	4.0 - 6.9	0
Low	0 - 3.9	0

Vulnerability mitigations in PI Web API 2023 SP2 v1.20.0 release

Component	Version	CVE or Reference	CVSS	Mitigation
RazorEngine	3.10.0	CVE-2021-46703	7.4	The PI Web API does not use the IsolatedRazorEngineService or allow users to externally control the contents of Razor templates.
SQLite	3.43.0	CVE-2023-7104	7.4	SQLite is vulnerable to an out-of-bounds memory access issue due to a lack of sufficient input validation in the sessionReadRecord() function. This vulnerability does not apply to PI Web API as the interdependency using SQLite does not utilize the session extension capability.
SQLite	3.43.0	CVE-2024-0232	6.3	SQLite contains a heap use-after-free vulnerability due to mishandling of certain input. A local attacker could exploit this by convincing a victim into interacting with supplied malicious input, potentially leading to serious impacts to application confidentiality, integrity, and availability due to the corruption of memory. This vulnerability does not apply to PI Web API as the interdependency using SQLite does not have JSON parsing capability.
System.Text.Json	6.0.0	CVE-2024-43485	7.5	.NET Runtime is vulnerable to denial-of-service (DoS) due to improper management of algorithmically complex deserialization operations in the System.Text.Json module. This vulnerability does not apply to PI Web API as the interdependency using the affected version of System.Text.Json does not utilize the vulnerable functionality.

Additional references

The following list provides supporting PI Web API documentation, including programmer reference information and free resources for programming and integration.

PI Web API 2023 SP2 Programmer Reference

This reference is included in the product. It is an online API reference meant for developers who wish to program against the services provided in the product. It is accessible as HTML from https://servername/piwebapi/help, where servername is the hostname of the server on which this product has been installed.
PI Web API 2023 SP2 User Guide

The user guide provides information relevant to the configuration, settings, and administration of the product, and contains steps and helpful information for resolving problems with the product.
PI Square and PI Developers Club

The PI Square Community has free resources to help you with the programming and integration of our products. Additional benefits are available on a paid subscription basis to members of PI Developers Club.

Additional information about the PI Developer Platform, PI Server, PI Asset Framework, and other topics of interest can be found in respective books available on Customer Support.

Distribution kits

The installer is released as a self-extracting distribution kit containing:

Installation files for PI AF Client 2024 R2, which includes the AF Client installer, and installers for its prerequisites
- Microsoft Visual C++ 2022 Redistributable (x86 and x64) 14.42.34438
- PI Buffer Subsystem 4.9.0.37
- PI AF Client 2024 R2 3.1.1.1182
The PI Web API Windows Installer Database (MSI) file signed by AVEVA.

PI Web API