Skip to main content

Flowable 3.11.x Release Notes

Initial release 3.11.0, December 16, 2021

Important

Due to a potential RCE (Remote Code Execution) security exploit in the Spring framework, customers using the out-of-the-box WAR artifacts for Design/Control/Work/Engage are urgently advised to upgrade to version 3.11.5 immediately. See the dedicated page around this vulnerability for the latest information.

Introduction

The Flowable product comprises:

  • Flowable Work, a process and case management platform with an out-of-the-box user interface.
  • Flowable Engage, built on top of Flowable Work, adding conversations and external connectivity to WeChat, Whatsapp and others.
  • Flowable Design, a modeling environment to create BPMN, CMMN, DMN, Form and other model types that run in Platform/Work/Engage.
  • Flowable Control, an administration tool that can be used to manage the Flowable Platform / Work / Engage environments.
  • Flowable Inspect, a debugging and test component that can be used with Flowable Work and Engage.

These products are built on top of the Flowable Open Source project which can be found at Github.

Documentation

The Flowable Open Source project also has extensive documentation available which can be found at https://www.flowable.com/open-source/docs/oss-introduction.

Highlights

Flowable Work

  • Added support for nested data objects to the data object feature that was added in the 3.10 release. This enables the option to map a collection or a single nested JSON object in a REST response to a nested data object. Also when using the relational database for the storage of the data objects it's now possible to define relationships with other data objects.

  • A create form can now be defined for a data object table form component to make it possible to create new data objects directly from the data table.

  • Added support for local dates (without time) in data objects.

  • Added support for housekeeping in Flowable Work. With the flowable.enable-history-cleaning property the history cleaning can be enabled. With the flowable.history-cleaning-after property the number of days after which a completed case or process instance needs to be deleted and with flowable.history-cleaning-cycle a time cycle can be defined when the cleaning job should run, like every day at 1 am with this value '0 0 1 * * ?'. The housekeeping is done using the Flowable batch service, which deletes the instances that are older than the configured days in batches of 100 instances by default. For each instance, all the directly related data like tasks, variables, content items, actions etc will be deleted.

  • Improved support for form validations with a new validation panel component that shows an overview of the current validation error messages. In addition, for a tab component a validation error icon is shown when the form fields within the tab have validation errors.

  • When a case or process instance is started or a task is completed, the Work UI will now navigate to an open task which has the current logged-in user as the assignee or as a candidate. This can be disabled with the disableGoToNextTask FE feature flag.

  • Added support for a business status for case and process instances. A list of possible business status values can be defined in the case / process model and when the case / process status edit permission is available for the current user, a dropdown of possible business status values is shown in the case / process header.

  • Added support for a sequence generator. This makes it easy to configure and use a sequence for a case or process variable or expression.

  • The open tasks tab in the case and process instance view will get refreshed 3 times to show new tasks that are created asynchronously.

  • Added a new filter in the work app that shows the work instances (case / process instances). The new filter shows the work instances that have the current logged-in user as the assignee and is labeled 'For me'. The old 'For me' filter is changed to 'Created by me' filter to better reflect that it shows the work instances that are created by the current logged-in user.

  • Added support for running Flowable Work without Elasticsearch. To do this, set the property flowable.indexing.enabled to false. The work instance and task lists are queried from the relational database instead of from Elasticsearch in this case. There are limitations when running Work without Elasticsearch:

    • Reporting is not supported (this uses Elasticsearch queries).
    • The platform-api/search REST services are not supported as they require Elasticsearch.
    • Conversations and messages (Flowable Engage) are not supported.
  • Added support for retrieving folder contents with a folder path via REST. For example, platform-api/folder-tree-items/Top/Work returns the content items of the Work folder.

  • Added support for tenant detection in the E-Mail inbound channel. Supported options are:

    • Fixed value
    • Subject tenant pattern - A Regex pattern containing the tenant in a group
    • Delegate expression resolving to an InboundEventTenantDetector
  • Added two new FE functions to work with HTML and scripting content in forms:

    • flw.sanitizeHtml(dirtyHtml) for sanitizing from XSS attacks any HTML string.
    • flw.escapeHtml(html) for escaping any HTML to print it instead of rendering it on the DOM
  • When an outcome button is clicked the case view navigation items are refreshed to make sure that new tasks / pages are shown.

  • When a case instance for which the current user does not have permissions is accessed in the case view, an "access denied" message is shown now.

  • The Contacts section will use the PlatformIdmIdentityService when using LDAP or when ElasticSearch is not available.

  • Added support for MariaDB.

  • Fixed an issue where the data object select field with a search parameter didn't refresh on form payload changes.

  • Fixed an issue where the case view was showing a completed task in editable instead of readonly mode.

  • Fixed an issue where a form has silently failing REST requests when the user session has expired. Now a message will be shown that the session has expired and can be refreshed.

  • Fixed an issue where the user in the list was not shown after deactivating the user in the contacts app.

  • Fixed an issue with retrieving content items that are being stored as a serializable variable type.

  • Fixed an issue with an ignored panel still changing the payload of a form.

  • Fixed an issue where the add button of a multi sub form was not working.

  • Fixed an issue with a data table breaking the layout when changing the column size.

  • Fixed an issue where multiple document definition and form model requests were done for attachment fields with content model support enabled.

  • Fixed an issue where the specific document delete permission was not checked when deleting a content item. Only the case / process / task edit permission was checked at that point.

  • Fixed an issue with Kafka channel listeners were started too early in the lifecycle when starting the Flowable Work application.

  • Log4j version upgraded to 2.16.0 because of the found exploits in earlier versions.

Flowable Engage

  • Added support for message deletion notifications from WhatsApp.

  • Added support for controlling the default icons for document attachments, voice, video, reply message for the external system adapters. By default, based on the adapter type Engage will display the actions that are supported in those conversations. This can be further configured (disabled / enabled) with one of the following properties:

    • WhatsApp:
      • flowable.external-system.whatsapp.enabled-send-message-types.image
      • flowable.external-system.whatsapp.enabled-send-message-types.video
      • flowable.external-system.whatsapp.enabled-send-message-types.voice
      • flowable.external-system.whatsapp.enabled-send-message-types.document
      • flowable.external-system.whatsapp.enabled-send-message-types.reply
    • WeChat:
      • flowable.external-system.wechat.enabled-send-message-types.image
    • LINE:
      • flowable.external-system.line.enabled-send-message-types.image
  • Added support for MariaDB.

  • Log4j version upgraded to 2.16.0 because of the found exploits in earlier versions.

Flowable Design

  • Added support for nested data objects in the data object editor.

  • Added support for a 'Create sequence' task to make it easy to add a sequence to a case or process model.

  • A new sequence definition model type is added to support the definition of the sequence generator with for example, minimal number of digits, prefix and suffix etc.

  • Added support for a housekeeping task that makes it possible to trigger history cleanup from a process model. With a timer start event, a custom housekeeping job can be scheduled for when the process model and housekeeping task need to be executed.

  • Added support for definition a business status value on a case / process model and defining a list of possible business status values with optional translations.

  • A new validation panel component has been added in the form editor. The validation panel will show the current validation error messages of the form.

  • The user and group dropdown values are now tenant aware in a multi tenant Design environment. Only the users and groups of the current tenant are now shown.

  • The translation support for the labels of the Data Table columns, the Text for the Static Datasource for the Select, List and Radio Button has been improved. It is now possible to have a translation key only for the label / text without the need to copy the entire Data Table Columns. See the upgrade information for more details about existing models using translations for these components / properties.

  • Added support for MariaDB.

  • Log4j version upgraded to 2.16.0 because of the found exploits in earlier versions.

Flowable Control

  • Support has been added for the new housekeeping feature of Flowable Work. In the housekeeping section in the navigation menu an overview is provided of the history cleaning runs that been performed and information is provided about the success of each batch part. It's also possible to start a new manual history cleaning batch with a chosen query configuration.

  • Tasks, jobs, event subscriptions are now shown in the scope of the engine, BPMN or CMMN. For example, in the CMMN engine section only CMMN human tasks and standalone tasks are included in the search results.

  • Added support for MariaDB.

  • Log4j version upgraded to 2.16.0 because of the found exploits in earlier versions.

Flowable Inspect

  • Using Flowable Inspect is now decoupled from the need to create a test definition. For any case and process instance in a given state Flowable Inspect can be used and for example a breakpoint can be added to the case / process definition to enable debugging.

Upgrade information

  • In Flowable Engage, support for message deletion from WhatsApp has been added and is enabled by default. To keep the old behaviour, i.e. send only a template message to the internal user, then the following property needs to be set flowable.external-system.whatsapp.enable-message-deletion=false

  • The dependency on the Elasticsearch RestHighLevelClient has been removed. In case it's needed, the dependency needs to be added in the project dependencies. In addition to that the BulkIndexRequestInterceptor no longer uses methods from the Rest High Level Client and implementations of this class need to be adjusted accordingly. The BulkResponse has been replaced with com.flowable.indexing.ElasticsearchBulkResponse and the com.flowable.indexing.job.impl.BulkRequestItem has been replaced with com.flowable.indexing.BulkRequestItem.

  • PlatformFolderItemService has been deprecated and its public methods have been moved to PlatformContentItemService. When PlatformFolderItemService is used, it's advised to switch to the PlatformContentItemService methods instead.

  • In Flowable Design the way translations are stored for the text in static data source items, the label in data table columns and the errorMsg for the custom validation have been changed. A Form / Page Model that is using translations for these elements needs to be migrated to the new structure before being able to change those forms. When a Form / Page is published then the generated runtime JSON will be created based on an automatically migrated version of the model. The migration will only move the text for static data source items, the label for the data table and the error message for the custom validation from the configured secondary languages.

Database changes

  • A new table FLW_SEQUENCE_DEFINITION has been added to support the deployment of the new sequence definition model type for enabling sequence generators in a case / process instance.

  • A new BUSINESSSTATUS column has been added to the ACT_RU_EXECUTION and ACT_HI_PROCINST tables to support the new business status feature on process instances.

  • A new BUSINESSSTATUS column has been added to the ACT_CMMN_RU_CASE_INST and ACT_CMMN_HI_CASE_INST tables to support the new business status feature on case instances.

  • In Design the tags_json column type in the ACT_DE_MODEL_HISTORY table is changed to a blob for all databases except for MySQL and MariaDB because there it was already done in the 3.9 release.

Spring Boot

  • Base Spring Boot version should be upgraded to at least 2.6.1 up to the latest 2.6 version

React

  • The React version should be upgraded to at least 16 up to the latest 17 version

Open Source Artifacts Dependency Compatibility

Releases of Flowable Design, Work and Engage use versions of the open source Flowable dependencies that have not yet been published publicly on the Maven Central repository. These 'bugfix releases' can be retrieved by customers using the customer Flowable Maven repository credentials.

These versions contain fixes and have been QA'ed with the 3.11.0 release. It's advised to upgrade your open source dependencies to the 'compatible' version mentioned below (and mentioned in the subsequent Service Packs section)

Open source dependency version: 6.7.1.6

Service Packs

3.11.1

Contains log4j version 2.17.0, which fixes a second security vulnerability. See the dedicated page around the Log4Shell vulnerability for more information

Open source dependency version: 6.7.1.6

3.11.2

  • Added interceptor interface (ControlInterceptor) to Flowable Control that can be used to implement audit logic for changes made through Control such as updating a variable value or doing a new deployment.

  • Added onEvent functionality to the form engine which can be used for adding specific logic to the form handling, more information is available here https://documentation.flowable.com/latest/forms/basic-events

  • Added support for 2 new history levels in the BPMN engine with "instance" and "task". Instance history level only stores the process instance entry in the historic process instance table. The task level adds the user tasks to the historic tables. So no activity, variable or other information will be stored, by default, in the historic tables.

  • Added support for defining a case definition specific history level in Flowable Design and Platform.

  • Added support for 2 new history levels in the CMMN engine with "instance" and "task". Instance history level only stores the case instance entry in the historic case instance table. The task level adds the human tasks to the historic tables. So no plan item instance, variable or other information will be stored, by default, in the historic tables.

  • Added support for defining which activity elements in a BPMN and CMMN definition should be included in the historic tables when using an "instance" or "task" history level.

  • Added support for defining which variables in a BPMN and CMMN definition should be included in the historic tables when using an "instance" or "task" history level.

  • Flowable Control has been changed to query the runtime tables for CMMN and BPMN instances and tasks when querying for active instances.

  • Fixed issue with the output parameter handling of service registry tasks. For service models that are configured with version 3.11.0 or 3.11.1 of Flowable Design and experience the output mapping issue, each output parameter should be edited in Flowable Design and the mapping name value should be removed if it has a value like "output1".

  • Fixed issue where the "items" property for a select field in Flowable Design didn't show a runtime expression option.

  • Fixed issue where condition expression built with the condition builder in the Form editor of Flowable Design where not exported correctly.

  • Fixed issue when switching panel context dynamically and using select fields on the dynamic form.

  • Fixed issue with showing a people component in the custom case view for a completed case instance.

  • Fixed issue where a referential integrity constraint occurred when an identity link was added in the same transaction as completing the task.

  • Fixed issue with missing size configuration for an outcome button in Flowable Design.

  • Added support to upload a deployment to the CMMN engine in Flowable Control.

  • Spring boot has been upgraded to 2.6.2

Open source dependency version: 6.7.1.9

3.11.3

  • Added an interface EventRegistryNonMatchingEventConsumer, that can be implemented and registered on the event registry configuration that will be invoked when there are no matches found with an event subscription in BPMN and CMMN or other event consumers. This accommodates events that are currently ignored when no event consumer matches.

  • Added CSRF support to Flowable Design and Control that is enabled by default. This can be disabled with flowable.modeler.app.rest.csrf.enabled=false for Design and flowable.control.app.rest.csrf.enabled=false for Control

  • Added support for media template messages in Flowable Engage.

  • Added support for expressions in candidate starter users and groups for BPMN and CMMN models.

  • Added support for prefix tables configuration for job statistics information in Flowable Control.

  • Fixed issue with evaluation of expression in Shell tasks.

  • Fixed issue with generic error message being displayed for action bots instead of specific error message.

  • Fixed issue where tooltips for action buttons were not appearing in Flowable Work.

  • Fixed issue with editing variables not being possible in Flowable Control.

  • Fixed issue with identity links for runtime tasks not getting displayed.

  • Fixed issue with error message on a form that is not removed after completing a task and showing another task form.

  • Fixed issue with flw.JSON.stringify for Set collections in frontend expressions.

  • Spring boot has been upgraded to 2.6.3

Open source dependency version: 6.7.1.10

3.11.4

  • Fixed issue where a repeating timer event listener in a case definition leads to multiple timer jobs.

  • Fixed issue with variable sorting in Flowable Control for active case and process instances.

  • Added an improvement to the Elasticsearch indexing logic to make sure that the data is kept in sync with the relational database in highly concurrent environments with a lot of updates within a short timeframe.

  • Fixed issue with wrong job handler type being used when an indexing job fails.

  • Fixed issue when deleting a parent process instance and deleting its child instances from Elasticsearch.

  • Added support in Flowable Control to change the state for stage elements.

  • Fixed issue with terminating a process instance in Flowable Control.

  • Fixed issue with sign out for Flowable Control and Flowable Design.

  • Fixed issue with uploading DMN and event registry deployment in Flowable Control.

  • Fixed issue where the deletion of an historic task was not propagated to the deletion of the task in Elasticsearch.

  • Fixed issue with radio button text alignment.

  • Fixed issue with translations not getting applied for sortable columns of a data table.

    Open source dependency version: 6.7.1.14

3.11.5

  • Upgrade Spring Boot to version 2.6.6 because of the remote execution vulnerability that was disclosed. See the page dedicated to the vulnerability for more information.

  • Fixed issue with repeating variable event listeners in CMMN which are executed only once.

  • Added option to filter on the state value in the (historic) case instance queries. In addition, missing query options were added to the REST API.

  • Fixed issue with translations not appearing in data table column picker.

  • Fixed issue where the flowable.frontend.features.useNavigatorLanguage property was not taken into account for determining the language in Flowable Work.

  • Fixed issue in Flowable Inspect where exceptions occurring in a sub process instance were not captured and available in the Inspect UI.

  • Fixed issue in Flowable Design with the revert of a BPMN model to a previous version from the diff view was not working.

  • Fixed issue in Flowable Design with the import of translations not working when a DMN model is included in the app.

  • Fixed issue in Flowable Design where the mapping name was not set correctly for expression based input parameters.

  • Fixed issue in Flowable Design where an expression with a value of {{.}} was causing an exception.

    Open source dependency version: 6.7.1.17

3.11.6

  • Fixed issue with repeating user event listeners within a stage not getting repeated after the first complete in case the max instance count was set.

  • Fixed issue with duplicate action instances for user event listeners with repetition and reactivation listeners.

  • Fixed issue with republishing a SQS channel definition with a new queue name not overwriting the old SQS channel definition correctly due to a caching issue.

  • Added support for adding and removing repetition in a case instance migration.

  • Fixed issue in case instance migration for completed plan item definitions that are removed in the new case model version.

  • Fixed issue with tenant id not being set during the auto deployment of apps.

  • Fixed issue with process not completed for a signal thrown by a sub process instance and caught within an event sub process.

  • Fixed custom case view component for usage in another application with custom form elements or other custom React logic.

  • Upgraded Axios FE dependency to 0.24.0 because of a reported vulnerability.

  • Fixed issue in Flowable Design with a condition builder expression with or groups that was not exported correctly.

  • Fixed issue in Flowable Design where custom form elements are only exported once.

  • Upgraded Spring Boot version to 2.6.7.

    Open source dependency version: 6.7.1.20

3.11.7

  • Fixed issue with the same case page task being displayed multiple times in the case view with repetition.

  • Fixed issue where an action definition could not be deleted by a super admin user in a multi tenant setup.

  • Fixed issue in the service registry where variables of type java.time.LocalDate or java.time.LocalDateTime were not passed correctly as a date value.

  • Fixed issue with a data table where sorting was combined with a custom page size and not all data was being displayed.

  • Fixed issue with data object data table not supporting infinite scroll in case a payload value is used in the filter and this value is changed in the form.

  • Added a new frontend function to get a data object instance object by lookup id value (flw.getDataObjectInstance(dataObjectDefinitionKey, operationKey, lookupIdName, lookupIdValue))

    Open source dependency version: 6.7.1.20

3.11.8

  • If the disableGoToNextTask property value is set to true the application now navigates again to the previous url (if available), as it did in previous versions of Flowable Work.
  • Added support for flowable.template.aspose.output-pdf-compliance-level (e.g. PDF_17) and flowable.template.aspose.update-dynamic-fields-before-save (e.g. true) properties to enable the option to define the PDF compliance level and to allow to update a table of contents before generating the PDF rendition.
  • Added option in the service registry engine to always use the latest service registry definition on an engine configuration wide level, and setting this property will override the BPMN and CMMN model configuration for service registry tasks.
  • The process and case instance diagram in Flowable Control are now using runtime instead of historic REST endpoints if an active instance is viewed.
  • Fixed issue in Flowable Control where task search properties like assignee and name didn't work with the active instances option.
  • Fixed issue with migrating process instances in Flowable Control when using the Control interceptor.
  • When a websocket connection drops in the browser with Flowable Engage the frontend logic will now try to restore the websocket connection indefinitely.
  • Fixed potential issue with the insert of the pla.variable-extractors-last-deploy property at startup in a cluster of Flowable Work / Engage instances.
  • Fixed issue where a validation issue wasn't shown on the tab level.
  • Fixed issue where a button group context menu was not closed after clicking a button.
  • Fixed issue with the default value being used on an expression button even if the payload value is set.
  • Added a unique check when creating a new user in Flowable Design for the username value.
  • The table counts for the metrics information that can be downloaded with the system info in Flowable Control are now disabled by default, because on some databases these count queries take a lot of time.
  • The housekeeping in Flowable Work is now set to sequential by default, because when running with parallel housekeeping this can overload the database if the environment is not sized accordingly.
  • Reduced log level to debug for version conflict error with Elasticsearch. Flowable has an automatic solution that will make sure the latest data of a case / process / task instance is pushed to Elasticsearch.
  • Added option in Flowable Work to reduce the returned error messages to a minimum level with the flowable.core.security.rest.send-full-error-exception property that can be set to false. This is added for environments where the full error message is not desired for security reasons.
  • Added option in Flowable Design to reduce the returned error messages to a minimum level with the flowable.modeler.app.rest.send-full-error-exception property that can be set to false. This is added for environments where the full error message is not desired for security reasons.

Open source dependency version: 6.7.1.23

3.11.9

  • Fixed issue with indexing of historic variables to Elasticsearch when using an instance or task history level.
  • Improved housekeeping queries to use end time sorting instead of id sorting to improve query performance.
  • Fixed issue with sending events via the event registry REST API without a channel or when the channel is redeployed.
  • Fixed issue with custom queries not working on Flowable Work instances when a reindex was triggered on another Flowable Work instance.
  • Fixed issue with showing tasks in the custom case view that are not part of the left side menu.
  • Fixed issue with error messages not being shown in Flowable Work for action buttons on a form.
  • Support top and right label alignment in addition to left alignment for checkboxes in a form.
  • Added option to the data object select form component to define sizing and added paging support.
  • Fixed issue where the validation mask did not work with a mask that only has numbers.
  • Fixed issue in Flowable Control with showing event registry deployments.

Open source dependency version: 6.7.1.26

3.11.10

  • Added support to ignore identity links for database backed data objects.
  • Added permission check for entity link endpoints.
  • Added option to include the custom.css and custom.js content inline in the index file (flowable.modeler.app.frontend.inline-css=true and flowable.modeler.app.frontend.inline-js=true) of Flowable Design and to provide a custom application title (flowable.modeler.app.frontend.title).
  • Adjusted WhatsApp adapter to support changes in v2.43 and v2.45.

Open source dependency version: 6.7.1.26

3.11.11

  • Fixed issues with error message handling in the custom case view.
  • Fixed issue with reindexing data object instance variables that can no longer be retrieved.

Open source dependency version: 6.7.1.26

3.11.12

  • Fixed issue with executing a native query for historic decision executions in the DMN engine.
  • Added support for multiple event registry start events in a BPMN model.
  • Fixed issue with the save button being enabled on a form when uploading a large required document.
  • Fixed a memory issue with loading a large form model in Flowable Design.

Open source dependency version: 6.7.1.26

3.11.13

  • Fixed issue with radio buttons losing their state when switching between tabs.
  • Fixed issue with the vanilla forms package build that can be used in non-React custom applications.

Open source dependency version: 6.7.1.27

3.11.14

  • The user language can now also be configured and used when using OAuth based authentication.
  • Improved reindexing performance for case instance by changing the query for retrieving the case instances to reindex.
  • Fixed issue with Fontawesome pro dependency in the Flowable Forms React module.
  • Updated dependency versions for Spring Boot, Spring Security and others because of reported vulnerabilities.

Open source dependency version: 6.7.1.27

3.11.15

  • Fixed issue with the number of content item, meta data and rendition queries that are executed with a large amount of attachments and attachment fields in a form model.
  • Fixed issue with a wrong types definition in the package.json file of the React forms engine package.

Open source dependency version: 6.7.1.27

3.11.16

  • Fixed memory issue with thumbnail rendering of content items where memory could build up over time.

Open source dependency version: 6.7.1.27

3.11.17

  • Fixed issue with the conversation header that was changed incorrectly when the conversation list is filtered by search text and a new message comes in.
  • Fixed issue with a duplicate entry in the DMN engine Liquibase changelog. Open source dependency version: 6.7.1.27