Issue
Note: This is an error in SharePoint itself and this will also impact your SharePoint Designer workflows.
Resolution
Process overview:
1. Refer to the following link to access the two PowerShell scripts: Add-CodeDomAuthorizedType on GitHub
2. Modify both PowerShell scripts to add -IncludeNintexWorkflow where the function is called (near the end of each script). For example:
Add-CodeDomAuthorizedType.ps1: Add-CodeDomAuthorizedType -Verbose -IncludeNintexWorkflow
Add-CodeDomAuthorizedTypeToOWSTimerConfig.ps1: Add-CodeDomAuthorizedTypeToOWSTimerConfig -ComputerName $serverNames -Verbose -IncludeNintexWorkflow
3. Run each script as an Administrator. You can do this in PowerShell, PowerShell ISE or SharePoint Management Shell.
4. Test your workflows.
Note: If you face any issues with the script, please reach out to Microsoft Support.
Error Code
Additional Information
This issue can also occur following SharePoint Cumulative Updates (CU) after November 2018; this and subsequent CU's attempt to counter this issue by adding authorizedtype entries in the appropriate files, but in some cases, can result in the CodeTypeReferenceExpression authorizedtype entry to be removed, surfacing the issue again. The above solution would need to be applied again.
Add-CodeDomAuthorizedType.ps1 and Add-CodeDomAuthorizedTypeToOWSTimerConfig.ps1 add the authorizedtype entries to the web.config and OWSTimer.exe.config files across your farm respectively.
In rare cases, running the following has been necessary in applying the solution successfully:
$webapp = Get-SPWebApplication -identity http://<web app name>
$webapp.UpdateWorkflowConfigurationSettings()
For SharePoint 2010 Farms: Relevant entries will be included in the scripts in addition to the CodeDom authorizedtype entries. Please note that these scripts have been updated over time and may include entries that were not included before.
Related Links
Microsoft Blog Post: https://blogs.msdn.microsoft.com/rodneyviana/2018/09/13/after-installing-net-security-patches-to-address-cve-2018-8421-sharepoint-workflows-stop-working/
Microsoft Knowledge Base Article: https://support.microsoft.com/en-us/help/4465015/sharepoint-workflows-stop-after-cve-2018-8421-security-update