Skip to main content

Flowable 3.11.x Release Notes

Initial release 3.11.0, December 16, 2021


Due to a security vulnerability in the logging dependency, customers using the out-of-the-box WAR artifacts or Docker images for Design/Control/Work/Engage are advised to upgrade to version 3.11.1. See the dedicated page around the Log4Shell vulnerability for the latest information.


The Flowable product comprises:

  • Flowable Work, a process and case management platform with an out-of-the-box user interface.
  • Flowable Engage, built on top of Flowable Work, adding conversations and external connectivity to WeChat, Whatsapp and others.
  • Flowable Design, a modeling environment to create BPMN, CMMN, DMN, Form and other model types that run in Platform/Work/Engage.
  • Flowable Control, an administration tool that can be used to manage the Flowable Platform / Work / Engage environments.
  • Flowable Inspect, a debugging and test component that can be used with Flowable Work and Engage.

These products are built on top of the Flowable Open Source project which can be found at Github.


The Flowable Open Source project also has extensive documentation available which can be found at


Flowable Work

  • Added support for nested data objects to the data object feature that was added in the 3.10 release. This enables the option to map a collection or a single nested JSON object in a REST response to a nested data object. Also when using the relational database for the storage of the data objects it's now possible to define relationships with other data objects.

  • A create form can now be defined for a data object table form component to make it possible to create new data objects directly from the data table.

  • Added support for local dates (without time) in data objects.

  • Added support for housekeeping in Flowable Work. With the flowable.enable-history-cleaning property the history cleaning can be enabled. With the flowable.history-cleaning-after property the number of days after which a completed case or process instance needs to be deleted and with flowable.history-cleaning-cycle a time cycle can be defined when the cleaning job should run, like every day at 1 am with this value '0 0 1 * * ?'. The housekeeping is done using the Flowable batch service, which deletes the instances that are older than the configured days in batches of 100 instances by default. For each instance, all the directly related data like tasks, variables, content items, actions etc will be deleted.

  • Improved support for form validations with a new validation panel component that shows an overview of the current validation error messages. In addition, for a tab component a validation error icon is shown when the form fields within the tab have validation errors.

  • When a case or process instance is started or a task is completed, the Work UI will now navigate to an open task which has the current logged-in user as the assignee or as a candidate. This can be disabled with the disableGoToNextTask FE feature flag.

  • Added support for a business status for case and process instances. A list of possible business status values can be defined in the case / process model and when the case / process status edit permission is available for the current user, a dropdown of possible business status values is shown in the case / process header.

  • Added support for a sequence generator. This makes it easy to configure and use a sequence for a case or process variable or expression.

  • The open tasks tab in the case and process instance view will get refreshed 3 times to show new tasks that are created asynchronously.

  • Added a new filter in the work app that shows the work instances (case / process instances). The new filter shows the work instances that have the current logged-in user as the assignee and is labeled 'For me'. The old 'For me' filter is changed to 'Created by me' filter to better reflect that it shows the work instances that are created by the current logged-in user.

  • Added support for running Flowable Work without Elasticsearch. To do this, set the property flowable.indexing.enabled to false. The work instance and task lists are queried from the relational database instead of from Elasticsearch in this case. There are limitations when running Work without Elasticsearch:

    • Reporting is not supported (this uses Elasticsearch queries).
    • The platform-api/search REST services are not supported as they require Elasticsearch.
    • Conversations and messages (Flowable Engage) are not supported.
  • Added support for retrieving folder contents with a folder path via REST. For example, platform-api/folder-tree-items/Top/Work returns the content items of the Work folder.

  • Added support for tenant detection in the E-Mail inbound channel. Supported options are:

    • Fixed value
    • Subject tenant pattern - A Regex pattern containing the tenant in a group
    • Delegate expression resolving to an InboundEventTenantDetector
  • Added two new FE functions to work with HTML and scripting content in forms:

    • flw.sanitizeHtml(dirtyHtml) for sanitizing from XSS attacks any HTML string.
    • flw.escapeHtml(html) for escaping any HTML to print it instead of rendering it on the DOM
  • When an outcome button is clicked the case view navigation items are refreshed to make sure that new tasks / pages are shown.

  • When a case instance for which the current user does not have permissions is accessed in the case view, an "access denied" message is shown now.

  • The Contacts section will use the PlatformIdmIdentityService when using LDAP or when ElasticSearch is not available.

  • Added support for MariaDB.

  • Fixed an issue where the data object select field with a search parameter didn't refresh on form payload changes.

  • Fixed an issue where the case view was showing a completed task in editable instead of readonly mode.

  • Fixed an issue where a form has silently failing REST requests when the user session has expired. Now a message will be shown that the session has expired and can be refreshed.

  • Fixed an issue where the user in the list was not shown after deactivating the user in the contacts app.

  • Fixed an issue with retrieving content items that are being stored as a serializable variable type.

  • Fixed an issue with an ignored panel still changing the payload of a form.

  • Fixed an issue where the add button of a multi sub form was not working.

  • Fixed an issue with a data table breaking the layout when changing the column size.

  • Fixed an issue where multiple document definition and form model requests were done for attachment fields with content model support enabled.

  • Fixed an issue where the specific document delete permission was not checked when deleting a content item. Only the case / process / task edit permission was checked at that point.

  • Fixed an issue with Kafka channel listeners were started too early in the lifecycle when starting the Flowable Work application.

  • Log4j version upgraded to 2.16.0 because of the found exploits in earlier versions.

Flowable Engage

  • Added support for message deletion notifications from WhatsApp.

  • Added support for controlling the default icons for document attachments, voice, video, reply message for the external system adapters. By default, based on the adapter type Engage will display the actions that are supported in those conversations. This can be further configured (disabled / enabled) with one of the following properties:

    • WhatsApp:
      • flowable.external-system.whatsapp.enabled-send-message-types.image
      • flowable.external-system.whatsapp.enabled-send-message-types.voice
      • flowable.external-system.whatsapp.enabled-send-message-types.document
      • flowable.external-system.whatsapp.enabled-send-message-types.reply
    • WeChat:
      • flowable.external-system.wechat.enabled-send-message-types.image
    • LINE:
      • flowable.external-system.line.enabled-send-message-types.image
  • Added support for MariaDB.

  • Log4j version upgraded to 2.16.0 because of the found exploits in earlier versions.

Flowable Design

  • Added support for nested data objects in the data object editor.

  • Added support for a 'Create sequence' task to make it easy to add a sequence to a case or process model.

  • A new sequence definition model type is added to support the definition of the sequence generator with for example, minimal number of digits, prefix and suffix etc.

  • Added support for a housekeeping task that makes it possible to trigger history cleanup from a process model. With a timer start event, a custom housekeeping job can be scheduled for when the process model and housekeeping task need to be executed.

  • Added support for definition a business status value on a case / process model and defining a list of possible business status values with optional translations.

  • A new validation panel component has been added in the form editor. The validation panel will show the current validation error messages of the form.

  • The user and group dropdown values are now tenant aware in a multi tenant Design environment. Only the users and groups of the current tenant are now shown.

  • The translation support for the labels of the Data Table columns, the Text for the Static Datasource for the Select, List and Radio Button has been improved. It is now possible to have a translation key only for the label / text without the need to copy the entire Data Table Columns. See the upgrade information for more details about existing models using translations for these components / properties.

  • Added support for MariaDB.

  • Log4j version upgraded to 2.16.0 because of the found exploits in earlier versions.

Flowable Control

  • Support has been added for the new housekeeping feature of Flowable Work. In the housekeeping section in the navigation menu an overview is provided of the history cleaning runs that been performed and information is provided about the success of each batch part. It's also possible to start a new manual history cleaning batch with a chosen query configuration.

  • Tasks, jobs, event subscriptions are now shown in the scope of the engine, BPMN or CMMN. For example, in the CMMN engine section only CMMN human tasks and standalone tasks are included in the search results.

  • Added support for MariaDB.

  • Log4j version upgraded to 2.16.0 because of the found exploits in earlier versions.

Flowable Inspect

  • Using Flowable Inspect is now decoupled from the need to create a test definition. For any case and process instance in a given state Flowable Inspect can be used and for example a breakpoint can be added to the case / process definition to enable debugging.

Upgrade information

  • In Flowable Engage, support for message deletion from WhatsApp has been added and is enabled by default. To keep the old behaviour, i.e. send only a template message to the internal user, then the following property needs to be set flowable.external-system.whatsapp.enable-message-deletion=false

  • The dependency on the Elasticsearch RestHighLevelClient has been removed. In case it's needed, the dependency needs to be added in the project dependencies. In addition to that the BulkIndexRequestInterceptor no longer uses methods from the Rest High Level Client and implementations of this class need to be adjusted accordingly. The BulkResponse has been replaced with com.flowable.indexing.ElasticsearchBulkResponse and the com.flowable.indexing.job.impl.BulkRequestItem has been replaced with com.flowable.indexing.BulkRequestItem.

  • PlatformFolderItemService has been deprecated and its public methods have been moved to PlatformContentItemService. When PlatformFolderItemService is used, it's advised to switch to the PlatformContentItemService methods instead.

  • In Flowable Design the way translations are stored for the text in static data source items, the label in data table columns and the errorMsg for the custom validation have been changed. A Form / Page Model that is using translations for these elements needs to be migrated to the new structure before being able to change those forms. When a Form / Page is published then the generated runtime JSON will be created based on an automatically migrated version of the model. The migration will only move the text for static data source items, the label for the data table and the error message for the custom validation from the configured secondary languages.

Database changes

  • A new table FLW_SEQUENCE_DEFINITION has been added to support the deployment of the new sequence definition model type for enabling sequence generators in a case / process instance.

  • A new BUSINESSSTATUS column has been added to the ACT_RU_EXECUTION and ACT_HI_PROCINST tables to support the new business status feature on process instances.

  • A new BUSINESSSTATUS column has been added to the ACT_CMMN_RU_CASE_INST and ACT_CMMN_HI_CASE_INST tables to support the new business status feature on case instances.

  • In Design the tags_json column type in the ACT_DE_MODEL_HISTORY table is changed to a blob for all databases except for MySQL and MariaDB because there it was already done in the 3.9 release.

Spring Boot

  • Base Spring Boot version should be upgraded to at least 2.6.1

Open Source Artifacts Dependency Compatibility

Releases of Flowable Design, Work and Engage use versions of the open source Flowable dependencies that have not yet been published publicly on the Maven Central repository. These 'bugfix releases' can be retrieved by customers using the customer Flowable Maven repository credentials.

These versions contain fixes and have been QA'ed with the 3.11.0 release. It's advised to upgrade your open source dependendencies to the 'compatible' version mentioned below (and mentioned in the subsequent Service Packs section)

Open source dependency version:


Contains log4j version 2.17.0, which fixes a second security vulnerability. See the dedicated page around the Log4Shell vulnerability for more information

Open source dependency version: